Re: [Pki-devel] [PATCH] 65 Added cert revocation REST service.

Some initial comments: (Many of these have been mentioned on irc already) 1. In revokeCert(), you should throw BadRequestException() or similar rather than EBaseException if the cert being revoked is the CA cert, or if the cert is already revoked. That should show up as a 4XX error. 2. It looks like you do not handle nonces. We need a task to figure out how to do this. 3. There is still a fair amount of logic that is in the legacy servlet and RESTful servlet. I would suggest moving the logic that checks whether or not the cert should be revoked - ie. is already revoked, or ca cert already revoked or belongs to different subject or is a system cert to processor.addCertificateToRevoke() or some similar method. You can use exceptions/ returns to populate rarg appropriately in the legacy servlet. 4. What happens if the request is pending or rejected -- ie. not completed. How would the client know? Should we be returning some kind of revocation status object? Or the revocation request itself? I do like the fact that the RevocationProcessor inherits from Processor. We'll need to square up my ProfileProcessor to do the same thing. Ade On Tue, 2012-06-26 at 19:15 -0500, Endi Sukma Dewata wrote: