You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: docs/transactions.md
+7-5
Original file line number
Diff line number
Diff line change
@@ -1007,7 +1007,7 @@ Publishes a PKI Revocation distribution endpoint (such as RFC5280 Certificate Re
1007
1007
1008
1008
If `crlSignerCertificate` is a PAA (root certificate), then it must be present on DCL.
1009
1009
1010
-
If `crlSignerCertificate` is a PAI (intermediate certificate), then it must be chained back to a valid PAA (root certificate) present on DCL.
1010
+
If `crlSignerCertificate` is a PAI (intermediate certificate) or delegated by PAA, then it must be chained back to a valid PAA (root certificate) present on DCL.
1011
1011
In this case `crlSignerCertificate` is not required to be present on DCL, and will not be added to DCL as a result of this transaction.
1012
1012
If PAI needs to be added to DCL, it should be done via [ADD_PAI](#add_pai) transaction.
1013
1013
@@ -1024,7 +1024,8 @@ and DACs (leaf certificates) added to DCL if they are revoked in the CRL identif
1024
1024
- pid: `optional(uint16)` - Product ID (positive non-zero). Must be empty if `IsPAA` is true. Must be equal to a `pid` field in `CRLSignerCertificate`.
1025
1025
- isPAA: `bool` - True if the revocation information distribution point relates to a PAA
1026
1026
- label: `string` - A label to disambiguate multiple revocation information partitions of a particular issuer.
1027
-
- crlSignerCertificate: `string` - The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data.
1027
+
- crlSignerCertificate: `string` - The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data. Please note that if crlSignerCertificate is a delegated certificate by a PAI, the delegator certificate must be provided using the `crlSignerDelegator` field.
1028
+
- crlSignerDelegator: `optional(string)` - If crlSignerCertificate is a delegated certificate by a PAI, then crlSignerDelegator must contain the delegator PAI certificate which must be chained back to an approved certificate in the ledger, encoded in X.509v3 PEM format. Otherwise this field can be omitted. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data.
1028
1029
- issuerSubjectKeyID: `string` - Uniquely identifies the PAA or PAI for which this revocation distribution point is provided. Must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters., e.g: `5A880E6C3653D07FB08971A3F473790930E62BDB`.
1029
1030
- dataUrl: `string` - The URL where to obtain the information in the format indicated by the RevocationType field. Must start with either `http` or `https`. Must be unique for all pairs of VendorID and IssuerSubjectKeyID.
1030
1031
- dataFileSize: `optional(uint64)` - Total size in bytes of the file found at the DataUrl. Must be omitted if RevocationType is 1.
@@ -1037,7 +1038,7 @@ and DACs (leaf certificates) added to DCL if they are revoked in the CRL identif
1037
1038
-`pki/RevocationDistributionPoint/value/<IssuerSubjectKeyID>/<vid>/<label>`-> Revocation Distribution Point
@@ -1053,7 +1054,8 @@ Updates an existing PKI Revocation distribution endpoint (such as RFC5280 Certif
1053
1054
- vid: `uint16` - Vendor ID (positive non-zero). Must be the same as Vendor account's VID and `vid` field in the VID-scoped `CRLSignerCertificate`. Must be the same as a `vid` associated with non-VID scoped `CRLSignerCertificate` on the ledger.
1054
1055
- label: `string` - A label to disambiguate multiple revocation information partitions of a particular issuer.
1055
1056
- issuerSubjectKeyID: `string` - Uniquely identifies the PAA or PAI for which this revocation distribution point is provided. Must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters., e.g: `5A880E6C3653D07FB08971A3F473790930E62BDB`.
1056
-
- crlSignerCertificate: `optional(string)` - The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data.
1057
+
- crlSignerCertificate: `optional(string)` - The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data. Please note that if crlSignerCertificate is a delegated certificate by a PAI, the delegator certificate must be provided using the `crlSignerDelegator` field.
1058
+
- crlSignerDelegator: `optional(string)` - If crlSignerCertificate is a delegated certificate by a PAI, then crlSignerDelegator must contain the delegator PAI certificate which must be chained back to an approved certificate in the ledger, encoded in X.509v3 PEM format. Otherwise this field can be omitted. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data.
1057
1059
- dataUrl: `optional(string)` - The URL where to obtain the information in the format indicated by the RevocationType field. Must start with either `http` or `https`. Must be unique for all pairs of VendorID and IssuerSubjectKeyID.
1058
1060
- dataFileSize: `optional(uint64)` - Total size in bytes of the file found at the DataUrl. Must be omitted if RevocationType is 1.
1059
1061
- dataDigest: `optional(string)` - Digest of the entire contents of the associated file downloaded from the DataUrl. Must be omitted if RevocationType is 1. Must be provided if and only if the `DataFileSize` field is present.
@@ -1064,7 +1066,7 @@ Updates an existing PKI Revocation distribution endpoint (such as RFC5280 Certif
1064
1066
-`pki/RevocationDistributionPoint/value/<IssuerSubjectKeyID>/<vid>/<label>` -> Revocation Distribution Point
0 commit comments