Auth: Revoking cert does not stop user from logging in

[vohmar]

If admin revokes user's PKI cert user can still login with this certificate.
Only deleting the certificate stops user from logging in.

[artur-intech]

Might be connected to / may worth doing together with #887

[vohmar]

you can revoke only registrar portal certs - ones that require csr upload and are signed online. Todo

• up on pressing the revoke button in admin present warning about csr and cert being deleted as a result, so admin could download the csr beforehand if necessary
• revoke cert in CA
• delete cert and csr from db

[teadur]

@vohmar i'm not sure deleting certs from db is good idea in the first place but even if we think it is' it should include logging when something is done with these certs, currently i think nothing related to certs is logged.

[vohmar]

@teadur agreed regarding logging and we already do that to log_certificates table. Do you have any proposal on how to solve the situation better? Un-revoking a cert is not common practice in CA world so once cert is revoked it is unusable forever. To restore access we create and sigh new certificate. Instead of deleting revoked cert we could archive it to another table, but then do we need the actual revoked certs in db considering we have all the certs in CA? What should we improve here?

[ratM1n]

cant upload certrequest:

`Completed 500 Internal Server Error in 108ms (ActiveRecord: 82.9ms)

NoMethodError (undefined method 'split' for nil:NilClass):

app/models/certificate.rb:46:in 'parse_metadata'
app/controllers/admin/certificates_controller.rb:21:in 'create'`