Difference between revisions of "Dogtag Future Directions"

From Dogtag
Jump to: navigation, search
Line 21: Line 21:
 
| "services"
 
| "services"
 
|-
 
|-
|
 
 
| "Certificates"
 
| "Certificates"
 
| "GET"
 
| "GET"
Line 27: Line 26:
 
| "Get list of certificates"
 
| "Get list of certificates"
 
| "caSrchCerts-agent, caListCerts-agent,caSrchCert, caSrchRevokeCert, caSrchCerts, caListCerts"
 
| "caSrchCerts-agent, caListCerts-agent,caSrchCert, caSrchRevokeCert, caSrchCerts, caListCerts"
|-
 
 
| "/pki/certifcate/X/details"
 
| "/pki/certifcate/X/details"
 
| "Get certifcate details"
 
| "Get certifcate details"
Line 37: Line 35:
 
| "Get OCSP response"
 
| "Get OCSP response"
 
| "caOCSP",,"ocspCheckCert, ocspReadCheckCertPage"
 
| "caOCSP",,"ocspCheckCert, ocspReadCheckCertPage"
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
Line 150: Line 148:
 
| "Modify a CRL"
 
| "Modify a CRL"
 
| "camasterCAUpdateCRL",,,
 
| "camasterCAUpdateCRL",,,
| -
+
|-
 
|  
 
|  
 
| "DEL"
 
| "DEL"
Line 162: Line 160:
 
| "Get list of CAs"
 
| "Get list of CAs"
 
| " ",,"ocspListCAs",
 
| " ",,"ocspListCAs",
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
Line 168: Line 166:
 
| "Get CA details"
 
| "Get CA details"
 
| " ",,"ocspReadAddCAPage",
 
| " ",,"ocspReadAddCAPage",
| -
+
|-
 
|  
 
|  
 
| "PUT"
 
| "PUT"
 
| "/pki/ocsp/ca"
 
| "/pki/ocsp/ca"
 
| "Add a CA",,,"ocspAddCA",
 
| "Add a CA",,,"ocspAddCA",
| -
+
|-
 
|  
 
|  
 
| "POST"
 
| "POST"
Line 179: Line 177:
 
| "Modify a CA"
 
| "Modify a CA"
 
| " ",,"None",
 
| " ",,"None",
| -
+
|-
 
|  
 
|  
 
| "DEL"
 
| "DEL"
 
| "/pki/ocsp/ca"
 
| "/pki/ocsp/ca"
| "Delete a CA",,,"ocspRemoveCA",
+
| "Delete a CA"
 +
|
 +
|
 +
| "ocspRemoveCA",
 
|-
 
|-
 
| "keys"
 
| "keys"
 
| "GET"
 
| "GET"
 
| "/pki/keys"
 
| "/pki/keys"
| "Get list of keys",,"kraSrchKey, kraKRASrchKey, kraKRASrchKeyForRecovery, kraSrchRecoverKey",,
+
| "Get list of keys"
| -
+
| "kraSrchKey, kraKRASrchKey, kraKRASrchKeyForRecovery, kraSrchRecoverKey"
 +
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
 
| "/pki/key"
 
| "/pki/key"
| "Get key",,"kraKRAGetPk12, kraKRAGetAsyncPk12",,
+
| "Get key",,"kraKRAGetPk12, kraKRAGetAsyncPk12"
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
 
| "/pki/key"
 
| "/pki/key"
| "Get key details",,"kraKRADisplayBySerialForRecovery, kraKRADisplayBySerial",,
+
| "Get key details"
| -
+
| "kraKRADisplayBySerialForRecovery, kraKRADisplayBySerial",,
 +
|-
 
|  
 
|  
 
| "PUT"
 
| "PUT"
 
| "/pki/key"
 
| "/pki/key"
 
| "Add a key",,,,
 
| "Add a key",,,,
| -
+
|-
 
|  
 
|  
 
| "POST"
 
| "POST"
 
| "/pki/key"
 
| "/pki/key"
 
| "Modify a key",,,,
 
| "Modify a key",,,,
| -
+
|-
 
|  
 
|  
 
| "DEL"
 
| "DEL"
Line 219: Line 222:
 
| "/pki/keyrequests"
 
| "/pki/keyrequests"
 
| "Get list of key requests",,"kraListRequests, krakraqueryReq",,
 
| "Get list of key requests",,"kraListRequests, krakraqueryReq",,
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
 
| "/pki/keyrequest"
 
| "/pki/keyrequest"
 
| "Get key request details",,"kraKRAGetApprovalStatus, kraKRAExamineRecovery, ",,
 
| "Get key request details",,"kraKRAGetApprovalStatus, kraKRAExamineRecovery, ",,
| -
+
|-
 
|  
 
|  
 
| "PUT"
 
| "PUT"
 
| "/pki/keyrequest"
 
| "/pki/keyrequest"
 
| "Add a key request",,"kraKRARecoverBySerial,  ",,
 
| "Add a key request",,"kraKRARecoverBySerial,  ",,
| -
+
|-
 
|  
 
|  
 
| "POST"
 
| "POST"
 
| "/pki/keyrequest"
 
| "/pki/keyrequest"
 
| "Modify a key request",,"kraKRAGrantRecovery, kraKRAGrantAsyncRecovery, kraKRAProcessReq, kraGrantRecovery, ",,
 
| "Modify a key request",,"kraKRAGrantRecovery, kraKRAGrantAsyncRecovery, kraKRAProcessReq, kraGrantRecovery, ",,
| -
+
|-
 
|  
 
|  
 
| "DEL"
 
| "DEL"
Line 249: Line 252:
 
| "ocspug"
 
| "ocspug"
 
| "tksug"
 
| "tksug"
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
Line 258: Line 261:
 
| "ocspug"
 
| "ocspug"
 
| "tksug"
 
| "tksug"
| -
+
|-
 
|  
 
|  
 
| "PUT"
 
| "PUT"
Line 267: Line 270:
 
| "ocspug"
 
| "ocspug"
 
| "tksug, tksRegisterUser"
 
| "tksug, tksRegisterUser"
| -
+
|-
 
|  
 
|  
 
| "POST"
 
| "POST"
Line 276: Line 279:
 
| "ocspug"
 
| "ocspug"
 
| "tksug"
 
| "tksug"
| -
+
|-
 
|  
 
|  
 
| "DEL"
 
| "DEL"
Line 291: Line 294:
 
| "Get subsystem status"
 
| "Get subsystem status"
 
| "caGetStatus",,,
 
| "caGetStatus",,,
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
Line 297: Line 300:
 
| "Get subsystem stats"
 
| "Get subsystem stats"
 
| "caStats",,,
 
| "caStats",,,
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
Line 303: Line 306:
 
| "Get subsystem monitor stats"
 
| "Get subsystem monitor stats"
 
| "caMonitor",,,
 
| "caMonitor",,,
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
Line 312: Line 315:
 
| "ocsplog"
 
| "ocsplog"
 
| "tkslog"
 
| "tkslog"
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
Line 322: Line 325:
 
| "tkslog"
 
| "tkslog"
 
|-
 
|-
| "Config"
+
| "Config"  
| -
 
|
 
 
| "GET"
 
| "GET"
 
| "/pki/config/X/acls"
 
| "/pki/config/X/acls"
Line 332: Line 333:
 
| "ocspacl"
 
| "ocspacl"
 
| "tksacl"
 
| "tksacl"
| -
+
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
Line 341: Line 342:
 
| "ocspacl"
 
| "ocspacl"
 
| "tksacl"
 
| "tksacl"
| -
+
|-
 
|  
 
|  
 
| "PUT"
 
| "PUT"
Line 350: Line 351:
 
| "ocspacl"
 
| "ocspacl"
 
| "tksacl"
 
| "tksacl"
| -
+
|-
 
|  
 
|  
 
| "POST"
 
| "POST"
Line 359: Line 360:
 
| "ocspacl"
 
| "ocspacl"
 
| "tksacl"
 
| "tksacl"
| -
+
|-
 
|  
 
|  
 
| "DEL"
 
| "DEL"

Revision as of 21:01, 17 October 2011

Interfaces

  • Here is a proposed new RESTful design for a programmatic interface to dogtag
"Objects" "Operation" "REST Path" "Description" "Mapped Servlets (CA)" "Mapped Servlets (KRA)" "Mapped Servlets(OCSP)" "Mapped Servlets (TKS)"
"Top Level" "GET" "/pki" "top level" "services, caindex" "kraindex, services" "service, ocspindex" "services"
"Certificates" "GET" "/pki/certificates" "Get list of certificates" "caSrchCerts-agent, caListCerts-agent,caSrchCert, caSrchRevokeCert, caSrchCerts, caListCerts" "/pki/certifcate/X/details" "Get certifcate details" "caDisplayCertFromRequest-agent, caDisplayBySerial-agent, caDisplayCertFromRequest, caDisplayBySerial"
"GET" "/pki/certificate/ocsp" "Get OCSP response" "caOCSP",,"ocspCheckCert, ocspReadCheckCertPage"
"GET" "/pki/certificate" "Get certifcate" "caGetAdminCertBySerial, caGetCertChain, caGetCertChainAdmin, caGetCertFromRequest-agent,caGetBySerial-agent, caQueryBySerial, caGetBySerial, caGetAdminBySerial, caGetCAChain, caGetCertFromRequest",,,
"PUT" "/pki/certificate" "Add a certificate" "None",,,
,"POST" "/pki/certificate" "Modify a certificate - modify status" "caDoUnrevoke, caDoRevoke-agent, caDoRevoke1, caDoRevoke1, caCMCRevReq, caDoUnrevoke1, caRevocation, caDoRevoke, caProxyDoRevoke",,,
"DEL" "/pki/certificate" "Delete a certificate" "None",,,
"Cert Requests" "GET" "/pki/requests" "Get list of requests" "caListRequests, caSearchReqs",,,
"GET" "/pki/request" "Get request details" "caqueryReq, caCheckRequest",,,
"PUT" "/pki/request" "Add a request" "caProfileSubmit, caenrollment,cacertbasedenrollment, caProfileSubmitCMCSimple, profileSubmitCMCFull, caProfileSubmitSSLClient, caProxyProfileSubmit, cabulkissuance, caProxyBulkIssuance, caRenewal, caSCEP, caRASCEP",,,
"POST" "/pki/request" "Modify a request - including state" "caProfileProcess, caProcessCertReq, caProcessReq",,,
"DEL" "/pki/request" "Delete a request" "None",,,
"Cert profiles" "GET" "/pki/profiles" "Get list of profiles" "caProfileList-agent, caProfileList",,,
"GET" "/pki/profile" "Get profile details" "caProfileReview, caProfileSelect-agent, caProfileSelect, caSCEP, caRASCEP",,,
"PUT" "/pki/profile" "Add a profile" "caprofile",,,
"POST" "/pki/profile" "Modify a profile" "caprofile, caProfileApprove",,,
"DEL" "/pki/profile" "Delete a profile" "caprofile",,,
"Cert CRLs" "GET" "/pki/crls" "Get list of CRLs" "None",,,
"GET" "/pki/crl/details" "Get CRL details" "camasterCADisplayCRL",,"ocspReadAddCRLPage",
"GET" "/pki/crl" "Get CRL" "caGetCRL",,,
"PUT" "/pki/crl" "Add a CRL",,,"ocspAddCRL",
"POST" "/pki/crl" "Modify a CRL" "camasterCAUpdateCRL",,,
"DEL" "/pki/crl" "Delete a CRL",,,,
"CAs (for OCSP)" "GET" "/pki/ocsp/cas" "Get list of CAs" " ",,"ocspListCAs",
"GET" "/pki/ocsp/ca" "Get CA details" " ",,"ocspReadAddCAPage",
"PUT" "/pki/ocsp/ca" "Add a CA",,,"ocspAddCA",
"POST" "/pki/ocsp/ca" "Modify a CA" " ",,"None",
"DEL" "/pki/ocsp/ca" "Delete a CA" "ocspRemoveCA",
"keys" "GET" "/pki/keys" "Get list of keys" "kraSrchKey, kraKRASrchKey, kraKRASrchKeyForRecovery, kraSrchRecoverKey"
"GET" "/pki/key" "Get key",,"kraKRAGetPk12, kraKRAGetAsyncPk12"
"GET" "/pki/key" "Get key details" "kraKRADisplayBySerialForRecovery, kraKRADisplayBySerial",,
"PUT" "/pki/key" "Add a key",,,,
"POST" "/pki/key" "Modify a key",,,,
"DEL" "/pki/key" "Delete a key",,"None",,
"key requests (archival, recovery)" "GET" "/pki/keyrequests" "Get list of key requests",,"kraListRequests, krakraqueryReq",,
"GET" "/pki/keyrequest" "Get key request details",,"kraKRAGetApprovalStatus, kraKRAExamineRecovery, ",,
"PUT" "/pki/keyrequest" "Add a key request",,"kraKRARecoverBySerial, ",,
"POST" "/pki/keyrequest" "Modify a key request",,"kraKRAGrantRecovery, kraKRAGrantAsyncRecovery, kraKRAProcessReq, kraGrantRecovery, ",,
"DEL" "/pki/keyrequest" "Delete a key request",,"None",,
"users" "GET" "/pki/users" "Get list of users" "caug" "kraug" "ocspug" "tksug"
"GET" "/pki/user" "Get user details" "caug" "kraug" "ocspug" "tksug"
"PUT" "/pki/user" "Add a user" "caug, caRegisterUser, caRegisterRaUser, caAdminEnroll" "kraRegisterUser, kraug" "ocspug" "tksug, tksRegisterUser"
"POST" "/pki/user" "Modify a user" "caug" "kraug" "ocspug" "tksug"
"DEL" "/pki/user" "Delete a user" "caug" "kraug" "ocspug" "tksug"
"System" "GET" "/pki/X/status" "Get subsystem status" "caGetStatus",,,
"GET" "/pki/X/stats" "Get subsystem stats" "caStats",,,
"GET" "/pki/X/monitor" "Get subsystem monitor stats" "caMonitor",,,
"GET" "/pki/X/logs" "Get list of logs for subsystem" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/X/log" "Get log contents" "calog" "kralog" "ocsplog" "tkslog"
"Config" "GET" "/pki/config/X/acls" "Get list of acls" "caacl" "kraacl" "ocspacl" "tksacl"
"GET" "/pki/config/X/acl" "Get acl details" "caacl" "kraacl" "ocspacl" "tksacl"
"PUT" "/pki/config/X/acl" "Add an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"POST" "/pki/config/X/acl" "Modify an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"DEL" "/pki/config/X/acl" "Delete an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"GET" "/pki/config/X/logs" "Get list of logs" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/config/X/log" "Get log details" "calog" "kralog" "ocsplog" "tkslog"
"PUT" "/pki/config/X/log" "Add an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"POST" "/pki/config/X/log" "Modify an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"DEL" "/pki/config/X/log" "Delete an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/config/ca/systems" "Get list of systems from security domain" "caGetDomainXML",,,
"GET" "/pki/config/ca/system" "Get system details from sec domain" "None as yet",,,
"PUT" "/pki/config/ca/system" "Add a system to security domain" "caUpdateDomainXML",,,
"POST" "/pki/config/ca/system" "Modify a system entry in sec domain" "caUpdateDomainXML",,,
"DEL" "/pki/config/ca/system" "Delete an system from security domain" "caUpdateDomainXML",,,
"GET" "/pki/config/ca/publishers" "Get list of publishers" "capublisher",,,
"GET" "/pki/config/ca/publisher" "Get publisher details" "capublisher",,,
"PUT" "/pki/config/ca/publisher" "Add an publisher" "capublisher",,,
"POST" "/pki/config/ca/publisher" "Modify an publisher" "capublisher",,,
"DEL" "/pki/config/ca/publisher" "Delete a publisher" "capublisher",,, ,,,," ",,,
"GET" "/pki/config/X/jobs" "Get list of jobs" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"GET" "/pki/config/X/job" "Get job details" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"PUT" "/pki/config/X/job" "Add an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"POST" "/pki/config/X/job" "Modify an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"DEL" "/pki/config/X/job" "Delete an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"GET" "/pki/config/X/auths" "Get list of authentication plugins" "caauths" "kraauths" "ocspauths" "tksauths"
"GET" "/pki/config/X/auth" "Get authentication plugin details" "caauths" "kraauths" "ocspauths" "tksauths"
"PUT" "/pki/config/X/auth" "Add an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"POST" "/pki/config/X/auth" "Modify an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"DEL" "/pki/config/X/auth" "Delete an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"GET" "/pki/config/X/certs" "Get list of system_certs" "caserver" "kraserver" "ocspserver" "tksserver"
"GET" "/pki/config/X/cert" "Get system_cert " "caGetSubsystemCert" "kraGetTransportCert",,
"GET" "/pki/config/X/cert/Y/details" "Get system_cert details" "caserver" "kraKRADisplayTransport, kraserver" "ocspserver" "tksserver"
"PUT" "/pki/config/X/cert" "Add an system_cert" "caserver" "kraserver" "ocspserver" "tksserver, tksImportTransportCert"
"POST" "/pki/config/X/cert" "Modify an system_cert" "caserver" "kraserver" "ocspserver" "tksserver"
"DEL" "/pki/config/X/cert" "Delete an system_cert" "caserver" "kraserver" "ocspserver" "tksserver" ," " " " " ",,,,
"GET" "/pki/config/X/serialnos" "Get serial number range" "None as yet" "None as yet",,
"POST" "/pki/config/X/serialnos" "Modify serial number range" "caUpdateNumberRange" "kraUpdateNumberRange",,
"GET" "/pki/config/X/connector" "Get connector config",,"kraConnector",,
"POST" "/pki/config/X/connector" "Modify connector config" "caUpdateConnector",,,
"GET" "/pki/config/X/ocsp" "Get ocsp config " "caGetOCSPInfo",,"ocspGetOCSPInfo",
"POST" "/pki/config/X/ocsp" "Modify ocsp config" "caUpdateOCSPConfig",,,
"GET" "/pki/config/X/cloning" "Get cloning config" "caGetConfigEntries" "kraGetConfigEntries" "ocspGetConfigEntries" "tksGetConfigEntries"
"GET" "/pki/config/X/tokeninfo" "Get token info (for cloning)" "caGetTokenInfo" "kraGetTokenInfo" "ocspGetTokenInfo" "tksGetTokenInfo"

Notes: 1. There is still misc admin that has not yet been characterized. This is in in caca, caregistry, krakra, ocspocsp, tkstkservlets -which map to the admin servlet. 2. Wizard and installation servlets are not covered (for the most part). 3. I have not included token/ token key operations (which is why the main TKS operations are not there yet) 4. We need to figure out how to handle client-auth vs. non-clientauth - which maps to ee/agent/admin. Currently we do this by filtering urls. 5. This is just a first cut - and hopefully a useful starting point for discussions