Difference between revisions of "Dogtag Future Directions"

From Dogtag
Jump to: navigation, search
Line 82: Line 82:
 
| "/pki/request"
 
| "/pki/request"
 
| "Modify a request - including state"
 
| "Modify a request - including state"
| "caProfileProcess, caProcessCertReq, caProcessReq",,,
+
| "caProfileProcess, caProcessCertReq, caProcessReq"
 
|-
 
|-
 
|
 
|
Line 94: Line 94:
 
| "/pki/profiles"
 
| "/pki/profiles"
 
| "Get list of profiles"
 
| "Get list of profiles"
| "caProfileList-agent, caProfileList",,,
+
| "caProfileList-agent, caProfileList"
 
|-
 
|-
 
|
 
|
Line 100: Line 100:
 
| "/pki/profile"
 
| "/pki/profile"
 
| "Get profile details"
 
| "Get profile details"
| "caProfileReview, caProfileSelect-agent, caProfileSelect, caSCEP, caRASCEP",,,
+
| "caProfileReview, caProfileSelect-agent, caProfileSelect, caSCEP, caRASCEP"
 
|-
 
|-
 
|
 
|
Line 130: Line 130:
 
| "/pki/crl/details"
 
| "/pki/crl/details"
 
| "Get CRL details"
 
| "Get CRL details"
| "camasterCADisplayCRL",,"ocspReadAddCRLPage",
+
| "camasterCADisplayCRL"
 +
| "ocspReadAddCRLPage"
 
|-
 
|-
 
|
 
|
Line 141: Line 142:
 
| "PUT"
 
| "PUT"
 
| "/pki/crl"
 
| "/pki/crl"
| "Add a CRL",,,"ocspAddCRL",
+
| "Add a CRL",
 +
|
 +
|
 +
| "ocspAddCRL",
 
|-
 
|-
 
|
 
|
Line 147: Line 151:
 
| "/pki/crl"
 
| "/pki/crl"
 
| "Modify a CRL"
 
| "Modify a CRL"
| "camasterCAUpdateCRL",,,
+
| "camasterCAUpdateCRL"
 
|-
 
|-
 
|  
 
|  
 
| "DEL"
 
| "DEL"
 
| "/pki/crl"
 
| "/pki/crl"
| "Delete a CRL",,,,
+
| "Delete a CRL"
 
|-
 
|-
 
|
 
|
Line 159: Line 163:
 
| "/pki/ocsp/cas"
 
| "/pki/ocsp/cas"
 
| "Get list of CAs"
 
| "Get list of CAs"
| " ",,"ocspListCAs",
+
| " "
 +
| "ocspListCAs",
 
|-
 
|-
 
|  
 
|  
Line 165: Line 170:
 
| "/pki/ocsp/ca"
 
| "/pki/ocsp/ca"
 
| "Get CA details"
 
| "Get CA details"
| " ",,"ocspReadAddCAPage",
+
| " "
 +
| "ocspReadAddCAPage",
 
|-
 
|-
 
|  
 
|  
 
| "PUT"
 
| "PUT"
 
| "/pki/ocsp/ca"
 
| "/pki/ocsp/ca"
| "Add a CA",,,"ocspAddCA",
+
| "Add a CA"
 +
|
 +
|
 +
| "ocspAddCA",
 
|-
 
|-
 
|  
 
|  
Line 176: Line 185:
 
| "/pki/ocsp/ca"
 
| "/pki/ocsp/ca"
 
| "Modify a CA"
 
| "Modify a CA"
| " ",,"None",
+
| " "
 +
|
 +
| "None"
 
|-
 
|-
 
|  
 
|  
Line 184: Line 195:
 
|
 
|
 
|
 
|
| "ocspRemoveCA",
+
| "ocspRemoveCA"
 
|-
 
|-
 
| "keys"
 
| "keys"
Line 206: Line 217:
 
| "PUT"
 
| "PUT"
 
| "/pki/key"
 
| "/pki/key"
| "Add a key",,,,
+
| "Add a key"
 
|-
 
|-
 
|  
 
|  
 
| "POST"
 
| "POST"
 
| "/pki/key"
 
| "/pki/key"
| "Modify a key",,,,
+
| "Modify a key"
 
|-
 
|-
 
|  
 
|  
 
| "DEL"
 
| "DEL"
 
| "/pki/key"
 
| "/pki/key"
| "Delete a key",,"None",,
+
| "Delete a key",
 +
|
 +
| "None"
 
|-
 
|-
 
| "key requests (archival, recovery)"
 
| "key requests (archival, recovery)"
 
| "GET"
 
| "GET"
 
| "/pki/keyrequests"
 
| "/pki/keyrequests"
| "Get list of key requests",,"kraListRequests, krakraqueryReq",,
+
| "Get list of key requests"
 +
|
 +
| "kraListRequests, krakraqueryReq"
 
|-
 
|-
 
|  
 
|  
 
| "GET"
 
| "GET"
 
| "/pki/keyrequest"
 
| "/pki/keyrequest"
| "Get key request details",,"kraKRAGetApprovalStatus, kraKRAExamineRecovery, ",,
+
| "Get key request details"
 +
|
 +
| "kraKRAGetApprovalStatus, kraKRAExamineRecovery, "
 
|-
 
|-
 
|  
 
|  
 
| "PUT"
 
| "PUT"
 
| "/pki/keyrequest"
 
| "/pki/keyrequest"
| "Add a key request",,"kraKRARecoverBySerial,  ",,
+
| "Add a key request"
 +
|
 +
| "kraKRARecoverBySerial,  "
 
|-
 
|-
 
|  
 
|  
 
| "POST"
 
| "POST"
 
| "/pki/keyrequest"
 
| "/pki/keyrequest"
| "Modify a key request",,"kraKRAGrantRecovery, kraKRAGrantAsyncRecovery, kraKRAProcessReq, kraGrantRecovery, ",,
+
| "Modify a key request"
 +
|
 +
| "kraKRAGrantRecovery, kraKRAGrantAsyncRecovery, kraKRAProcessReq, kraGrantRecovery, "
 
|-
 
|-
 
|  
 
|  
 
| "DEL"
 
| "DEL"
 
| "/pki/keyrequest"
 
| "/pki/keyrequest"
| "Delete a key request",,"None",,
+
| "Delete a key request"
 +
|
 +
| "None"
 +
|
 
|-
 
|-
 
|-
 
|-
Line 293: Line 317:
 
| "/pki/X/status"
 
| "/pki/X/status"
 
| "Get subsystem status"
 
| "Get subsystem status"
| "caGetStatus",,,
+
| "caGetStatus"
 
|-
 
|-
 
|  
 
|  
Line 299: Line 323:
 
| "/pki/X/stats"
 
| "/pki/X/stats"
 
| "Get subsystem stats"
 
| "Get subsystem stats"
| "caStats",,,
+
| "caStats"
 
|-
 
|-
 
|  
 
|  
Line 305: Line 329:
 
| "/pki/X/monitor"
 
| "/pki/X/monitor"
 
| "Get subsystem monitor stats"
 
| "Get subsystem monitor stats"
| "caMonitor",,,
+
| "caMonitor"
 
|-
 
|-
 
|  
 
|  
Line 419: Line 443:
 
| "/pki/config/ca/systems"
 
| "/pki/config/ca/systems"
 
| "Get list of systems from security domain"
 
| "Get list of systems from security domain"
| "caGetDomainXML",,,
+
| "caGetDomainXML"
 
|-
 
|-
 
|  
 
|  
Line 425: Line 449:
 
| "/pki/config/ca/system"
 
| "/pki/config/ca/system"
 
| "Get system details from sec domain"
 
| "Get system details from sec domain"
| "None as yet",,,
+
| "None as yet"
 
|-
 
|-
 
|  
 
|  
Line 431: Line 455:
 
| "/pki/config/ca/system"
 
| "/pki/config/ca/system"
 
| "Add a system to security domain"
 
| "Add a system to security domain"
| "caUpdateDomainXML",,,
+
| "caUpdateDomainXML"
 
|-
 
|-
 
|  
 
|  
Line 437: Line 461:
 
| "/pki/config/ca/system"
 
| "/pki/config/ca/system"
 
| "Modify a system entry in sec domain"
 
| "Modify a system entry in sec domain"
| "caUpdateDomainXML",,,
+
| "caUpdateDomainXML"
 
|-
 
|-
 
|  
 
|  
Line 443: Line 467:
 
| "/pki/config/ca/system"
 
| "/pki/config/ca/system"
 
| "Delete an system from security domain"
 
| "Delete an system from security domain"
| "caUpdateDomainXML",,,
+
| "caUpdateDomainXML"
 
|-
 
|-
 
|  
 
|  
Line 449: Line 473:
 
| "/pki/config/ca/publishers"
 
| "/pki/config/ca/publishers"
 
| "Get list of publishers"
 
| "Get list of publishers"
| "capublisher",,,
+
| "capublisher"
 
|-
 
|-
 
|  
 
|  
Line 455: Line 479:
 
| "/pki/config/ca/publisher"
 
| "/pki/config/ca/publisher"
 
| "Get publisher details"
 
| "Get publisher details"
| "capublisher",,,
+
| "capublisher"
 
|-
 
|-
 
|  
 
|  
Line 461: Line 485:
 
| "/pki/config/ca/publisher"
 
| "/pki/config/ca/publisher"
 
| "Add an publisher"
 
| "Add an publisher"
| "capublisher",,,
+
| "capublisher"
 
|-
 
|-
 
|  
 
|  
Line 467: Line 491:
 
| "/pki/config/ca/publisher"
 
| "/pki/config/ca/publisher"
 
| "Modify an publisher"
 
| "Modify an publisher"
| "capublisher",,,
+
| "capublisher"
 
|-
 
|-
 
|  
 
|  
Line 473: Line 497:
 
| "/pki/config/ca/publisher"
 
| "/pki/config/ca/publisher"
 
| "Delete a publisher"
 
| "Delete a publisher"
| "capublisher",,,
+
| "capublisher"
|,,,," ",,,
 
 
|-
 
|-
 
|  
 
|  
Line 580: Line 603:
 
| "Get system_cert "
 
| "Get system_cert "
 
| "caGetSubsystemCert"
 
| "caGetSubsystemCert"
| "kraGetTransportCert",,
+
| "kraGetTransportCert"
 
|-
 
|-
 
|  
 
|  
Line 617: Line 640:
 
| "ocspserver"
 
| "ocspserver"
 
| "tksserver"
 
| "tksserver"
|," "
 
| " "
 
| " ",,,,
 
 
|-
 
|-
 
|  
 
|  
Line 626: Line 646:
 
| "Get serial number range"
 
| "Get serial number range"
 
| "None as yet"
 
| "None as yet"
| "None as yet",,
+
| "None as yet"
 
|-
 
|-
 
|  
 
|  
Line 633: Line 653:
 
| "Modify serial number range"
 
| "Modify serial number range"
 
| "caUpdateNumberRange"
 
| "caUpdateNumberRange"
| "kraUpdateNumberRange",,
+
| "kraUpdateNumberRange"
 
|-
 
|-
 
|-
 
|-
Line 639: Line 659:
 
| "GET"
 
| "GET"
 
| "/pki/config/X/connector"
 
| "/pki/config/X/connector"
| "Get connector config",,"kraConnector",,
+
| "Get connector config",,"kraConnector"
 
|-
 
|-
 
|  
 
|  
Line 645: Line 665:
 
| "/pki/config/X/connector"
 
| "/pki/config/X/connector"
 
| "Modify connector config"
 
| "Modify connector config"
| "caUpdateConnector",,,
+
| "caUpdateConnector"
 
|-
 
|-
 
|  
 
|  
Line 651: Line 671:
 
| "/pki/config/X/ocsp"
 
| "/pki/config/X/ocsp"
 
| "Get ocsp config "
 
| "Get ocsp config "
| "caGetOCSPInfo",,"ocspGetOCSPInfo",
+
| "caGetOCSPInfo",,"ocspGetOCSPInfo"
 
|-
 
|-
 
|  
 
|  
Line 657: Line 677:
 
| "/pki/config/X/ocsp"
 
| "/pki/config/X/ocsp"
 
| "Modify ocsp config"
 
| "Modify ocsp config"
| "caUpdateOCSPConfig",,,
+
| "caUpdateOCSPConfig"
 
|-
 
|-
 
|  
 
|  

Revision as of 00:04, 18 October 2011

Interfaces

  • Here is a proposed new RESTful design for a programmatic interface to dogtag
"Objects" "Operation" "REST Path" "Description" "Mapped Servlets (CA)" "Mapped Servlets (KRA)" "Mapped Servlets(OCSP)" "Mapped Servlets (TKS)"
"Top Level" "GET" "/pki" "top level" "services, caindex" "kraindex, services" "service, ocspindex" "services"
"Certificates" "GET" "/pki/certificates" "Get list of certificates" "caSrchCerts-agent, caListCerts-agent,caSrchCert, caSrchRevokeCert, caSrchCerts, caListCerts" "/pki/certifcate/X/details" "Get certifcate details" "caDisplayCertFromRequest-agent, caDisplayBySerial-agent, caDisplayCertFromRequest, caDisplayBySerial"
"GET" "/pki/certificate/ocsp" "Get OCSP response" "caOCSP",,"ocspCheckCert, ocspReadCheckCertPage"
"GET" "/pki/certificate" "Get certifcate" "caGetAdminCertBySerial, caGetCertChain, caGetCertChainAdmin, caGetCertFromRequest-agent,caGetBySerial-agent, caQueryBySerial, caGetBySerial, caGetAdminBySerial, caGetCAChain, caGetCertFromRequest",,,
"PUT" "/pki/certificate" "Add a certificate" "None",,,
,"POST" "/pki/certificate" "Modify a certificate - modify status" "caDoUnrevoke, caDoRevoke-agent, caDoRevoke1, caDoRevoke1, caCMCRevReq, caDoUnrevoke1, caRevocation, caDoRevoke, caProxyDoRevoke",,,
"DEL" "/pki/certificate" "Delete a certificate" "None",,,
"Cert Requests" "GET" "/pki/requests" "Get list of requests" "caListRequests, caSearchReqs",,,
"GET" "/pki/request" "Get request details" "caqueryReq, caCheckRequest",,,
"PUT" "/pki/request" "Add a request" "caProfileSubmit, caenrollment,cacertbasedenrollment, caProfileSubmitCMCSimple, profileSubmitCMCFull, caProfileSubmitSSLClient, caProxyProfileSubmit, cabulkissuance, caProxyBulkIssuance, caRenewal, caSCEP, caRASCEP",,,
"POST" "/pki/request" "Modify a request - including state" "caProfileProcess, caProcessCertReq, caProcessReq"
"DEL" "/pki/request" "Delete a request" "None",,,
"Cert profiles" "GET" "/pki/profiles" "Get list of profiles" "caProfileList-agent, caProfileList"
"GET" "/pki/profile" "Get profile details" "caProfileReview, caProfileSelect-agent, caProfileSelect, caSCEP, caRASCEP"
"PUT" "/pki/profile" "Add a profile" "caprofile",,,
"POST" "/pki/profile" "Modify a profile" "caprofile, caProfileApprove",,,
"DEL" "/pki/profile" "Delete a profile" "caprofile",,,
"Cert CRLs" "GET" "/pki/crls" "Get list of CRLs" "None",,,
"GET" "/pki/crl/details" "Get CRL details" "camasterCADisplayCRL" "ocspReadAddCRLPage"
"GET" "/pki/crl" "Get CRL" "caGetCRL",,,
"PUT" "/pki/crl" "Add a CRL", "ocspAddCRL",
"POST" "/pki/crl" "Modify a CRL" "camasterCAUpdateCRL"
"DEL" "/pki/crl" "Delete a CRL"
"CAs (for OCSP)" "GET" "/pki/ocsp/cas" "Get list of CAs" " " "ocspListCAs",
"GET" "/pki/ocsp/ca" "Get CA details" " " "ocspReadAddCAPage",
"PUT" "/pki/ocsp/ca" "Add a CA" "ocspAddCA",
"POST" "/pki/ocsp/ca" "Modify a CA" " " "None"
"DEL" "/pki/ocsp/ca" "Delete a CA" "ocspRemoveCA"
"keys" "GET" "/pki/keys" "Get list of keys" "kraSrchKey, kraKRASrchKey, kraKRASrchKeyForRecovery, kraSrchRecoverKey"
"GET" "/pki/key" "Get key",,"kraKRAGetPk12, kraKRAGetAsyncPk12"
"GET" "/pki/key" "Get key details" "kraKRADisplayBySerialForRecovery, kraKRADisplayBySerial",,
"PUT" "/pki/key" "Add a key"
"POST" "/pki/key" "Modify a key"
"DEL" "/pki/key" "Delete a key", "None"
"key requests (archival, recovery)" "GET" "/pki/keyrequests" "Get list of key requests" "kraListRequests, krakraqueryReq"
"GET" "/pki/keyrequest" "Get key request details" "kraKRAGetApprovalStatus, kraKRAExamineRecovery, "
"PUT" "/pki/keyrequest" "Add a key request" "kraKRARecoverBySerial, "
"POST" "/pki/keyrequest" "Modify a key request" "kraKRAGrantRecovery, kraKRAGrantAsyncRecovery, kraKRAProcessReq, kraGrantRecovery, "
"DEL" "/pki/keyrequest" "Delete a key request" "None"
"users" "GET" "/pki/users" "Get list of users" "caug" "kraug" "ocspug" "tksug"
"GET" "/pki/user" "Get user details" "caug" "kraug" "ocspug" "tksug"
"PUT" "/pki/user" "Add a user" "caug, caRegisterUser, caRegisterRaUser, caAdminEnroll" "kraRegisterUser, kraug" "ocspug" "tksug, tksRegisterUser"
"POST" "/pki/user" "Modify a user" "caug" "kraug" "ocspug" "tksug"
"DEL" "/pki/user" "Delete a user" "caug" "kraug" "ocspug" "tksug"
"System" "GET" "/pki/X/status" "Get subsystem status" "caGetStatus"
"GET" "/pki/X/stats" "Get subsystem stats" "caStats"
"GET" "/pki/X/monitor" "Get subsystem monitor stats" "caMonitor"
"GET" "/pki/X/logs" "Get list of logs for subsystem" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/X/log" "Get log contents" "calog" "kralog" "ocsplog" "tkslog"
"Config" "GET" "/pki/config/X/acls" "Get list of acls" "caacl" "kraacl" "ocspacl" "tksacl"
"GET" "/pki/config/X/acl" "Get acl details" "caacl" "kraacl" "ocspacl" "tksacl"
"PUT" "/pki/config/X/acl" "Add an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"POST" "/pki/config/X/acl" "Modify an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"DEL" "/pki/config/X/acl" "Delete an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"GET" "/pki/config/X/logs" "Get list of logs" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/config/X/log" "Get log details" "calog" "kralog" "ocsplog" "tkslog"
"PUT" "/pki/config/X/log" "Add an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"POST" "/pki/config/X/log" "Modify an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"DEL" "/pki/config/X/log" "Delete an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/config/ca/systems" "Get list of systems from security domain" "caGetDomainXML"
"GET" "/pki/config/ca/system" "Get system details from sec domain" "None as yet"
"PUT" "/pki/config/ca/system" "Add a system to security domain" "caUpdateDomainXML"
"POST" "/pki/config/ca/system" "Modify a system entry in sec domain" "caUpdateDomainXML"
"DEL" "/pki/config/ca/system" "Delete an system from security domain" "caUpdateDomainXML"
"GET" "/pki/config/ca/publishers" "Get list of publishers" "capublisher"
"GET" "/pki/config/ca/publisher" "Get publisher details" "capublisher"
"PUT" "/pki/config/ca/publisher" "Add an publisher" "capublisher"
"POST" "/pki/config/ca/publisher" "Modify an publisher" "capublisher"
"DEL" "/pki/config/ca/publisher" "Delete a publisher" "capublisher"
"GET" "/pki/config/X/jobs" "Get list of jobs" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"GET" "/pki/config/X/job" "Get job details" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"PUT" "/pki/config/X/job" "Add an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"POST" "/pki/config/X/job" "Modify an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"DEL" "/pki/config/X/job" "Delete an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"GET" "/pki/config/X/auths" "Get list of authentication plugins" "caauths" "kraauths" "ocspauths" "tksauths"
"GET" "/pki/config/X/auth" "Get authentication plugin details" "caauths" "kraauths" "ocspauths" "tksauths"
"PUT" "/pki/config/X/auth" "Add an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"POST" "/pki/config/X/auth" "Modify an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"DEL" "/pki/config/X/auth" "Delete an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"GET" "/pki/config/X/certs" "Get list of system_certs" "caserver" "kraserver" "ocspserver" "tksserver"
"GET" "/pki/config/X/cert" "Get system_cert " "caGetSubsystemCert" "kraGetTransportCert"
"GET" "/pki/config/X/cert/Y/details" "Get system_cert details" "caserver" "kraKRADisplayTransport, kraserver" "ocspserver" "tksserver"
"PUT" "/pki/config/X/cert" "Add an system_cert" "caserver" "kraserver" "ocspserver" "tksserver, tksImportTransportCert"
"POST" "/pki/config/X/cert" "Modify an system_cert" "caserver" "kraserver" "ocspserver" "tksserver"
"DEL" "/pki/config/X/cert" "Delete an system_cert" "caserver" "kraserver" "ocspserver" "tksserver"
"GET" "/pki/config/X/serialnos" "Get serial number range" "None as yet" "None as yet"
"POST" "/pki/config/X/serialnos" "Modify serial number range" "caUpdateNumberRange" "kraUpdateNumberRange"
"GET" "/pki/config/X/connector" "Get connector config",,"kraConnector"
"POST" "/pki/config/X/connector" "Modify connector config" "caUpdateConnector"
"GET" "/pki/config/X/ocsp" "Get ocsp config " "caGetOCSPInfo",,"ocspGetOCSPInfo"
"POST" "/pki/config/X/ocsp" "Modify ocsp config" "caUpdateOCSPConfig"
"GET" "/pki/config/X/cloning" "Get cloning config" "caGetConfigEntries" "kraGetConfigEntries" "ocspGetConfigEntries" "tksGetConfigEntries"
"GET" "/pki/config/X/tokeninfo" "Get token info (for cloning)" "caGetTokenInfo" "kraGetTokenInfo" "ocspGetTokenInfo" "tksGetTokenInfo"

Notes: 1. There is still misc admin that has not yet been characterized. This is in in caca, caregistry, krakra, ocspocsp, tkstkservlets -which map to the admin servlet. 2. Wizard and installation servlets are not covered (for the most part). 3. I have not included token/ token key operations (which is why the main TKS operations are not there yet) 4. We need to figure out how to handle client-auth vs. non-clientauth - which maps to ee/agent/admin. Currently we do this by filtering urls. 5. This is just a first cut - and hopefully a useful starting point for discussions