Difference between revisions of "Dogtag Future Directions"

From Dogtag
Jump to: navigation, search
(Interfaces)
Line 12: Line 12:
 
! scope="col"| "Mapped Servlets (TKS)"
 
! scope="col"| "Mapped Servlets (TKS)"
 
|-
 
|-
| "Top Level"
 
| "GET"
 
| "/pki"
 
| "top level"
 
| "services, caindex"
 
| "kraindex, services"
 
| "service, ocspindex"
 
| "services"
 
 
|-
 
|-
| "Certificates"
+
| Objects
| "GET"
+
| Operation
| "/pki/certificates"
+
| REST Path
| "Get list of certificates"
+
| Description
| "caSrchCerts-agent, caListCerts-agent,caSrchCert, caSrchRevokeCert, caSrchCerts, caListCerts"
+
| Mapped Servlets (CA)
 +
| Mapped Servlets (KRA)
 +
| Mapped Servlets(OCSP)
 +
| Mapped Servlets (TKS)
 +
| Input
 +
| Output
 
|-
 
|-
 +
| Certificates
 +
| GET
 +
| /pki/certificates
 +
| Get list of certificates
 +
| caSrchCerts-agent; caListCerts-agent;caSrchCert; caSrchRevokeCert; caSrchCerts; caListCerts
 +
|
 +
|
 +
|
 +
|
 
|  
 
|  
| "GET"
 
| "/pki/certifcate/X/details"
 
| "Get certifcate details"
 
| "caDisplayCertFromRequest-agent, caDisplayBySerial-agent, caDisplayCertFromRequest, caDisplayBySerial"
 
 
|-
 
|-
|
+
|  
| "GET"
+
|  
| "/pki/certificate/ocsp"
+
| /pki/certifcate/$id/details
| "Get OCSP response"
+
| Get certifcate details
| "caOCSP"
+
| caDisplayCertFromRequest-agent; caDisplayBySerial-agent; caDisplayCertFromRequest; caDisplayBySerial
| "ocspCheckCert, ocspReadCheckCertPage"
+
|
 +
|
 +
|
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/certificate"
+
| /pki/certificate/ocsp
| "Get certifcate"
+
| Get OCSP response
| "caGetAdminCertBySerial, caGetCertChain, caGetCertChainAdmin, caGetCertFromRequest-agent,caGetBySerial-agent, caQueryBySerial, caGetBySerial, caGetAdminBySerial, caGetCAChain, caGetCertFromRequest",,,
+
| caOCSP
 +
|
 +
| ocspCheckCert; ocspReadCheckCertPage
 +
|
 +
|
 +
|  
 
|-
 
|-
|
+
|  
| "PUT"
+
| GET
| "/pki/certificate"
+
| /pki/certificate
| "Add a certificate"
+
| Get certifcate
| "None",,,
+
| caGetAdminCertBySerial; caGetCertChain; caGetCertChainAdmin; caGetCertFromRequest-agent;caGetBySerial-agent; caQueryBySerial; caGetBySerial; caGetAdminBySerial; caGetCAChain; caGetCertFromRequest
 +
|
 +
|
 +
|
 +
|
 +
|  
 
|-
 
|-
|
+
|  
|,"POST"
+
| POST-a
| "/pki/certificate"
+
| /pki/certificate
| "Modify a certificate - modify status"
+
| Add a certificate
| "caDoUnrevoke, caDoRevoke-agent, caDoRevoke1, caDoRevoke1, caCMCRevReq, caDoUnrevoke1, caRevocation, caDoRevoke, caProxyDoRevoke",,,
+
| None
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
|
+
|  
| "DEL"
+
| DEL
| "/pki/certificate"
+
| /pki/certificate
| "Delete a certificate"
+
| Delete a certificate
| "None",,,
+
| None
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
| "Cert Requests"
+
| Certificate Status
| "GET"
+
| PUT
| "/pki/requests"
+
| /pki/certificate/$id/status
| "Get list of requests"
+
| Modify certificate status - revoke; unrevoke
| "caListRequests, caSearchReqs",,,
+
| caDoUnrevoke; caDoRevoke-agent; caDoRevoke1; caDoRevoke1; caCMCRevReq; caDoUnrevoke1; caRevocation; caDoRevoke; caProxyDoRevoke
 +
|
 +
|
 +
|
 +
| {status; revoked}
 +
|  
 
|-
 
|-
|
+
|  
| "GET"
+
| GET  
| "/pki/request"
+
| /pki/certificate/$id/status
| "Get request details"
+
| Get certificate status
| "caqueryReq, caCheckRequest",,,
+
 +
|
 +
|
 +
|
 +
|
 +
| {status: active}
 
|-
 
|-
|
+
|  
| "PUT"
+
|  
| "/pki/request"
+
|  
| "Add a request"
+
|  
| "caProfileSubmit, caenrollment,cacertbasedenrollment, caProfileSubmitCMCSimple, profileSubmitCMCFull, caProfileSubmitSSLClient, caProxyProfileSubmit, cabulkissuance, caProxyBulkIssuance, caRenewal, caSCEP, caRASCEP",,,
+
|  
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
|
+
| Cert Requests
| "POST"
+
| GET
| "/pki/request"
+
| /pki/requests
| "Modify a request - including state"
+
| Get list of requests
| "caProfileProcess, caProcessCertReq, caProcessReq"
+
| caListRequests; caSearchReqs
 +
|
 +
|
 +
|
 +
| {search/ selection parameters}
 +
| { collection of rids }
 
|-
 
|-
|
+
|  
| "DEL"
+
| GET
| "/pki/request"
+
| /pki/request/$id
| "Delete a request"
+
| Get request details
| "None",,,
+
| caqueryReq; caCheckRequest
 +
|
 +
|
 +
|
 +
|
 +
|  
 
|-
 
|-
| "Cert profiles"
+
|  
| "GET"
+
| POST-a
| "/pki/profiles"
+
| /pki/request
| "Get list of profiles"
+
| Add a request
| "caProfileList-agent, caProfileList"
+
| caProfileSubmit; caenrollment;cacertbasedenrollment; caProfileSubmitCMCSimple; profileSubmitCMCFull; caProfileSubmitSSLClient; caProxyProfileSubmit; cabulkissuance; caProxyBulkIssuance; caRenewal; caSCEP; caRASCEP
 +
|
 +
|
 +
|
 +
|  
 +
| {status; approved; certid: /pki/certificate/id; rid; /pki/request/id}
 
|-
 
|-
|
+
|  
| "GET"
+
| DEL
| "/pki/profile"
+
| /pki/request/$id
| "Get profile details"
+
| Delete a request
| "caProfileReview, caProfileSelect-agent, caProfileSelect, caSCEP, caRASCEP"
+
| None
 +
|
 +
|
 +
|
 +
|  
 +
|  
 
|-
 
|-
|
+
|  
| "PUT"
+
| PUT
| "/pki/profile"
+
| /pki/request/$id
| "Add a profile"
+
| Modify a request - if a request is not approved an agent can modify it before approving.
| "caprofile",,,
+
| caProfileProcess; caProcessCertReq; caProcessReq
 +
|  
 +
|
 +
|
 +
| {all stuff in a request}
 +
| {status; approved; certid: /pki/certificate/id; rid; /pki/request/id}
 
|-
 
|-
|
+
| Cert Request Status
| "POST"
+
| PUT
| "/pki/profile"
+
| /pki/request/$id/status
| "Modify a profile"
+
| Modify request status - approve; deny etc;
| "caprofile, caProfileApprove",,,
+
| caProfileProcess; caProcessCertReq; caProcessReq
 +
|
 +
|
 +
|
 +
| {status: approved}
 +
| {status; approved; certid; /pki/certificate/id}
 
|-
 
|-
|
+
|  
| "DEL"
+
| GET
| "/pki/profile"
+
| /pki/request/$id/status
| "Delete a profile"
+
| Get request status
| "caprofile",,,
+
| caCheckRequest
 +
|
 +
|
 +
|
 +
|  
 +
| {status; approved; certid; /pki/certificate/id}
 
|-
 
|-
| "Cert CRLs"
+
|  
| "GET"
+
|  
| "/pki/crls"
+
|  
| "Get list of CRLs"
+
|  
| "None",,,
+
|  
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
|
+
| Cert profiles
| "GET"
+
| GET
| "/pki/crl/details"
+
| /pki/profiles
| "Get CRL details"
+
| Get list of profiles
| "camasterCADisplayCRL"
+
| caProfileList-agent; caProfileList
| "ocspReadAddCRLPage"
+
|
 +
|
 +
|
 +
|  
 +
|  
 
|-
 
|-
|
+
|  
| "GET"
+
| GET
| "/pki/crl"
+
| /pki/profile/$id
| "Get CRL"
+
| Get profile details
| "caGetCRL",,,
+
| caProfileReview; caProfileSelect-agent; caProfileSelect; caSCEP; caRASCEP
 +
|
 +
|
 +
|
 +
|
 +
|  
 
|-
 
|-
|
+
|  
| "PUT"
+
| PUT
| "/pki/crl"
+
| /pki/profile/$id
| "Add a CRL",
+
| Add or modify profile
|
+
| caprofile; caProfileApprove
|
+
|
| "ocspAddCRL",
+
|
 +
|  
 +
|  
 +
|  
 
|-
 
|-
|
+
|  
| "POST"
+
| DEL
| "/pki/crl"
+
| /pki/profile/$id
| "Modify a CRL"
+
| Delete a profile
| "camasterCAUpdateCRL"
+
| caprofile
 +
|
 +
|
 +
|
 +
|
 +
|  
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
|  
| "/pki/crl"
+
|  
| "Delete a CRL"
+
|  
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
|
+
| Cert CRLs
| "CAs (for OCSP)"
+
| GET
| "GET"
+
| /pki/crls
| "/pki/ocsp/cas"
+
| Get list of CRLs
| "Get list of CAs"
+
| None
| " "
+
|
| "ocspListCAs",
+
|
 +
|
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/ocsp/ca"
+
| /pki/crl/details
| "Get CA details"
+
| Get CRL details
| " "
+
| camasterCADisplayCRL
| "ocspReadAddCAPage",
+
|
 +
| ocspReadAddCRLPage
 +
|
 +
|
 +
|  
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| GET
| "/pki/ocsp/ca"
+
| /pki/crl
| "Add a CA"
+
| Get CRL
 +
| caGetCRL
 +
|
 +
|
 +
|
 +
|  
 
|  
 
|  
|
 
| "ocspAddCA",
 
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| PUT
| "/pki/ocsp/ca"
+
| /pki/crl
| "Modify a CA"
+
| Add a CRL
| " "
+
|
|
+
|
| "None"
+
| ocspAddCRL
 +
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
| POST-b
| "/pki/ocsp/ca"
+
| /pki/crl
| "Delete a CA"
+
| Modify a CRL
|
+
| camasterCAUpdateCRL
|
+
|
| "ocspRemoveCA"
+
|
 +
|  
 +
|  
 +
|  
 
|-
 
|-
| "keys"
+
|  
| "GET"
+
| DEL
| "/pki/keys"
+
| /pki/crl
| "Get list of keys"
+
| Delete a CRL
| "kraSrchKey, kraKRASrchKey, kraKRASrchKeyForRecovery, kraSrchRecoverKey"
+
|
 +
|
 +
|
 +
|
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
|  
| "/pki/key"
+
|  
| "Get key"
+
|  
| "kraKRAGetPk12, kraKRAGetAsyncPk12"
+
|  
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
 +
| CAs (for OCSP)
 +
| GET
 +
| /pki/ocsp/cas
 +
| Get list of CAs
 +
 +
|
 +
| ocspListCAs
 +
|
 +
|
 
|  
 
|  
| "GET"
 
| "/pki/key"
 
| "Get key details"
 
| "kraKRADisplayBySerialForRecovery, kraKRADisplayBySerial",,
 
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| GET
| "/pki/key"
+
| /pki/ocsp/ca/$id
| "Add a key"
+
| Get CA details
 +
 +
|
 +
| ocspReadAddCAPage
 +
|
 +
|
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| PUT
| "/pki/key"
+
| /pki/ocsp/ca/$id
| "Modify a key"
+
| Add or modify a CA
 +
|
 +
|
 +
| ocspAddCA
 +
|
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
| DEL
| "/pki/key"
+
| /pki/ocsp/ca/$id
| "Delete a key",
+
| Delete a CA
|
+
|
| "None"
+
|
 +
| ocspRemoveCA
 +
|
 +
|  
 +
|  
 
|-
 
|-
| "key requests (archival, recovery)"
 
| "GET"
 
| "/pki/keyrequests"
 
| "Get list of key requests"
 
 
|  
 
|  
| "kraListRequests, krakraqueryReq"
+
|  
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
 +
| keys
 +
| GET
 +
| /pki/keys
 +
| Get list of keys
 +
|
 +
| kraSrchKey; kraKRASrchKey; kraKRASrchKeyForRecovery; kraSrchRecoverKey
 +
|
 +
|
 +
|
 
|  
 
|  
| "GET"
 
| "/pki/keyrequest"
 
| "Get key request details"
 
|
 
| "kraKRAGetApprovalStatus, kraKRAExamineRecovery, "
 
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| GET
| "/pki/keyrequest"
+
| /pki/key
| "Add a key request"
+
| Get key
|
+
|  
| "kraKRARecoverBySerial,  "
+
| kraKRAGetPk12; kraKRAGetAsyncPk12
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| GET
| "/pki/keyrequest"
+
| /pki/key/$id/details
| "Modify a key request"
+
| Get key details
 +
|
 +
| kraKRADisplayBySerialForRecovery; kraKRADisplayBySerial
 +
|
 +
|
 +
|
 
|  
 
|  
| "kraKRAGrantRecovery, kraKRAGrantAsyncRecovery, kraKRAProcessReq, kraGrantRecovery, "
 
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
| PUT
| "/pki/keyrequest"
+
| /pki/key
| "Delete a key request"
+
| Add a key
|
+
|  
| "None"
+
|  
|
+
|
 +
|
 +
|
 +
|  
 
|-
 
|-
 +
|
 +
| DEL
 +
| /pki/key
 +
| Delete a key
 +
|
 +
| None
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
| "users"
+
|  
| "GET"
+
|  
| "/pki/users"
+
|  
| "Get list of users"
+
|  
| "caug"
+
|  
| "kraug"
+
|  
| "ocspug"
+
|  
| "tksug"
+
|  
 +
|
 +
|
 
|-
 
|-
 +
| key requests (archival; recovery)
 +
| GET
 +
| /pki/keyrequests
 +
| Get list of key requests
 +
|
 +
| kraListRequests; krakraqueryReq
 +
|
 +
|
 +
|
 
|  
 
|  
| "GET"
 
| "/pki/user"
 
| "Get user details"
 
| "caug"
 
| "kraug"
 
| "ocspug"
 
| "tksug"
 
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| GET
| "/pki/user"
+
| /pki/keyrequest/$id
| "Add a user"
+
| Get key request details
| "caug, caRegisterUser, caRegisterRaUser, caAdminEnroll"
+
|
| "kraRegisterUser, kraug"
+
| kraKRAGetApprovalStatus; kraKRAExamineRecovery;
| "ocspug"
+
|  
| "tksug, tksRegisterUser"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| POST-a
| "/pki/user"
+
| /pki/keyrequest
| "Modify a user"
+
| Add a key request
| "caug"
+
|
| "kraug"
+
| kraKRARecoverBySerial; 
| "ocspug"
+
|  
| "tksug"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 +
| Key request Status
 +
| PUT
 +
| /pki/keyrequest/$id/status
 +
| Modify a key request status (approve async recovery)
 +
|
 +
| kraKRAGrantRecovery; kraKRAGrantAsyncRecovery; kraKRAProcessReq; kraGrantRecovery;
 
|  
 
|  
| "DEL"
+
|  
| "/pki/user"
+
| {status approve}
| "Delete a user"
+
| {status; pending-1}
| "caug"
 
| "kraug"
 
| "ocspug"
 
| "tksug"
 
 
|-
 
|-
| "System"
+
|  
| "GET"
+
| GET
| "/pki/X/status"
+
| /pki/keyrequest/$id/status
| "Get subsystem status"
+
| Get key request status  
| "caGetStatus"
+
|  
 +
|
 +
|
 +
|
 +
|
 +
| {status: pending-1; approvers: cn: alee}
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| DEL
| "/pki/X/stats"
+
| /pki/keyrequest/$id
| "Get subsystem stats"
+
| Delete a key request
| "caStats"
+
|
 +
| None
 +
|
 +
|
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
|  
| "/pki/X/monitor"
+
|  
| "Get subsystem monitor stats"
+
|  
| "caMonitor"
+
|  
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "GET"
+
|  
| "/pki/X/logs"
+
|  
| "Get list of logs for subsystem"
+
|  
| "calog"
+
|  
| "kralog"
+
|  
| "ocsplog"
+
|  
| "tkslog"
+
|  
 +
|
 +
|
 
|-
 
|-
 +
| users
 +
| GET
 +
| /pki/users
 +
| Get list of users
 +
| caug
 +
| kraug
 +
| ocspug
 +
| tksug
 +
|
 
|  
 
|  
| "GET"
 
| "/pki/X/log"
 
| "Get log contents"
 
| "calog"
 
| "kralog"
 
| "ocsplog"
 
| "tkslog"
 
 
|-
 
|-
| "Config"
+
|  
| "GET"
+
| GET
| "/pki/config/X/acls"
+
| /pki/user/$id
| "Get list of acls"
+
| Get user details
| "caacl"
+
| caug
| "kraacl"
+
| kraug
| "ocspacl"
+
| ocspug
| "tksacl"
+
| tksug
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| PUT
| "/pki/config/X/acl"
+
| /pki/user/$id
| "Get acl details"
+
| Add or modify a user
| "caacl"
+
| caug; caRegisterUser; caRegisterRaUser; caAdminEnroll
| "kraacl"
+
| kraRegisterUser; kraug
| "ocspacl"
+
| ocspug
| "tksacl"
+
| tksug; tksRegisterUser
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| DEL
| "/pki/config/X/acl"
+
| /pki/user
| "Add an acl"
+
| Delete a user
| "caacl"
+
| caug
| "kraacl"
+
| kraug
| "ocspacl"
+
| ocspug
| "tksacl"
+
| tksug
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
|  
| "/pki/config/X/acl"
+
|  
| "Modify an acl"
+
|  
| "caacl"
+
|  
| "kraacl"
+
|  
| "ocspacl"
+
|  
| "tksacl"
+
|  
 +
|
 +
|
 
|-
 
|-
 +
| System
 +
| GET
 +
| /pki/X/status
 +
| Get subsystem status
 +
| caGetStatus
 +
|
 +
|
 +
|
 +
|
 
|  
 
|  
| "DEL"
 
| "/pki/config/X/acl"
 
| "Delete an acl"
 
| "caacl"
 
| "kraacl"
 
| "ocspacl"
 
| "tksacl"
 
 
|-
 
|-
 +
 +
| GET
 +
| /pki/X/stats
 +
| Get subsystem stats
 +
| caStats
 +
|
 +
|
 +
|
 +
|
 
|  
 
|  
| "GET"
 
| "/pki/config/X/logs"
 
| "Get list of logs"
 
| "calog"
 
| "kralog"
 
| "ocsplog"
 
| "tkslog"
 
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/X/log"
+
| /pki/X/monitor
| "Get log details"
+
| Get subsystem monitor stats
| "calog"
+
| caMonitor
| "kralog"
+
|
| "ocsplog"
+
|  
| "tkslog"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| GET
| "/pki/config/X/log"
+
| /pki/X/logs
| "Add an log configuration"
+
| Get list of logs for subsystem
| "calog"
+
| calog
| "kralog"
+
| kralog
| "ocsplog"
+
| ocsplog
| "tkslog"
+
| tkslog
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| GET
| "/pki/config/X/log"
+
| /pki/X/log
| "Modify an log configuration"
+
| Get log contents
| "calog"
+
| calog
| "kralog"
+
| kralog
| "ocsplog"
+
| ocsplog
| "tkslog"
+
| tkslog
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
|  
| "/pki/config/X/log"
+
|  
| "Delete an log configuration"
+
|  
| "calog"
+
|  
| "kralog"
+
|  
| "ocsplog"
+
|  
| "tkslog"
+
|  
 +
|
 +
|
 
|-
 
|-
|
+
| Config
| "GET"
+
|
| "/pki/config/ca/systems"
+
|
| "Get list of systems from security domain"
+
|
| "caGetDomainXML"
+
|
 +
|  
 +
|  
 +
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/ca/system"
+
| /pki/config/X/acls
| "Get system details from sec domain"
+
| Get list of acls
| "None as yet"
+
| caacl
 +
| kraacl
 +
| ocspacl
 +
| tksacl
 +
|
 +
|  
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| GET
| "/pki/config/ca/system"
+
| /pki/config/X/acl/$id
| "Add a system to security domain"
+
| Get acl details
| "caUpdateDomainXML"
+
| caacl
 +
| kraacl
 +
| ocspacl
 +
| tksacl
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| PUT
| "/pki/config/ca/system"
+
| /pki/config/X/acl/$id
| "Modify a system entry in sec domain"
+
| Add or modify an acl
| "caUpdateDomainXML"
+
| caacl
 +
| kraacl
 +
| ocspacl
 +
| tksacl
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
| DEL
| "/pki/config/ca/system"
+
| /pki/config/X/acl
| "Delete an system from security domain"
+
| Delete an acl
| "caUpdateDomainXML"
+
| caacl
 +
| kraacl
 +
| ocspacl
 +
| tksacl
 +
|
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
|  
| "/pki/config/ca/publishers"
+
|  
| "Get list of publishers"
+
|  
| "capublisher"
+
|  
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/ca/publisher"
+
| /pki/config/X/logs
| "Get publisher details"
+
| Get list of logs
| "capublisher"
+
| calog
 +
| kralog
 +
| ocsplog
 +
| tkslog
 +
|
 +
|  
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| GET
| "/pki/config/ca/publisher"
+
| /pki/config/X/log/$id
| "Add an publisher"
+
| Get log details
| "capublisher"
+
| calog
 +
| kralog
 +
| ocsplog
 +
| tkslog
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| PUT
| "/pki/config/ca/publisher"
+
| /pki/config/X/log/$id
| "Modify an publisher"
+
| Add or modify a log configuration
| "capublisher"
+
| calog
 +
| kralog
 +
| ocsplog
 +
| tkslog
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
| DEL
| "/pki/config/ca/publisher"
+
| /pki/config/X/log
| "Delete a publisher"
+
| Delete an log configuration
| "capublisher"
+
| calog
 +
| kralog
 +
| ocsplog
 +
| tkslog
 +
|
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
|  
| "/pki/config/X/jobs"
+
|  
| "Get list of jobs"
+
|  
| "cajobsScheduler"
+
|  
| "krajobsScheduler"
+
|  
| "ocspjobsScheduler"
+
|  
| "tksjobsScheduler"
+
|  
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/X/job"
+
| /pki/config/ca/systems
| "Get job details"
+
| Get list of systems from security domain
| "cajobsScheduler"
+
| caGetDomainXML
| "krajobsScheduler"
+
|
| "ocspjobsScheduler"
+
|  
| "tksjobsScheduler"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| GET
| "/pki/config/X/job"
+
| /pki/config/ca/system/$id
| "Add an job"
+
| Get system details from sec domain
| "cajobsScheduler"
+
| None as yet
| "krajobsScheduler"
+
|  
| "ocspjobsScheduler"
+
|  
| "tksjobsScheduler"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| PUT
| "/pki/config/X/job"
+
| /pki/config/ca/system/$id
| "Modify an job"
+
| Add or modify a system in security domain
| "cajobsScheduler"
+
| caUpdateDomainXML
| "krajobsScheduler"
+
|  
| "ocspjobsScheduler"
+
|  
| "tksjobsScheduler"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
| DEL
| "/pki/config/X/job"
+
| /pki/config/ca/system/$id
| "Delete an job"
+
| Delete an system from security domain
| "cajobsScheduler"
+
| caUpdateDomainXML
| "krajobsScheduler"
+
|
| "ocspjobsScheduler"
+
|  
| "tksjobsScheduler"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
|  
| "/pki/config/X/auths"
+
|  
| "Get list of authentication plugins"
+
|  
| "caauths"
+
|  
| "kraauths"
+
|  
| "ocspauths"
+
|  
| "tksauths"
+
|  
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/X/auth"
+
| /pki/config/ca/publishers
| "Get authentication plugin details"
+
| Get list of publishers
| "caauths"
+
| capublisher
| "kraauths"
+
|
| "ocspauths"
+
|  
| "tksauths"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| GET
| "/pki/config/X/auth"
+
| /pki/config/ca/publisher/$id
| "Add an authentication plugin"
+
| Get publisher details
| "caauths"
+
| capublisher
| "kraauths"
+
|  
| "ocspauths"
+
|  
| "tksauths"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| PUT
| "/pki/config/X/auth"
+
| /pki/config/ca/publisher/$id
| "Modify an authentication plugin"
+
| Add or modify a publisher
| "caauths"
+
| capublisher
| "kraauths"
+
|  
| "ocspauths"
+
|  
| "tksauths"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
| DEL
| "/pki/config/X/auth"
+
| /pki/config/ca/publisher/$id
| "Delete an authentication plugin"
+
| Delete a publisher
| "caauths"
+
| capublisher
| "kraauths"
+
|
| "ocspauths"
+
|  
| "tksauths"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
|  
| "/pki/config/X/certs"
+
|  
| "Get list of system_certs"
+
|  
| "caserver"
+
|
| "kraserver"
+
|
| "ocspserver"
+
|
| "tksserver"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/X/cert"
+
| /pki/config/X/jobs
| "Get system_cert "
+
| Get list of jobs
| "caGetSubsystemCert"
+
| cajobsScheduler
| "kraGetTransportCert"
+
| krajobsScheduler
 +
| ocspjobsScheduler
 +
| tksjobsScheduler
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/X/cert/Y/details"
+
| /pki/config/X/job/$id
| "Get system_cert details"
+
| Get job details
| "caserver"
+
| cajobsScheduler
| "kraKRADisplayTransport, kraserver"
+
| krajobsScheduler
| "ocspserver"
+
| ocspjobsScheduler
| "tksserver"
+
| tksjobsScheduler
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "PUT"
+
| PUT
| "/pki/config/X/cert"
+
| /pki/config/X/job/$id
| "Add an system_cert"
+
| Add an job
| "caserver"
+
| cajobsScheduler
| "kraserver"
+
| krajobsScheduler
| "ocspserver"
+
| ocspjobsScheduler
| "tksserver, tksImportTransportCert"
+
| tksjobsScheduler
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| DEL
| "/pki/config/X/cert"
+
| /pki/config/X/job/$id
| "Modify an system_cert"
+
| Delete an job
| "caserver"
+
| cajobsScheduler
| "kraserver"
+
| krajobsScheduler
| "ocspserver"
+
| ocspjobsScheduler
| "tksserver"
+
| tksjobsScheduler
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "DEL"
+
|  
| "/pki/config/X/cert"
+
|  
| "Delete an system_cert"
+
|  
| "caserver"
+
|  
| "kraserver"
+
|  
| "ocspserver"
+
|  
| "tksserver"
+
|  
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/X/serialnos"
+
| /pki/config/X/auths
| "Get serial number range"
+
| Get list of authentication plugins
| "None as yet"
+
| caauths
| "None as yet"
+
| kraauths
 +
| ocspauths
 +
| tksauths
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
| GET
| "/pki/config/X/serialnos"
+
| /pki/config/X/auth/$id
| "Modify serial number range"
+
| Get authentication plugin details
| "caUpdateNumberRange"
+
| caauths
| "kraUpdateNumberRange"
+
| kraauths
 +
| ocspauths
 +
| tksauths
 +
|  
 +
|  
 
|-
 
|-
 +
|
 +
| PUT
 +
| /pki/config/X/auth/$id
 +
| Add or modify an authentication plugin
 +
| caauths
 +
| kraauths
 +
| ocspauths
 +
| tksauths
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| DEL
| "/pki/config/X/connector"
+
| /pki/config/X/auth/$id
| "Get connector config",,"kraConnector"
+
| Delete an authentication plugin
 +
| caauths
 +
| kraauths
 +
| ocspauths
 +
| tksauths
 +
|
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
|  
| "/pki/config/X/connector"
+
|  
| "Modify connector config"
+
|  
| "caUpdateConnector"
+
|  
 +
|
 +
|
 +
|
 +
|
 +
|
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/X/ocsp"
+
| /pki/config/X/certs
| "Get ocsp config "
+
| Get list of system_certs
| "caGetOCSPInfo",,"ocspGetOCSPInfo"
+
| caserver
 +
| kraserver
 +
| ocspserver
 +
| tksserver
 +
|
 +
|
 +
|-
 +
|
 +
| GET
 +
| /pki/config/X/cert/$id
 +
| Get system_cert
 +
| caGetSubsystemCert
 +
| kraGetTransportCert
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
|
 +
| GET
 +
| /pki/config/X/cert/Y/details
 +
| Get system_cert details
 +
| caserver
 +
| kraKRADisplayTransport; kraserver
 +
| ocspserver
 +
| tksserver
 +
|
 +
|
 +
|-
 +
|
 +
| PUT
 +
| /pki/config/X/cert/$id
 +
| Add an system_cert
 +
| caserver
 +
| kraserver
 +
| ocspserver
 +
| tksserver; tksImportTransportCert
 +
|
 +
|
 +
|-
 +
|
 +
| DEL
 +
| /pki/config/X/cert/$id
 +
| Delete an system_cert
 +
| caserver
 +
| kraserver
 +
| ocspserver
 +
| tksserver
 +
|
 +
|  
 
|-
 
|-
 
|  
 
|  
| "POST"
+
|
| "/pki/config/X/ocsp"
+
| "Modify ocsp config"
+
| "caUpdateOCSPConfig"
+
|
 +
|
 +
|
 +
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| GET
| "/pki/config/X/cloning"
+
| /pki/config/X/serialnos/$id
| "Get cloning config"
+
| Get serial number range
| "caGetConfigEntries"
+
| None as yet
| "kraGetConfigEntries"
+
| None as yet
| "ocspGetConfigEntries"
+
|  
| "tksGetConfigEntries"
+
|  
 +
|  
 +
|  
 
|-
 
|-
 
|  
 
|  
| "GET"
+
| PUT
| "/pki/config/X/tokeninfo"
+
| /pki/config/X/serialnos/$id
| "Get token info (for cloning)"
+
| Update serial number range
| "caGetTokenInfo"
+
| caUpdateNumberRange
| "kraGetTokenInfo"
+
| kraUpdateNumberRange
| "ocspGetTokenInfo"
+
|
| "tksGetTokenInfo"
+
|
 +
|
 +
|
 +
|-
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
|
 +
| GET
 +
| /pki/config/X/connector/$id
 +
| Get connector config
 +
|
 +
| kraConnector
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
|
 +
| PUT
 +
| /pki/config/X/connector/$id
 +
| Add or modify connector config
 +
| caUpdateConnector
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
|
 +
| GET
 +
| /pki/config/X/ocsp
 +
| Get ocsp config
 +
| caGetOCSPInfo
 +
|
 +
| ocspGetOCSPInfo
 +
|
 +
|
 +
|
 +
|-
 +
|
 +
| PUT
 +
| /pki/config/X/ocsp
 +
| Modify ocsp config
 +
| caUpdateOCSPConfig
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
|
 +
| GET
 +
| /pki/config/X/cloning
 +
| Get cloning config
 +
| caGetConfigEntries
 +
| kraGetConfigEntries
 +
| ocspGetConfigEntries
 +
| tksGetConfigEntries
 +
|
 +
|
 +
|-
 +
|
 +
| GET
 +
| /pki/config/X/tokeninfo
 +
| Get token info (for cloning)
 +
| caGetTokenInfo
 +
| kraGetTokenInfo
 +
| ocspGetTokenInfo
 +
| tksGetTokenInfo
 +
|
 +
|
 
|-
 
|-
 
|}
 
|}

Revision as of 01:18, 19 October 2011

Interfaces

  • Here is a proposed new RESTful design for a programmatic interface to dogtag
"Objects" "Operation" "REST Path" "Description" "Mapped Servlets (CA)" "Mapped Servlets (KRA)" "Mapped Servlets(OCSP)" "Mapped Servlets (TKS)"
Objects Operation REST Path Description Mapped Servlets (CA) Mapped Servlets (KRA) Mapped Servlets(OCSP) Mapped Servlets (TKS) Input Output
Certificates GET /pki/certificates Get list of certificates caSrchCerts-agent; caListCerts-agent;caSrchCert; caSrchRevokeCert; caSrchCerts; caListCerts
/pki/certifcate/$id/details Get certifcate details caDisplayCertFromRequest-agent; caDisplayBySerial-agent; caDisplayCertFromRequest; caDisplayBySerial
GET /pki/certificate/ocsp Get OCSP response caOCSP ocspCheckCert; ocspReadCheckCertPage
GET /pki/certificate Get certifcate caGetAdminCertBySerial; caGetCertChain; caGetCertChainAdmin; caGetCertFromRequest-agent;caGetBySerial-agent; caQueryBySerial; caGetBySerial; caGetAdminBySerial; caGetCAChain; caGetCertFromRequest
POST-a /pki/certificate Add a certificate None
DEL /pki/certificate Delete a certificate None
Certificate Status PUT /pki/certificate/$id/status Modify certificate status - revoke; unrevoke caDoUnrevoke; caDoRevoke-agent; caDoRevoke1; caDoRevoke1; caCMCRevReq; caDoUnrevoke1; caRevocation; caDoRevoke; caProxyDoRevoke {status; revoked}
GET /pki/certificate/$id/status Get certificate status {status: active}
Cert Requests GET /pki/requests Get list of requests caListRequests; caSearchReqs {search/ selection parameters} { collection of rids }
GET /pki/request/$id Get request details caqueryReq; caCheckRequest
POST-a /pki/request Add a request caProfileSubmit; caenrollment;cacertbasedenrollment; caProfileSubmitCMCSimple; profileSubmitCMCFull; caProfileSubmitSSLClient; caProxyProfileSubmit; cabulkissuance; caProxyBulkIssuance; caRenewal; caSCEP; caRASCEP {status; approved; certid: /pki/certificate/id; rid; /pki/request/id}
DEL /pki/request/$id Delete a request None
PUT /pki/request/$id Modify a request - if a request is not approved an agent can modify it before approving. caProfileProcess; caProcessCertReq; caProcessReq {all stuff in a request} {status; approved; certid: /pki/certificate/id; rid; /pki/request/id}
Cert Request Status PUT /pki/request/$id/status Modify request status - approve; deny etc; caProfileProcess; caProcessCertReq; caProcessReq {status: approved} {status; approved; certid; /pki/certificate/id}
GET /pki/request/$id/status Get request status caCheckRequest {status; approved; certid; /pki/certificate/id}
Cert profiles GET /pki/profiles Get list of profiles caProfileList-agent; caProfileList
GET /pki/profile/$id Get profile details caProfileReview; caProfileSelect-agent; caProfileSelect; caSCEP; caRASCEP
PUT /pki/profile/$id Add or modify profile caprofile; caProfileApprove
DEL /pki/profile/$id Delete a profile caprofile
Cert CRLs GET /pki/crls Get list of CRLs None
GET /pki/crl/details Get CRL details camasterCADisplayCRL ocspReadAddCRLPage
GET /pki/crl Get CRL caGetCRL
PUT /pki/crl Add a CRL ocspAddCRL
POST-b /pki/crl Modify a CRL camasterCAUpdateCRL
DEL /pki/crl Delete a CRL
CAs (for OCSP) GET /pki/ocsp/cas Get list of CAs ocspListCAs
GET /pki/ocsp/ca/$id Get CA details ocspReadAddCAPage
PUT /pki/ocsp/ca/$id Add or modify a CA ocspAddCA
DEL /pki/ocsp/ca/$id Delete a CA ocspRemoveCA
keys GET /pki/keys Get list of keys kraSrchKey; kraKRASrchKey; kraKRASrchKeyForRecovery; kraSrchRecoverKey
GET /pki/key Get key kraKRAGetPk12; kraKRAGetAsyncPk12
GET /pki/key/$id/details Get key details kraKRADisplayBySerialForRecovery; kraKRADisplayBySerial
PUT /pki/key Add a key
DEL /pki/key Delete a key None
key requests (archival; recovery) GET /pki/keyrequests Get list of key requests kraListRequests; krakraqueryReq
GET /pki/keyrequest/$id Get key request details kraKRAGetApprovalStatus; kraKRAExamineRecovery;
POST-a /pki/keyrequest Add a key request kraKRARecoverBySerial;
Key request Status PUT /pki/keyrequest/$id/status Modify a key request status (approve async recovery) kraKRAGrantRecovery; kraKRAGrantAsyncRecovery; kraKRAProcessReq; kraGrantRecovery; {status approve} {status; pending-1}
GET /pki/keyrequest/$id/status Get key request status {status: pending-1; approvers: cn: alee}
DEL /pki/keyrequest/$id Delete a key request None
users GET /pki/users Get list of users caug kraug ocspug tksug
GET /pki/user/$id Get user details caug kraug ocspug tksug
PUT /pki/user/$id Add or modify a user caug; caRegisterUser; caRegisterRaUser; caAdminEnroll kraRegisterUser; kraug ocspug tksug; tksRegisterUser
DEL /pki/user Delete a user caug kraug ocspug tksug
System GET /pki/X/status Get subsystem status caGetStatus
GET /pki/X/stats Get subsystem stats caStats
GET /pki/X/monitor Get subsystem monitor stats caMonitor
GET /pki/X/logs Get list of logs for subsystem calog kralog ocsplog tkslog
GET /pki/X/log Get log contents calog kralog ocsplog tkslog
Config
GET /pki/config/X/acls Get list of acls caacl kraacl ocspacl tksacl
GET /pki/config/X/acl/$id Get acl details caacl kraacl ocspacl tksacl
PUT /pki/config/X/acl/$id Add or modify an acl caacl kraacl ocspacl tksacl
DEL /pki/config/X/acl Delete an acl caacl kraacl ocspacl tksacl
GET /pki/config/X/logs Get list of logs calog kralog ocsplog tkslog
GET /pki/config/X/log/$id Get log details calog kralog ocsplog tkslog
PUT /pki/config/X/log/$id Add or modify a log configuration calog kralog ocsplog tkslog
DEL /pki/config/X/log Delete an log configuration calog kralog ocsplog tkslog
GET /pki/config/ca/systems Get list of systems from security domain caGetDomainXML
GET /pki/config/ca/system/$id Get system details from sec domain None as yet
PUT /pki/config/ca/system/$id Add or modify a system in security domain caUpdateDomainXML
DEL /pki/config/ca/system/$id Delete an system from security domain caUpdateDomainXML
GET /pki/config/ca/publishers Get list of publishers capublisher
GET /pki/config/ca/publisher/$id Get publisher details capublisher
PUT /pki/config/ca/publisher/$id Add or modify a publisher capublisher
DEL /pki/config/ca/publisher/$id Delete a publisher capublisher
GET /pki/config/X/jobs Get list of jobs cajobsScheduler krajobsScheduler ocspjobsScheduler tksjobsScheduler
GET /pki/config/X/job/$id Get job details cajobsScheduler krajobsScheduler ocspjobsScheduler tksjobsScheduler
PUT /pki/config/X/job/$id Add an job cajobsScheduler krajobsScheduler ocspjobsScheduler tksjobsScheduler
DEL /pki/config/X/job/$id Delete an job cajobsScheduler krajobsScheduler ocspjobsScheduler tksjobsScheduler
GET /pki/config/X/auths Get list of authentication plugins caauths kraauths ocspauths tksauths
GET /pki/config/X/auth/$id Get authentication plugin details caauths kraauths ocspauths tksauths
PUT /pki/config/X/auth/$id Add or modify an authentication plugin caauths kraauths ocspauths tksauths
DEL /pki/config/X/auth/$id Delete an authentication plugin caauths kraauths ocspauths tksauths
GET /pki/config/X/certs Get list of system_certs caserver kraserver ocspserver tksserver
GET /pki/config/X/cert/$id Get system_cert caGetSubsystemCert kraGetTransportCert
GET /pki/config/X/cert/Y/details Get system_cert details caserver kraKRADisplayTransport; kraserver ocspserver tksserver
PUT /pki/config/X/cert/$id Add an system_cert caserver kraserver ocspserver tksserver; tksImportTransportCert
DEL /pki/config/X/cert/$id Delete an system_cert caserver kraserver ocspserver tksserver
GET /pki/config/X/serialnos/$id Get serial number range None as yet None as yet
PUT /pki/config/X/serialnos/$id Update serial number range caUpdateNumberRange kraUpdateNumberRange
GET /pki/config/X/connector/$id Get connector config kraConnector
PUT /pki/config/X/connector/$id Add or modify connector config caUpdateConnector
GET /pki/config/X/ocsp Get ocsp config caGetOCSPInfo ocspGetOCSPInfo
PUT /pki/config/X/ocsp Modify ocsp config caUpdateOCSPConfig
GET /pki/config/X/cloning Get cloning config caGetConfigEntries kraGetConfigEntries ocspGetConfigEntries tksGetConfigEntries
GET /pki/config/X/tokeninfo Get token info (for cloning) caGetTokenInfo kraGetTokenInfo ocspGetTokenInfo tksGetTokenInfo

Notes: 1. There is still misc admin that has not yet been characterized. This is in in caca, caregistry, krakra, ocspocsp, tkstkservlets -which map to the admin servlet. 2. Wizard and installation servlets are not covered (for the most part). 3. I have not included token/ token key operations (which is why the main TKS operations are not there yet) 4. We need to figure out how to handle client-auth vs. non-clientauth - which maps to ee/agent/admin. Currently we do this by filtering urls. 5. This is just a first cut - and hopefully a useful starting point for discussions