Difference between revisions of "Dogtag Future Directions"

From Dogtag
Jump to: navigation, search
(Interfaces)
(Interfaces)
Line 21: Line 21:
 
| Mapped Servlets(OCSP)
 
| Mapped Servlets(OCSP)
 
| Mapped Servlets (TKS)
 
| Mapped Servlets (TKS)
| Input
+
 
| Output
 
 
|-
 
|-
| Certificates
 
| GET
 
| /pki/certificates
 
| Get list of certificates
 
| caSrchCerts-agent; caListCerts-agent;caSrchCert; caSrchRevokeCert; caSrchCerts; caListCerts
 
 
|  
 
|  
 
|  
 
|  
Line 34: Line 28:
 
|  
 
|  
 
|  
 
|  
 +
|
 +
|
 +
 +
|-Top Level
 +
| GET
 +
| /pki
 +
| top level
 +
| services; caindex
 +
| kraindex; services
 +
| service; ocspindex
 +
| services
 +
 
|-
 
|-
 
|  
 
|  
 
|  
 
|  
| /pki/certifcate/$id/details
 
| Get certifcate details
 
| caDisplayCertFromRequest-agent; caDisplayBySerial-agent; caDisplayCertFromRequest; caDisplayBySerial
 
 
|  
 
|  
 
|  
 
|  
Line 45: Line 48:
 
|  
 
|  
 
|  
 
|  
 +
 +
|-Controller Objects
 +
| GET
 +
| /pki/token/sessionKey
 +
|
 +
|
 +
|
 +
|
 +
 +
 
|-
 
|-
 +
| GET
 +
| /pki/token/diversifiedKey
 
|  
 
|  
 +
|
 +
|
 +
|
 +
|
 +
 +
|-
 
| GET
 
| GET
| /pki/certificate/ocsp
+
| /pki/token/encryptedData
| Get OCSP response
+
|  
| caOCSP
 
 
|  
 
|  
| ocspCheckCert; ocspReadCheckCertPage
 
 
|  
 
|  
 
|  
 
|  
 
|  
 
|  
 +
 
|-
 
|-
 +
| GET
 +
| /pki/token/randomData
 +
|
 +
|
 
|  
 
|  
| GET
 
| /pki/certificate
 
| Get certifcate
 
| caGetAdminCertBySerial; caGetCertChain; caGetCertChainAdmin; caGetCertFromRequest-agent;caGetBySerial-agent; caQueryBySerial; caGetBySerial; caGetAdminBySerial; caGetCAChain; caGetCertFromRequest
 
 
|  
 
|  
 +
 +
 +
|-
 
|  
 
|  
 
|  
 
|  
 
|  
 
|  
 
|  
 
|  
|-
 
 
|  
 
|  
| POST-a
 
| /pki/certificate
 
| Add a certificate
 
| None
 
 
|  
 
|  
 
|  
 
|  
 +
 +
|-Certificates
 +
| GET
 +
| /pki/certificates
 +
| Get list of certificates
 +
| caSrchCerts-agent; caListCerts-agent;caSrchCert; caSrchRevokeCert; caSrchCerts; caListCerts
 
|  
 
|  
 
|  
 
|  
 
|  
 
|  
 +
 
|-
 
|-
 
|  
 
|  
| DEL
+
| /pki/certifcate/$id/details
| /pki/certificate
+
| Get certifcate details
| Delete a certificate
+
| caDisplayCertFromRequest-agent; caDisplayBySerial-agent; caDisplayCertFromRequest; caDisplayBySerial
| None
 
 
|  
 
|  
 
|  
 
|  
 
|  
 
|  
 +
 +
|-
 +
| POST-b
 +
| /pki/certificate/ocsp
 +
| Get OCSP response
 +
| caOCSP
 
|  
 
|  
 +
| ocspCheckCert; ocspReadCheckCertPage
 
|  
 
|  
 +
 
|-
 
|-
| Certificate Status
+
| GET
 +
| /pki/certificate/$id
 +
| Get certifcate
 +
| caGetAdminCertBySerial; caGetCertChain; caGetCertChainAdmin; caGetCertFromRequest-agent;caGetBySerial-agent; caQueryBySerial; caGetBySerial; caGetAdminBySerial; caGetCAChain; caGetCertFromRequest
 +
|
 +
|
 +
|
 +
 
 +
|-Certificate Status
 
| PUT
 
| PUT
 
| /pki/certificate/$id/status
 
| /pki/certificate/$id/status
Line 98: Line 138:
 
|  
 
|  
 
|  
 
|  
| {status; revoked}
+
 
|
 
 
|-
 
|-
|
 
 
| GET  
 
| GET  
 
| /pki/certificate/$id/status
 
| /pki/certificate/$id/status
Line 109: Line 147:
 
|  
 
|  
 
|  
 
|  
|
+
 
| {status: active}
 
 
|-
 
|-
 
|  
 
|  
Line 119: Line 156:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-Cert Requests
|
 
|-
 
| Cert Requests
 
 
| GET
 
| GET
 
| /pki/requests
 
| /pki/requests
Line 131: Line 165:
 
|  
 
|  
 
|  
 
|  
| {search/ selection parameters}
+
 
| { collection of rids }
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/request/$id
 
| /pki/request/$id
Line 142: Line 174:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| POST-a
 
| POST-a
 
| /pki/request
 
| /pki/request
Line 153: Line 183:
 
|  
 
|  
 
|  
 
|  
|
+
 
| {status; approved; certid: /pki/certificate/id; rid; /pki/request/id}
 
|-
 
|
 
| DEL
 
| /pki/request/$id
 
| Delete a request
 
| None
 
|
 
|
 
|
 
|
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/request/$id
 
| /pki/request/$id
Line 175: Line 192:
 
|  
 
|  
 
|  
 
|  
| {all stuff in a request}
+
 
| {status; approved; certid: /pki/certificate/id; rid; /pki/request/id}
+
|-Cert Request Status
|-
 
| Cert Request Status
 
 
| PUT
 
| PUT
 
| /pki/request/$id/status
 
| /pki/request/$id/status
Line 186: Line 201:
 
|  
 
|  
 
|  
 
|  
| {status: approved}
+
 
| {status; approved; certid; /pki/certificate/id}
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/request/$id/status
 
| /pki/request/$id/status
Line 197: Line 210:
 
|  
 
|  
 
|  
 
|  
|
+
 
| {status; approved; certid; /pki/certificate/id}
 
 
|-
 
|-
 
|  
 
|  
Line 207: Line 219:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-Cert profiles
|
 
|-
 
| Cert profiles
 
 
| GET
 
| GET
 
| /pki/profiles
 
| /pki/profiles
Line 219: Line 228:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/profile/$id
 
| /pki/profile/$id
Line 230: Line 237:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/profile/$id
 
| /pki/profile/$id
Line 241: Line 246:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
 
| /pki/profile/$id
 
| /pki/profile/$id
Line 252: Line 255:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 262: Line 264:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-Cert CRLs
|
 
|-
 
| Cert CRLs
 
 
| GET
 
| GET
 
| /pki/crls
 
| /pki/crls
Line 274: Line 273:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/crl/details
 
| /pki/crl/details
Line 285: Line 282:
 
| ocspReadAddCRLPage
 
| ocspReadAddCRLPage
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/crl
 
| /pki/crl
Line 296: Line 291:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/crl
 
| /pki/crl
Line 307: Line 300:
 
| ocspAddCRL
 
| ocspAddCRL
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| POST-b
 
| POST-b
 
| /pki/crl
 
| /pki/crl
Line 318: Line 309:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
 
| /pki/crl
 
| /pki/crl
Line 329: Line 318:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 339: Line 327:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-CAs (for OCSP)
|
 
|-
 
| CAs (for OCSP)
 
 
| GET
 
| GET
 
| /pki/ocsp/cas
 
| /pki/ocsp/cas
Line 351: Line 336:
 
| ocspListCAs
 
| ocspListCAs
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/ocsp/ca/$id
 
| /pki/ocsp/ca/$id
Line 362: Line 345:
 
| ocspReadAddCAPage
 
| ocspReadAddCAPage
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/ocsp/ca/$id
 
| /pki/ocsp/ca/$id
Line 373: Line 354:
 
| ocspAddCA
 
| ocspAddCA
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
 
| /pki/ocsp/ca/$id
 
| /pki/ocsp/ca/$id
Line 384: Line 363:
 
| ocspRemoveCA
 
| ocspRemoveCA
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 394: Line 372:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-keys
|
 
|-
 
| keys
 
 
| GET
 
| GET
 
| /pki/keys
 
| /pki/keys
Line 406: Line 381:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
| /pki/key
+
| /pki/key/$id
 
| Get key
 
| Get key
 
|  
 
|  
Line 417: Line 390:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/key/$id/details
 
| /pki/key/$id/details
Line 428: Line 399:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
| /pki/key
+
| /pki/key/$id
 
| Add a key
 
| Add a key
 
|  
 
|  
Line 439: Line 408:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
| DEL
 
| /pki/key
 
| Delete a key
 
|
 
| None
 
 
|  
 
|  
 
|  
 
|  
 
|  
 
|  
 
|  
 
|  
|-
 
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-key requests (archival; recovery)
|
 
|
 
|
 
|
 
|
 
|
 
|-
 
| key requests (archival; recovery)
 
 
| GET
 
| GET
 
| /pki/keyrequests
 
| /pki/keyrequests
Line 472: Line 426:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/keyrequest/$id
 
| /pki/keyrequest/$id
Line 483: Line 435:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| POST-a
 
| POST-a
 
| /pki/keyrequest
 
| /pki/keyrequest
Line 494: Line 444:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-Key request Status
|-
 
| Key request Status
 
 
| PUT
 
| PUT
 
| /pki/keyrequest/$id/status
 
| /pki/keyrequest/$id/status
Line 505: Line 453:
 
|  
 
|  
 
|  
 
|  
| {status approve}
+
 
| {status; pending-1}
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/keyrequest/$id/status
 
| /pki/keyrequest/$id/status
Line 516: Line 462:
 
|  
 
|  
 
|  
 
|  
|
+
 
| {status: pending-1; approvers: cn: alee}
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
 
| /pki/keyrequest/$id
 
| /pki/keyrequest/$id
Line 527: Line 471:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 537: Line 480:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 548: Line 489:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-users
|
 
|-
 
| users
 
 
| GET
 
| GET
 
| /pki/users
 
| /pki/users
Line 560: Line 498:
 
| ocspug
 
| ocspug
 
| tksug
 
| tksug
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/user/$id
 
| /pki/user/$id
Line 571: Line 507:
 
| ocspug
 
| ocspug
 
| tksug
 
| tksug
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/user/$id
 
| /pki/user/$id
Line 582: Line 516:
 
| ocspug
 
| ocspug
 
| tksug; tksRegisterUser
 
| tksug; tksRegisterUser
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
| /pki/user
+
| /pki/user/$id
 
| Delete a user
 
| Delete a user
 
| caug
 
| caug
Line 593: Line 525:
 
| ocspug
 
| ocspug
 
| tksug
 
| tksug
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 603: Line 534:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-System
|
 
|-
 
| System
 
 
| GET
 
| GET
 
| /pki/X/status
 
| /pki/X/status
Line 615: Line 543:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-  
|-
 
 
 
| GET
 
| GET
 
| /pki/X/stats
 
| /pki/X/stats
Line 626: Line 552:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/X/monitor
 
| /pki/X/monitor
Line 637: Line 561:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/X/logs
 
| /pki/X/logs
Line 648: Line 570:
 
| ocsplog
 
| ocsplog
 
| tkslog
 
| tkslog
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
| /pki/X/log
+
| /pki/X/log/$id
 
| Get log contents
 
| Get log contents
 
| calog
 
| calog
Line 659: Line 579:
 
| ocsplog
 
| ocsplog
 
| tkslog
 
| tkslog
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 669: Line 588:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
+
|-Config
|
 
|-
 
| Config
 
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 683: Line 597:
 
|  
 
|  
 
|  
 
|  
 +
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/acls
 
| /pki/config/X/acls
Line 692: Line 606:
 
| ocspacl
 
| ocspacl
 
| tksacl
 
| tksacl
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/acl/$id
 
| /pki/config/X/acl/$id
Line 703: Line 615:
 
| ocspacl
 
| ocspacl
 
| tksacl
 
| tksacl
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/X/acl/$id
 
| /pki/config/X/acl/$id
Line 714: Line 624:
 
| ocspacl
 
| ocspacl
 
| tksacl
 
| tksacl
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
| /pki/config/X/acl
+
| /pki/config/X/acl/$id
 
| Delete an acl
 
| Delete an acl
 
| caacl
 
| caacl
Line 725: Line 633:
 
| ocspacl
 
| ocspacl
 
| tksacl
 
| tksacl
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 735: Line 642:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/logs
 
| /pki/config/X/logs
Line 747: Line 651:
 
| ocsplog
 
| ocsplog
 
| tkslog
 
| tkslog
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/log/$id
 
| /pki/config/X/log/$id
Line 758: Line 660:
 
| ocsplog
 
| ocsplog
 
| tkslog
 
| tkslog
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/X/log/$id
 
| /pki/config/X/log/$id
Line 769: Line 669:
 
| ocsplog
 
| ocsplog
 
| tkslog
 
| tkslog
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
| /pki/config/X/log
+
| /pki/config/X/log/$id
 
| Delete an log configuration
 
| Delete an log configuration
 
| calog
 
| calog
Line 780: Line 678:
 
| ocsplog
 
| ocsplog
 
| tkslog
 
| tkslog
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 790: Line 687:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/ca/systems
 
| /pki/config/ca/systems
Line 802: Line 696:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/ca/system/$id
 
| /pki/config/ca/system/$id
Line 813: Line 705:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/ca/system/$id
 
| /pki/config/ca/system/$id
Line 824: Line 714:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
 
| /pki/config/ca/system/$id
 
| /pki/config/ca/system/$id
Line 835: Line 723:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 845: Line 732:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/ca/publishers
 
| /pki/config/ca/publishers
Line 857: Line 741:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/ca/publisher/$id
 
| /pki/config/ca/publisher/$id
Line 868: Line 750:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/ca/publisher/$id
 
| /pki/config/ca/publisher/$id
Line 879: Line 759:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
 
| /pki/config/ca/publisher/$id
 
| /pki/config/ca/publisher/$id
Line 890: Line 768:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
|  
 
|  
 
|  
 
|  
Line 901: Line 777:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/jobs
 
| /pki/config/X/jobs
Line 912: Line 786:
 
| ocspjobsScheduler
 
| ocspjobsScheduler
 
| tksjobsScheduler
 
| tksjobsScheduler
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/job/$id
 
| /pki/config/X/job/$id
Line 923: Line 795:
 
| ocspjobsScheduler
 
| ocspjobsScheduler
 
| tksjobsScheduler
 
| tksjobsScheduler
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/X/job/$id
 
| /pki/config/X/job/$id
Line 934: Line 804:
 
| ocspjobsScheduler
 
| ocspjobsScheduler
 
| tksjobsScheduler
 
| tksjobsScheduler
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
 
| /pki/config/X/job/$id
 
| /pki/config/X/job/$id
Line 945: Line 813:
 
| ocspjobsScheduler
 
| ocspjobsScheduler
 
| tksjobsScheduler
 
| tksjobsScheduler
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 955: Line 822:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/auths
 
| /pki/config/X/auths
Line 967: Line 831:
 
| ocspauths
 
| ocspauths
 
| tksauths
 
| tksauths
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/auth/$id
 
| /pki/config/X/auth/$id
Line 978: Line 840:
 
| ocspauths
 
| ocspauths
 
| tksauths
 
| tksauths
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/X/auth/$id
 
| /pki/config/X/auth/$id
Line 989: Line 849:
 
| ocspauths
 
| ocspauths
 
| tksauths
 
| tksauths
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
 
| /pki/config/X/auth/$id
 
| /pki/config/X/auth/$id
Line 1,000: Line 858:
 
| ocspauths
 
| ocspauths
 
| tksauths
 
| tksauths
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 1,010: Line 867:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/certs
 
| /pki/config/X/certs
Line 1,022: Line 876:
 
| ocspserver
 
| ocspserver
 
| tksserver
 
| tksserver
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/cert/$id
 
| /pki/config/X/cert/$id
Line 1,033: Line 885:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/cert/Y/details
 
| /pki/config/X/cert/Y/details
Line 1,044: Line 894:
 
| ocspserver
 
| ocspserver
 
| tksserver
 
| tksserver
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/X/cert/$id
 
| /pki/config/X/cert/$id
Line 1,055: Line 903:
 
| ocspserver
 
| ocspserver
 
| tksserver; tksImportTransportCert
 
| tksserver; tksImportTransportCert
|
+
 
|
 
 
|-
 
|-
|
 
 
| DEL
 
| DEL
 
| /pki/config/X/cert/$id
 
| /pki/config/X/cert/$id
Line 1,066: Line 912:
 
| ocspserver
 
| ocspserver
 
| tksserver
 
| tksserver
|
+
 
|
 
 
|-
 
|-
|
 
 
|   
 
|   
 
|   
 
|   
Line 1,077: Line 921:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/serialnos/$id
 
| /pki/config/X/serialnos/$id
Line 1,088: Line 930:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/X/serialnos/$id
 
| /pki/config/X/serialnos/$id
Line 1,099: Line 939:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 1,109: Line 948:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/connector/$id
 
| /pki/config/X/connector/$id
Line 1,121: Line 957:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/X/connector/$id
 
| /pki/config/X/connector/$id
Line 1,132: Line 966:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 1,142: Line 975:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/ocsp
 
| /pki/config/X/ocsp
Line 1,154: Line 984:
 
| ocspGetOCSPInfo
 
| ocspGetOCSPInfo
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
|
 
 
| PUT
 
| PUT
 
| /pki/config/X/ocsp
 
| /pki/config/X/ocsp
Line 1,165: Line 993:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
 
|-
 
|-
 
|  
 
|  
Line 1,175: Line 1,002:
 
|  
 
|  
 
|  
 
|  
|
+
 
|
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/cloning
 
| /pki/config/X/cloning
Line 1,187: Line 1,011:
 
| ocspGetConfigEntries
 
| ocspGetConfigEntries
 
| tksGetConfigEntries
 
| tksGetConfigEntries
|
+
 
|
 
 
|-
 
|-
|
 
 
| GET
 
| GET
 
| /pki/config/X/tokeninfo
 
| /pki/config/X/tokeninfo
Line 1,198: Line 1,020:
 
| ocspGetTokenInfo
 
| ocspGetTokenInfo
 
| tksGetTokenInfo
 
| tksGetTokenInfo
|
+
 
|
 
 
|-
 
|-
|}
+
}
  
 
Notes:
 
Notes:

Revision as of 17:04, 26 October 2011

Interfaces

  • Here is a proposed new RESTful design for a programmatic interface to dogtag
} Notes: 1. There is still misc admin that has not yet been characterized. This is in in caca, caregistry, krakra, ocspocsp, tkstkservlets -which map to the admin servlet. 2. Wizard and installation servlets are not covered (for the most part). 3. I have not included token/ token key operations (which is why the main TKS operations are not there yet) 4. We need to figure out how to handle client-auth vs. non-clientauth - which maps to ee/agent/admin. Currently we do this by filtering urls. 5. This is just a first cut - and hopefully a useful starting point for discussions
"Objects" "Operation" "REST Path" "Description" "Mapped Servlets (CA)" "Mapped Servlets (KRA)" "Mapped Servlets(OCSP)" "Mapped Servlets (TKS)"
Objects Operation REST Path Description Mapped Servlets (CA) Mapped Servlets (KRA) Mapped Servlets(OCSP) Mapped Servlets (TKS)
GET /pki top level services; caindex kraindex; services service; ocspindex services
GET /pki/token/sessionKey
GET /pki/token/diversifiedKey
GET /pki/token/encryptedData
GET /pki/token/randomData
GET /pki/certificates Get list of certificates caSrchCerts-agent; caListCerts-agent;caSrchCert; caSrchRevokeCert; caSrchCerts; caListCerts
/pki/certifcate/$id/details Get certifcate details caDisplayCertFromRequest-agent; caDisplayBySerial-agent; caDisplayCertFromRequest; caDisplayBySerial
POST-b /pki/certificate/ocsp Get OCSP response caOCSP ocspCheckCert; ocspReadCheckCertPage
GET /pki/certificate/$id Get certifcate caGetAdminCertBySerial; caGetCertChain; caGetCertChainAdmin; caGetCertFromRequest-agent;caGetBySerial-agent; caQueryBySerial; caGetBySerial; caGetAdminBySerial; caGetCAChain; caGetCertFromRequest
PUT /pki/certificate/$id/status Modify certificate status - revoke; unrevoke caDoUnrevoke; caDoRevoke-agent; caDoRevoke1; caDoRevoke1; caCMCRevReq; caDoUnrevoke1; caRevocation; caDoRevoke; caProxyDoRevoke
GET /pki/certificate/$id/status Get certificate status
GET /pki/requests Get list of requests caListRequests; caSearchReqs
GET /pki/request/$id Get request details caqueryReq; caCheckRequest
POST-a /pki/request Add a request caProfileSubmit; caenrollment;cacertbasedenrollment; caProfileSubmitCMCSimple; profileSubmitCMCFull; caProfileSubmitSSLClient; caProxyProfileSubmit; cabulkissuance; caProxyBulkIssuance; caRenewal; caSCEP; caRASCEP
PUT /pki/request/$id Modify a request - if a request is not approved an agent can modify it before approving. caProfileProcess; caProcessCertReq; caProcessReq
PUT /pki/request/$id/status Modify request status - approve; deny etc; caProfileProcess; caProcessCertReq; caProcessReq
GET /pki/request/$id/status Get request status caCheckRequest
GET /pki/profiles Get list of profiles caProfileList-agent; caProfileList
GET /pki/profile/$id Get profile details caProfileReview; caProfileSelect-agent; caProfileSelect; caSCEP; caRASCEP
PUT /pki/profile/$id Add or modify profile caprofile; caProfileApprove
DEL /pki/profile/$id Delete a profile caprofile
GET /pki/crls Get list of CRLs None
GET /pki/crl/details Get CRL details camasterCADisplayCRL ocspReadAddCRLPage
GET /pki/crl Get CRL caGetCRL
PUT /pki/crl Add a CRL ocspAddCRL
POST-b /pki/crl Modify a CRL camasterCAUpdateCRL
DEL /pki/crl Delete a CRL
GET /pki/ocsp/cas Get list of CAs ocspListCAs
GET /pki/ocsp/ca/$id Get CA details ocspReadAddCAPage
PUT /pki/ocsp/ca/$id Add or modify a CA ocspAddCA
DEL /pki/ocsp/ca/$id Delete a CA ocspRemoveCA
GET /pki/keys Get list of keys kraSrchKey; kraKRASrchKey; kraKRASrchKeyForRecovery; kraSrchRecoverKey
GET /pki/key/$id Get key kraKRAGetPk12; kraKRAGetAsyncPk12
GET /pki/key/$id/details Get key details kraKRADisplayBySerialForRecovery; kraKRADisplayBySerial
PUT /pki/key/$id Add a key
GET /pki/keyrequests Get list of key requests kraListRequests; krakraqueryReq
GET /pki/keyrequest/$id Get key request details kraKRAGetApprovalStatus; kraKRAExamineRecovery;
POST-a /pki/keyrequest Add a key request kraKRARecoverBySerial;
PUT /pki/keyrequest/$id/status Modify a key request status (approve async recovery) kraKRAGrantRecovery; kraKRAGrantAsyncRecovery; kraKRAProcessReq; kraGrantRecovery;
GET /pki/keyrequest/$id/status Get key request status
DEL /pki/keyrequest/$id Delete a key request None
GET /pki/users Get list of users caug kraug ocspug tksug
GET /pki/user/$id Get user details caug kraug ocspug tksug
PUT /pki/user/$id Add or modify a user caug; caRegisterUser; caRegisterRaUser; caAdminEnroll kraRegisterUser; kraug ocspug tksug; tksRegisterUser
DEL /pki/user/$id Delete a user caug kraug ocspug tksug
GET /pki/X/status Get subsystem status caGetStatus
GET /pki/X/stats Get subsystem stats caStats
GET /pki/X/monitor Get subsystem monitor stats caMonitor
GET /pki/X/logs Get list of logs for subsystem calog kralog ocsplog tkslog
GET /pki/X/log/$id Get log contents calog kralog ocsplog tkslog
GET /pki/config/X/acls Get list of acls caacl kraacl ocspacl tksacl
GET /pki/config/X/acl/$id Get acl details caacl kraacl ocspacl tksacl
PUT /pki/config/X/acl/$id Add or modify an acl caacl kraacl ocspacl tksacl
DEL /pki/config/X/acl/$id Delete an acl caacl kraacl ocspacl tksacl
GET /pki/config/X/logs Get list of logs calog kralog ocsplog tkslog
GET /pki/config/X/log/$id Get log details calog kralog ocsplog tkslog
PUT /pki/config/X/log/$id Add or modify a log configuration calog kralog ocsplog tkslog
DEL /pki/config/X/log/$id Delete an log configuration calog kralog ocsplog tkslog
GET /pki/config/ca/systems Get list of systems from security domain caGetDomainXML
GET /pki/config/ca/system/$id Get system details from sec domain None as yet
PUT /pki/config/ca/system/$id Add or modify a system in security domain caUpdateDomainXML
DEL /pki/config/ca/system/$id Delete an system from security domain caUpdateDomainXML
GET /pki/config/ca/publishers Get list of publishers capublisher
GET /pki/config/ca/publisher/$id Get publisher details capublisher
PUT /pki/config/ca/publisher/$id Add or modify a publisher capublisher
DEL /pki/config/ca/publisher/$id Delete a publisher capublisher
GET /pki/config/X/jobs Get list of jobs cajobsScheduler krajobsScheduler ocspjobsScheduler tksjobsScheduler
GET /pki/config/X/job/$id Get job details cajobsScheduler krajobsScheduler ocspjobsScheduler tksjobsScheduler
PUT /pki/config/X/job/$id Add an job cajobsScheduler krajobsScheduler ocspjobsScheduler tksjobsScheduler
DEL /pki/config/X/job/$id Delete an job cajobsScheduler krajobsScheduler ocspjobsScheduler tksjobsScheduler
GET /pki/config/X/auths Get list of authentication plugins caauths kraauths ocspauths tksauths
GET /pki/config/X/auth/$id Get authentication plugin details caauths kraauths ocspauths tksauths
PUT /pki/config/X/auth/$id Add or modify an authentication plugin caauths kraauths ocspauths tksauths
DEL /pki/config/X/auth/$id Delete an authentication plugin caauths kraauths ocspauths tksauths
GET /pki/config/X/certs Get list of system_certs caserver kraserver ocspserver tksserver
GET /pki/config/X/cert/$id Get system_cert caGetSubsystemCert kraGetTransportCert
GET /pki/config/X/cert/Y/details Get system_cert details caserver kraKRADisplayTransport; kraserver ocspserver tksserver
PUT /pki/config/X/cert/$id Add an system_cert caserver kraserver ocspserver tksserver; tksImportTransportCert
DEL /pki/config/X/cert/$id Delete an system_cert caserver kraserver ocspserver tksserver
GET /pki/config/X/serialnos/$id Get serial number range None as yet None as yet
PUT /pki/config/X/serialnos/$id Update serial number range caUpdateNumberRange kraUpdateNumberRange
GET /pki/config/X/connector/$id Get connector config kraConnector
PUT /pki/config/X/connector/$id Add or modify connector config caUpdateConnector
GET /pki/config/X/ocsp Get ocsp config caGetOCSPInfo ocspGetOCSPInfo
PUT /pki/config/X/ocsp Modify ocsp config caUpdateOCSPConfig
GET /pki/config/X/cloning Get cloning config caGetConfigEntries kraGetConfigEntries ocspGetConfigEntries tksGetConfigEntries
GET /pki/config/X/tokeninfo Get token info (for cloning) caGetTokenInfo kraGetTokenInfo ocspGetTokenInfo tksGetTokenInfo