Dogtag Future Directions

From Dogtag
Revision as of 20:53, 17 October 2011 by Admiyo (talk | contribs)

Jump to: navigation, search

Interfaces

  • Here is a proposed new RESTful design for a programmatic interface to dogtag
"Objects" "Operation" "REST Path" "Description" "Mapped Servlets (CA)" "Mapped Servlets (KRA)" "Mapped Servlets(OCSP)" "Mapped Servlets (TKS)"
"Top Level" "GET" "/pki" "top level" "services, caindex" "kraindex, services" "service, ocspindex" "services"
"Certificates" "GET" "/pki/certificates" "Get list of certificates" "caSrchCerts-agent, caListCerts-agent,caSrchCert, caSrchRevokeCert, caSrchCerts, caListCerts"
"/pki/certifcate/X/details" "Get certifcate details" "caDisplayCertFromRequest-agent, caDisplayBySerial-agent, caDisplayCertFromRequest, caDisplayBySerial"
"GET" "/pki/certificate/ocsp" "Get OCSP response" "caOCSP",,"ocspCheckCert, ocspReadCheckCertPage" - "GET" "/pki/certificate" "Get certifcate" "caGetAdminCertBySerial, caGetCertChain, caGetCertChainAdmin, caGetCertFromRequest-agent,caGetBySerial-agent, caQueryBySerial, caGetBySerial, caGetAdminBySerial, caGetCAChain, caGetCertFromRequest",,,
"PUT" "/pki/certificate" "Add a certificate" "None",,,
,"POST" "/pki/certificate" "Modify a certificate - modify status" "caDoUnrevoke, caDoRevoke-agent, caDoRevoke1, caDoRevoke1, caCMCRevReq, caDoUnrevoke1, caRevocation, caDoRevoke, caProxyDoRevoke",,,
"DEL" "/pki/certificate" "Delete a certificate" "None",,,
"Cert Requests" "GET" "/pki/requests" "Get list of requests" "caListRequests, caSearchReqs",,,
"GET" "/pki/request" "Get request details" "caqueryReq, caCheckRequest",,,
"PUT" "/pki/request" "Add a request" "caProfileSubmit, caenrollment,cacertbasedenrollment, caProfileSubmitCMCSimple, profileSubmitCMCFull, caProfileSubmitSSLClient, caProxyProfileSubmit, cabulkissuance, caProxyBulkIssuance, caRenewal, caSCEP, caRASCEP",,,
"POST" "/pki/request" "Modify a request - including state" "caProfileProcess, caProcessCertReq, caProcessReq",,,
"DEL" "/pki/request" "Delete a request" "None",,,
"Cert profiles" "GET" "/pki/profiles" "Get list of profiles" "caProfileList-agent, caProfileList",,,
"GET" "/pki/profile" "Get profile details" "caProfileReview, caProfileSelect-agent, caProfileSelect, caSCEP, caRASCEP",,,
"PUT" "/pki/profile" "Add a profile" "caprofile",,,
"POST" "/pki/profile" "Modify a profile" "caprofile, caProfileApprove",,,
"DEL" "/pki/profile" "Delete a profile" "caprofile",,,
"Cert CRLs" "GET" "/pki/crls" "Get list of CRLs" "None",,,
"GET" "/pki/crl/details" "Get CRL details" "camasterCADisplayCRL",,"ocspReadAddCRLPage",
"GET" "/pki/crl" "Get CRL" "caGetCRL",,,
"PUT" "/pki/crl" "Add a CRL",,,"ocspAddCRL",
"POST" "/pki/crl" "Modify a CRL" "camasterCAUpdateCRL",,, - "DEL" "/pki/crl" "Delete a CRL",,,,
"CAs (for OCSP)" "GET" "/pki/ocsp/cas" "Get list of CAs" " ",,"ocspListCAs", - "GET" "/pki/ocsp/ca" "Get CA details" " ",,"ocspReadAddCAPage", - "PUT" "/pki/ocsp/ca" "Add a CA",,,"ocspAddCA", - "POST" "/pki/ocsp/ca" "Modify a CA" " ",,"None", - "DEL" "/pki/ocsp/ca" "Delete a CA",,,"ocspRemoveCA",
"keys" "GET" "/pki/keys" "Get list of keys",,"kraSrchKey, kraKRASrchKey, kraKRASrchKeyForRecovery, kraSrchRecoverKey",, - "GET" "/pki/key" "Get key",,"kraKRAGetPk12, kraKRAGetAsyncPk12",, - "GET" "/pki/key" "Get key details",,"kraKRADisplayBySerialForRecovery, kraKRADisplayBySerial",, - "PUT" "/pki/key" "Add a key",,,, - "POST" "/pki/key" "Modify a key",,,, - "DEL" "/pki/key" "Delete a key",,"None",,
"key requests (archival, recovery)" "GET" "/pki/keyrequests" "Get list of key requests",,"kraListRequests, krakraqueryReq",, - "GET" "/pki/keyrequest" "Get key request details",,"kraKRAGetApprovalStatus, kraKRAExamineRecovery, ",, - "PUT" "/pki/keyrequest" "Add a key request",,"kraKRARecoverBySerial, ",, - "POST" "/pki/keyrequest" "Modify a key request",,"kraKRAGrantRecovery, kraKRAGrantAsyncRecovery, kraKRAProcessReq, kraGrantRecovery, ",, - "DEL" "/pki/keyrequest" "Delete a key request",,"None",,
"users" "GET" "/pki/users" "Get list of users" "caug" "kraug" "ocspug" "tksug" - "GET" "/pki/user" "Get user details" "caug" "kraug" "ocspug" "tksug" - "PUT" "/pki/user" "Add a user" "caug, caRegisterUser, caRegisterRaUser, caAdminEnroll" "kraRegisterUser, kraug" "ocspug" "tksug, tksRegisterUser" - "POST" "/pki/user" "Modify a user" "caug" "kraug" "ocspug" "tksug" - "DEL" "/pki/user" "Delete a user" "caug" "kraug" "ocspug" "tksug"
"System" "GET" "/pki/X/status" "Get subsystem status" "caGetStatus",,, - "GET" "/pki/X/stats" "Get subsystem stats" "caStats",,, - "GET" "/pki/X/monitor" "Get subsystem monitor stats" "caMonitor",,, - "GET" "/pki/X/logs" "Get list of logs for subsystem" "calog" "kralog" "ocsplog" "tkslog" - "GET" "/pki/X/log" "Get log contents" "calog" "kralog" "ocsplog" "tkslog"
"Config" - "GET" "/pki/config/X/acls" "Get list of acls" "caacl" "kraacl" "ocspacl" "tksacl" - "GET" "/pki/config/X/acl" "Get acl details" "caacl" "kraacl" "ocspacl" "tksacl" - "PUT" "/pki/config/X/acl" "Add an acl" "caacl" "kraacl" "ocspacl" "tksacl" - "POST" "/pki/config/X/acl" "Modify an acl" "caacl" "kraacl" "ocspacl" "tksacl" - "DEL" "/pki/config/X/acl" "Delete an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"GET" "/pki/config/X/logs" "Get list of logs" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/config/X/log" "Get log details" "calog" "kralog" "ocsplog" "tkslog"
"PUT" "/pki/config/X/log" "Add an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"POST" "/pki/config/X/log" "Modify an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"DEL" "/pki/config/X/log" "Delete an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/config/ca/systems" "Get list of systems from security domain" "caGetDomainXML",,,
"GET" "/pki/config/ca/system" "Get system details from sec domain" "None as yet",,,
"PUT" "/pki/config/ca/system" "Add a system to security domain" "caUpdateDomainXML",,,
"POST" "/pki/config/ca/system" "Modify a system entry in sec domain" "caUpdateDomainXML",,,
"DEL" "/pki/config/ca/system" "Delete an system from security domain" "caUpdateDomainXML",,,
"GET" "/pki/config/ca/publishers" "Get list of publishers" "capublisher",,,
"GET" "/pki/config/ca/publisher" "Get publisher details" "capublisher",,,
"PUT" "/pki/config/ca/publisher" "Add an publisher" "capublisher",,,
"POST" "/pki/config/ca/publisher" "Modify an publisher" "capublisher",,,
"DEL" "/pki/config/ca/publisher" "Delete a publisher" "capublisher",,, ,,,," ",,,
"GET" "/pki/config/X/jobs" "Get list of jobs" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"GET" "/pki/config/X/job" "Get job details" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"PUT" "/pki/config/X/job" "Add an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"POST" "/pki/config/X/job" "Modify an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"DEL" "/pki/config/X/job" "Delete an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"GET" "/pki/config/X/auths" "Get list of authentication plugins" "caauths" "kraauths" "ocspauths" "tksauths"
"GET" "/pki/config/X/auth" "Get authentication plugin details" "caauths" "kraauths" "ocspauths" "tksauths"
"PUT" "/pki/config/X/auth" "Add an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"POST" "/pki/config/X/auth" "Modify an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"DEL" "/pki/config/X/auth" "Delete an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"GET" "/pki/config/X/certs" "Get list of system_certs" "caserver" "kraserver" "ocspserver" "tksserver"
"GET" "/pki/config/X/cert" "Get system_cert " "caGetSubsystemCert" "kraGetTransportCert",,
"GET" "/pki/config/X/cert/Y/details" "Get system_cert details" "caserver" "kraKRADisplayTransport, kraserver" "ocspserver" "tksserver"
"PUT" "/pki/config/X/cert" "Add an system_cert" "caserver" "kraserver" "ocspserver" "tksserver, tksImportTransportCert"
"POST" "/pki/config/X/cert" "Modify an system_cert" "caserver" "kraserver" "ocspserver" "tksserver"
"DEL" "/pki/config/X/cert" "Delete an system_cert" "caserver" "kraserver" "ocspserver" "tksserver" ," " " " " ",,,,
"GET" "/pki/config/X/serialnos" "Get serial number range" "None as yet" "None as yet",,
"POST" "/pki/config/X/serialnos" "Modify serial number range" "caUpdateNumberRange" "kraUpdateNumberRange",,
"GET" "/pki/config/X/connector" "Get connector config",,"kraConnector",,
"POST" "/pki/config/X/connector" "Modify connector config" "caUpdateConnector",,,
"GET" "/pki/config/X/ocsp" "Get ocsp config " "caGetOCSPInfo",,"ocspGetOCSPInfo",
"POST" "/pki/config/X/ocsp" "Modify ocsp config" "caUpdateOCSPConfig",,,
"GET" "/pki/config/X/cloning" "Get cloning config" "caGetConfigEntries" "kraGetConfigEntries" "ocspGetConfigEntries" "tksGetConfigEntries"
"GET" "/pki/config/X/tokeninfo" "Get token info (for cloning)" "caGetTokenInfo" "kraGetTokenInfo" "ocspGetTokenInfo" "tksGetTokenInfo"

Notes: 1. There is still misc admin that has not yet been characterized. This is in in caca, caregistry, krakra, ocspocsp, tkstkservlets -which map to the admin servlet. 2. Wizard and installation servlets are not covered (for the most part). 3. I have not included token/ token key operations (which is why the main TKS operations are not there yet) 4. We need to figure out how to handle client-auth vs. non-clientauth - which maps to ee/agent/admin. Currently we do this by filtering urls. 5. This is just a first cut - and hopefully a useful starting point for discussions