Dogtag Future Directions

From Dogtag
Revision as of 00:04, 18 October 2011 by Admiyo (talk | contribs)

Jump to: navigation, search

Interfaces

  • Here is a proposed new RESTful design for a programmatic interface to dogtag
"Objects" "Operation" "REST Path" "Description" "Mapped Servlets (CA)" "Mapped Servlets (KRA)" "Mapped Servlets(OCSP)" "Mapped Servlets (TKS)"
"Top Level" "GET" "/pki" "top level" "services, caindex" "kraindex, services" "service, ocspindex" "services"
"Certificates" "GET" "/pki/certificates" "Get list of certificates" "caSrchCerts-agent, caListCerts-agent,caSrchCert, caSrchRevokeCert, caSrchCerts, caListCerts" "/pki/certifcate/X/details" "Get certifcate details" "caDisplayCertFromRequest-agent, caDisplayBySerial-agent, caDisplayCertFromRequest, caDisplayBySerial"
"GET" "/pki/certificate/ocsp" "Get OCSP response" "caOCSP",,"ocspCheckCert, ocspReadCheckCertPage"
"GET" "/pki/certificate" "Get certifcate" "caGetAdminCertBySerial, caGetCertChain, caGetCertChainAdmin, caGetCertFromRequest-agent,caGetBySerial-agent, caQueryBySerial, caGetBySerial, caGetAdminBySerial, caGetCAChain, caGetCertFromRequest",,,
"PUT" "/pki/certificate" "Add a certificate" "None",,,
,"POST" "/pki/certificate" "Modify a certificate - modify status" "caDoUnrevoke, caDoRevoke-agent, caDoRevoke1, caDoRevoke1, caCMCRevReq, caDoUnrevoke1, caRevocation, caDoRevoke, caProxyDoRevoke",,,
"DEL" "/pki/certificate" "Delete a certificate" "None",,,
"Cert Requests" "GET" "/pki/requests" "Get list of requests" "caListRequests, caSearchReqs",,,
"GET" "/pki/request" "Get request details" "caqueryReq, caCheckRequest",,,
"PUT" "/pki/request" "Add a request" "caProfileSubmit, caenrollment,cacertbasedenrollment, caProfileSubmitCMCSimple, profileSubmitCMCFull, caProfileSubmitSSLClient, caProxyProfileSubmit, cabulkissuance, caProxyBulkIssuance, caRenewal, caSCEP, caRASCEP",,,
"POST" "/pki/request" "Modify a request - including state" "caProfileProcess, caProcessCertReq, caProcessReq"
"DEL" "/pki/request" "Delete a request" "None",,,
"Cert profiles" "GET" "/pki/profiles" "Get list of profiles" "caProfileList-agent, caProfileList"
"GET" "/pki/profile" "Get profile details" "caProfileReview, caProfileSelect-agent, caProfileSelect, caSCEP, caRASCEP"
"PUT" "/pki/profile" "Add a profile" "caprofile",,,
"POST" "/pki/profile" "Modify a profile" "caprofile, caProfileApprove",,,
"DEL" "/pki/profile" "Delete a profile" "caprofile",,,
"Cert CRLs" "GET" "/pki/crls" "Get list of CRLs" "None",,,
"GET" "/pki/crl/details" "Get CRL details" "camasterCADisplayCRL" "ocspReadAddCRLPage"
"GET" "/pki/crl" "Get CRL" "caGetCRL",,,
"PUT" "/pki/crl" "Add a CRL", "ocspAddCRL",
"POST" "/pki/crl" "Modify a CRL" "camasterCAUpdateCRL"
"DEL" "/pki/crl" "Delete a CRL"
"CAs (for OCSP)" "GET" "/pki/ocsp/cas" "Get list of CAs" " " "ocspListCAs",
"GET" "/pki/ocsp/ca" "Get CA details" " " "ocspReadAddCAPage",
"PUT" "/pki/ocsp/ca" "Add a CA" "ocspAddCA",
"POST" "/pki/ocsp/ca" "Modify a CA" " " "None"
"DEL" "/pki/ocsp/ca" "Delete a CA" "ocspRemoveCA"
"keys" "GET" "/pki/keys" "Get list of keys" "kraSrchKey, kraKRASrchKey, kraKRASrchKeyForRecovery, kraSrchRecoverKey"
"GET" "/pki/key" "Get key",,"kraKRAGetPk12, kraKRAGetAsyncPk12"
"GET" "/pki/key" "Get key details" "kraKRADisplayBySerialForRecovery, kraKRADisplayBySerial",,
"PUT" "/pki/key" "Add a key"
"POST" "/pki/key" "Modify a key"
"DEL" "/pki/key" "Delete a key", "None"
"key requests (archival, recovery)" "GET" "/pki/keyrequests" "Get list of key requests" "kraListRequests, krakraqueryReq"
"GET" "/pki/keyrequest" "Get key request details" "kraKRAGetApprovalStatus, kraKRAExamineRecovery, "
"PUT" "/pki/keyrequest" "Add a key request" "kraKRARecoverBySerial, "
"POST" "/pki/keyrequest" "Modify a key request" "kraKRAGrantRecovery, kraKRAGrantAsyncRecovery, kraKRAProcessReq, kraGrantRecovery, "
"DEL" "/pki/keyrequest" "Delete a key request" "None"
"users" "GET" "/pki/users" "Get list of users" "caug" "kraug" "ocspug" "tksug"
"GET" "/pki/user" "Get user details" "caug" "kraug" "ocspug" "tksug"
"PUT" "/pki/user" "Add a user" "caug, caRegisterUser, caRegisterRaUser, caAdminEnroll" "kraRegisterUser, kraug" "ocspug" "tksug, tksRegisterUser"
"POST" "/pki/user" "Modify a user" "caug" "kraug" "ocspug" "tksug"
"DEL" "/pki/user" "Delete a user" "caug" "kraug" "ocspug" "tksug"
"System" "GET" "/pki/X/status" "Get subsystem status" "caGetStatus"
"GET" "/pki/X/stats" "Get subsystem stats" "caStats"
"GET" "/pki/X/monitor" "Get subsystem monitor stats" "caMonitor"
"GET" "/pki/X/logs" "Get list of logs for subsystem" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/X/log" "Get log contents" "calog" "kralog" "ocsplog" "tkslog"
"Config" "GET" "/pki/config/X/acls" "Get list of acls" "caacl" "kraacl" "ocspacl" "tksacl"
"GET" "/pki/config/X/acl" "Get acl details" "caacl" "kraacl" "ocspacl" "tksacl"
"PUT" "/pki/config/X/acl" "Add an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"POST" "/pki/config/X/acl" "Modify an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"DEL" "/pki/config/X/acl" "Delete an acl" "caacl" "kraacl" "ocspacl" "tksacl"
"GET" "/pki/config/X/logs" "Get list of logs" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/config/X/log" "Get log details" "calog" "kralog" "ocsplog" "tkslog"
"PUT" "/pki/config/X/log" "Add an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"POST" "/pki/config/X/log" "Modify an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"DEL" "/pki/config/X/log" "Delete an log configuration" "calog" "kralog" "ocsplog" "tkslog"
"GET" "/pki/config/ca/systems" "Get list of systems from security domain" "caGetDomainXML"
"GET" "/pki/config/ca/system" "Get system details from sec domain" "None as yet"
"PUT" "/pki/config/ca/system" "Add a system to security domain" "caUpdateDomainXML"
"POST" "/pki/config/ca/system" "Modify a system entry in sec domain" "caUpdateDomainXML"
"DEL" "/pki/config/ca/system" "Delete an system from security domain" "caUpdateDomainXML"
"GET" "/pki/config/ca/publishers" "Get list of publishers" "capublisher"
"GET" "/pki/config/ca/publisher" "Get publisher details" "capublisher"
"PUT" "/pki/config/ca/publisher" "Add an publisher" "capublisher"
"POST" "/pki/config/ca/publisher" "Modify an publisher" "capublisher"
"DEL" "/pki/config/ca/publisher" "Delete a publisher" "capublisher"
"GET" "/pki/config/X/jobs" "Get list of jobs" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"GET" "/pki/config/X/job" "Get job details" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"PUT" "/pki/config/X/job" "Add an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"POST" "/pki/config/X/job" "Modify an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"DEL" "/pki/config/X/job" "Delete an job" "cajobsScheduler" "krajobsScheduler" "ocspjobsScheduler" "tksjobsScheduler"
"GET" "/pki/config/X/auths" "Get list of authentication plugins" "caauths" "kraauths" "ocspauths" "tksauths"
"GET" "/pki/config/X/auth" "Get authentication plugin details" "caauths" "kraauths" "ocspauths" "tksauths"
"PUT" "/pki/config/X/auth" "Add an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"POST" "/pki/config/X/auth" "Modify an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"DEL" "/pki/config/X/auth" "Delete an authentication plugin" "caauths" "kraauths" "ocspauths" "tksauths"
"GET" "/pki/config/X/certs" "Get list of system_certs" "caserver" "kraserver" "ocspserver" "tksserver"
"GET" "/pki/config/X/cert" "Get system_cert " "caGetSubsystemCert" "kraGetTransportCert"
"GET" "/pki/config/X/cert/Y/details" "Get system_cert details" "caserver" "kraKRADisplayTransport, kraserver" "ocspserver" "tksserver"
"PUT" "/pki/config/X/cert" "Add an system_cert" "caserver" "kraserver" "ocspserver" "tksserver, tksImportTransportCert"
"POST" "/pki/config/X/cert" "Modify an system_cert" "caserver" "kraserver" "ocspserver" "tksserver"
"DEL" "/pki/config/X/cert" "Delete an system_cert" "caserver" "kraserver" "ocspserver" "tksserver"
"GET" "/pki/config/X/serialnos" "Get serial number range" "None as yet" "None as yet"
"POST" "/pki/config/X/serialnos" "Modify serial number range" "caUpdateNumberRange" "kraUpdateNumberRange"
"GET" "/pki/config/X/connector" "Get connector config",,"kraConnector"
"POST" "/pki/config/X/connector" "Modify connector config" "caUpdateConnector"
"GET" "/pki/config/X/ocsp" "Get ocsp config " "caGetOCSPInfo",,"ocspGetOCSPInfo"
"POST" "/pki/config/X/ocsp" "Modify ocsp config" "caUpdateOCSPConfig"
"GET" "/pki/config/X/cloning" "Get cloning config" "caGetConfigEntries" "kraGetConfigEntries" "ocspGetConfigEntries" "tksGetConfigEntries"
"GET" "/pki/config/X/tokeninfo" "Get token info (for cloning)" "caGetTokenInfo" "kraGetTokenInfo" "ocspGetTokenInfo" "tksGetTokenInfo"

Notes: 1. There is still misc admin that has not yet been characterized. This is in in caca, caregistry, krakra, ocspocsp, tkstkservlets -which map to the admin servlet. 2. Wizard and installation servlets are not covered (for the most part). 3. I have not included token/ token key operations (which is why the main TKS operations are not there yet) 4. We need to figure out how to handle client-auth vs. non-clientauth - which maps to ee/agent/admin. Currently we do this by filtering urls. 5. This is just a first cut - and hopefully a useful starting point for discussions