Difference between revisions of "REST"

From Dogtag
Jump to: navigation, search
 
m
 
(61 intermediate revisions by 4 users not shown)
Line 1: Line 1:
* Here is a proposed new RESTful design for a programmatic interface to dogtag
+
= Frameworks =
{| border="1"
 
! scope="col"|"Objects"
 
! scope="col"| "Operation"
 
! scope="col"| "REST Path"
 
! scope="col"| "Description"
 
! scope="col"| "Mapped Servlets (CA)"
 
! scope="col"| "Mapped Servlets (KRA)"
 
! scope="col"| "Mapped Servlets(OCSP)"
 
! scope="col"| "Mapped Servlets (TKS)"
 
|-
 
|-
 
| Objects
 
| Operation
 
| REST Path
 
| Description
 
| Mapped Servlets (CA)
 
| Mapped Servlets (KRA)
 
| Mapped Servlets(OCSP)
 
| Mapped Servlets (TKS)
 
  
|-
+
* [[RESTEasy]]
|
+
* [[Jersey]]
|
+
* [[CXF]]
|
 
|
 
|
 
|
 
|
 
  
|-Top Level
+
= PKI REST API =
| GET
 
| /pki
 
| top level
 
| services; caindex
 
| kraindex; services
 
| service; ocspindex
 
| services
 
  
|-
+
See [https://github.com/dogtagpki/pki/wiki/PKI-REST-API-Design PKI REST API Design].
|
 
|
 
|
 
|
 
|
 
|
 
|
 
  
|-Controller Objects
+
= References =
| GET
 
| /pki/token/sessionKey
 
|
 
|
 
|
 
|
 
 
  
|-
+
* [https://www.gajotres.net/best-available-java-restful-micro-frameworks/ Top 8 Java RESTful Micro Frameworks – Pros/Cons]
| GET
+
* [https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html RFC 2616: Header Field Definitions]
| /pki/token/diversifiedKey
+
* [[Java EE]]
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/token/encryptedData
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/token/randomData
 
|
 
|
 
|
 
|
 
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-Certificates
 
| GET
 
| /pki/certificates
 
| Get list of certificates
 
| caSrchCerts-agent; caListCerts-agent;caSrchCert; caSrchRevokeCert; caSrchCerts; caListCerts
 
|
 
|
 
|
 
 
 
|-
 
|
 
| /pki/certifcate/$id/details
 
| Get certifcate details
 
| caDisplayCertFromRequest-agent; caDisplayBySerial-agent; caDisplayCertFromRequest; caDisplayBySerial
 
|
 
|
 
|
 
 
 
|-
 
| POST-b
 
| /pki/certificate/ocsp
 
| Get OCSP response
 
| caOCSP
 
|
 
| ocspCheckCert; ocspReadCheckCertPage
 
|
 
 
 
|-
 
| GET
 
| /pki/certificate/$id
 
| Get certifcate
 
| caGetAdminCertBySerial; caGetCertChain; caGetCertChainAdmin; caGetCertFromRequest-agent;caGetBySerial-agent; caQueryBySerial; caGetBySerial; caGetAdminBySerial; caGetCAChain; caGetCertFromRequest
 
|
 
|
 
|
 
 
 
|-Certificate Status
 
| PUT
 
| /pki/certificate/$id/status
 
| Modify certificate status - revoke; unrevoke
 
| caDoUnrevoke; caDoRevoke-agent; caDoRevoke1; caDoRevoke1; caCMCRevReq; caDoUnrevoke1; caRevocation; caDoRevoke; caProxyDoRevoke
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/certificate/$id/status
 
| Get certificate status
 
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-Cert Requests
 
| GET
 
| /pki/requests
 
| Get list of requests
 
| caListRequests; caSearchReqs
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/request/$id
 
| Get request details
 
| caqueryReq; caCheckRequest
 
|
 
|
 
|
 
 
 
|-
 
| POST-a
 
| /pki/request
 
| Add a request
 
| caProfileSubmit; caenrollment;cacertbasedenrollment; caProfileSubmitCMCSimple; profileSubmitCMCFull; caProfileSubmitSSLClient; caProxyProfileSubmit; cabulkissuance; caProxyBulkIssuance; caRenewal; caSCEP; caRASCEP
 
|
 
|
 
|
 
 
 
|-
 
| PUT
 
| /pki/request/$id
 
| Modify a request - if a request is not approved an agent can modify it before approving.
 
| caProfileProcess; caProcessCertReq; caProcessReq
 
|
 
|
 
|
 
 
 
|-Cert Request Status
 
| PUT
 
| /pki/request/$id/status
 
| Modify request status - approve; deny etc;
 
| caProfileProcess; caProcessCertReq; caProcessReq
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/request/$id/status
 
| Get request status
 
| caCheckRequest
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-Cert profiles
 
| GET
 
| /pki/profiles
 
| Get list of profiles
 
| caProfileList-agent; caProfileList
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/profile/$id
 
| Get profile details
 
| caProfileReview; caProfileSelect-agent; caProfileSelect; caSCEP; caRASCEP
 
|
 
|
 
|
 
 
 
|-
 
| PUT
 
| /pki/profile/$id
 
| Add or modify profile
 
| caprofile; caProfileApprove
 
|
 
|
 
|
 
 
 
|-
 
| DEL
 
| /pki/profile/$id
 
| Delete a profile
 
| caprofile
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-Cert CRLs
 
| GET
 
| /pki/crls
 
| Get list of CRLs
 
| None
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/crl/details
 
| Get CRL details
 
| camasterCADisplayCRL
 
|
 
| ocspReadAddCRLPage
 
|
 
 
 
|-
 
| GET
 
| /pki/crl
 
| Get CRL
 
| caGetCRL
 
|
 
|
 
|
 
 
 
|-
 
| PUT
 
| /pki/crl
 
| Add a CRL
 
|
 
|
 
| ocspAddCRL
 
|
 
 
 
|-
 
| POST-b
 
| /pki/crl
 
| Modify a CRL
 
| camasterCAUpdateCRL
 
|
 
|
 
|
 
 
 
|-
 
| DEL
 
| /pki/crl
 
| Delete a CRL
 
|
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-CAs (for OCSP)
 
| GET
 
| /pki/ocsp/cas
 
| Get list of CAs
 
 
|
 
| ocspListCAs
 
|
 
 
 
|-
 
| GET
 
| /pki/ocsp/ca/$id
 
| Get CA details
 
 
|
 
| ocspReadAddCAPage
 
|
 
 
 
|-
 
| PUT
 
| /pki/ocsp/ca/$id
 
| Add or modify a CA
 
|
 
|
 
| ocspAddCA
 
|
 
 
 
|-
 
| DEL
 
| /pki/ocsp/ca/$id
 
| Delete a CA
 
|
 
|
 
| ocspRemoveCA
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-keys
 
| GET
 
| /pki/keys
 
| Get list of keys
 
|
 
| kraSrchKey; kraKRASrchKey; kraKRASrchKeyForRecovery; kraSrchRecoverKey
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/key/$id
 
| Get key
 
|
 
| kraKRAGetPk12; kraKRAGetAsyncPk12
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/key/$id/details
 
| Get key details
 
|
 
| kraKRADisplayBySerialForRecovery; kraKRADisplayBySerial
 
|
 
|
 
 
 
|-
 
| PUT
 
| /pki/key/$id
 
| Add a key
 
|
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-key requests (archival; recovery)
 
| GET
 
| /pki/keyrequests
 
| Get list of key requests
 
|
 
| kraListRequests; krakraqueryReq
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/keyrequest/$id
 
| Get key request details
 
|
 
| kraKRAGetApprovalStatus; kraKRAExamineRecovery;
 
|
 
|
 
 
 
|-
 
| POST-a
 
| /pki/keyrequest
 
| Add a key request
 
|
 
| kraKRARecoverBySerial; 
 
|
 
|
 
 
 
|-Key request Status
 
| PUT
 
| /pki/keyrequest/$id/status
 
| Modify a key request status (approve async recovery)
 
|
 
| kraKRAGrantRecovery; kraKRAGrantAsyncRecovery; kraKRAProcessReq; kraGrantRecovery;
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/keyrequest/$id/status
 
| Get key request status
 
|
 
|
 
|
 
|
 
 
 
|-
 
| DEL
 
| /pki/keyrequest/$id
 
| Delete a key request
 
|
 
| None
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-users
 
| GET
 
| /pki/users
 
| Get list of users
 
| caug
 
| kraug
 
| ocspug
 
| tksug
 
 
 
|-
 
| GET
 
| /pki/user/$id
 
| Get user details
 
| caug
 
| kraug
 
| ocspug
 
| tksug
 
 
 
|-
 
| PUT
 
| /pki/user/$id
 
| Add or modify a user
 
| caug; caRegisterUser; caRegisterRaUser; caAdminEnroll
 
| kraRegisterUser; kraug
 
| ocspug
 
| tksug; tksRegisterUser
 
 
 
|-
 
| DEL
 
| /pki/user/$id
 
| Delete a user
 
| caug
 
| kraug
 
| ocspug
 
| tksug
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-System
 
| GET
 
| /pki/X/status
 
| Get subsystem status
 
| caGetStatus
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/X/stats
 
| Get subsystem stats
 
| caStats
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/X/monitor
 
| Get subsystem monitor stats
 
| caMonitor
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/X/logs
 
| Get list of logs for subsystem
 
| calog
 
| kralog
 
| ocsplog
 
| tkslog
 
 
 
|-
 
| GET
 
| /pki/X/log/$id
 
| Get log contents
 
| calog
 
| kralog
 
| ocsplog
 
| tkslog
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-Config
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/acls
 
| Get list of acls
 
| caacl
 
| kraacl
 
| ocspacl
 
| tksacl
 
 
 
|-
 
| GET
 
| /pki/config/X/acl/$id
 
| Get acl details
 
| caacl
 
| kraacl
 
| ocspacl
 
| tksacl
 
 
 
|-
 
| PUT
 
| /pki/config/X/acl/$id
 
| Add or modify an acl
 
| caacl
 
| kraacl
 
| ocspacl
 
| tksacl
 
 
 
|-
 
| DEL
 
| /pki/config/X/acl/$id
 
| Delete an acl
 
| caacl
 
| kraacl
 
| ocspacl
 
| tksacl
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/logs
 
| Get list of logs
 
| calog
 
| kralog
 
| ocsplog
 
| tkslog
 
 
 
|-
 
| GET
 
| /pki/config/X/log/$id
 
| Get log details
 
| calog
 
| kralog
 
| ocsplog
 
| tkslog
 
 
 
|-
 
| PUT
 
| /pki/config/X/log/$id
 
| Add or modify a log configuration
 
| calog
 
| kralog
 
| ocsplog
 
| tkslog
 
 
 
|-
 
| DEL
 
| /pki/config/X/log/$id
 
| Delete an log configuration
 
| calog
 
| kralog
 
| ocsplog
 
| tkslog
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/ca/systems
 
| Get list of systems from security domain
 
| caGetDomainXML
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/ca/system/$id
 
| Get system details from sec domain
 
| None as yet
 
|
 
|
 
|
 
 
 
|-
 
| PUT
 
| /pki/config/ca/system/$id
 
| Add or modify a system in security domain
 
| caUpdateDomainXML
 
|
 
|
 
|
 
 
 
|-
 
| DEL
 
| /pki/config/ca/system/$id
 
| Delete an system from security domain
 
| caUpdateDomainXML
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/ca/publishers
 
| Get list of publishers
 
| capublisher
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/ca/publisher/$id
 
| Get publisher details
 
| capublisher
 
|
 
|
 
|
 
 
 
|-
 
| PUT
 
| /pki/config/ca/publisher/$id
 
| Add or modify a publisher
 
| capublisher
 
|
 
|
 
|
 
 
 
|-
 
| DEL
 
| /pki/config/ca/publisher/$id
 
| Delete a publisher
 
| capublisher
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/jobs
 
| Get list of jobs
 
| cajobsScheduler
 
| krajobsScheduler
 
| ocspjobsScheduler
 
| tksjobsScheduler
 
 
 
|-
 
| GET
 
| /pki/config/X/job/$id
 
| Get job details
 
| cajobsScheduler
 
| krajobsScheduler
 
| ocspjobsScheduler
 
| tksjobsScheduler
 
 
 
|-
 
| PUT
 
| /pki/config/X/job/$id
 
| Add an job
 
| cajobsScheduler
 
| krajobsScheduler
 
| ocspjobsScheduler
 
| tksjobsScheduler
 
 
 
|-
 
| DEL
 
| /pki/config/X/job/$id
 
| Delete an job
 
| cajobsScheduler
 
| krajobsScheduler
 
| ocspjobsScheduler
 
| tksjobsScheduler
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/auths
 
| Get list of authentication plugins
 
| caauths
 
| kraauths
 
| ocspauths
 
| tksauths
 
 
 
|-
 
| GET
 
| /pki/config/X/auth/$id
 
| Get authentication plugin details
 
| caauths
 
| kraauths
 
| ocspauths
 
| tksauths
 
 
 
|-
 
| PUT
 
| /pki/config/X/auth/$id
 
| Add or modify an authentication plugin
 
| caauths
 
| kraauths
 
| ocspauths
 
| tksauths
 
 
 
|-
 
| DEL
 
| /pki/config/X/auth/$id
 
| Delete an authentication plugin
 
| caauths
 
| kraauths
 
| ocspauths
 
| tksauths
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/certs
 
| Get list of system_certs
 
| caserver
 
| kraserver
 
| ocspserver
 
| tksserver
 
 
 
|-
 
| GET
 
| /pki/config/X/cert/$id
 
| Get system_cert
 
| caGetSubsystemCert
 
| kraGetTransportCert
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/cert/Y/details
 
| Get system_cert details
 
| caserver
 
| kraKRADisplayTransport; kraserver
 
| ocspserver
 
| tksserver
 
 
 
|-
 
| PUT
 
| /pki/config/X/cert/$id
 
| Add an system_cert
 
| caserver
 
| kraserver
 
| ocspserver
 
| tksserver; tksImportTransportCert
 
 
 
|-
 
| DEL
 
| /pki/config/X/cert/$id
 
| Delete an system_cert
 
| caserver
 
| kraserver
 
| ocspserver
 
| tksserver
 
 
 
|-
 
 
 
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/serialnos/$id
 
| Get serial number range
 
| None as yet
 
| None as yet
 
|
 
|
 
 
 
|-
 
| PUT
 
| /pki/config/X/serialnos/$id
 
| Update serial number range
 
| caUpdateNumberRange
 
| kraUpdateNumberRange
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/connector/$id
 
| Get connector config
 
|
 
| kraConnector
 
|
 
|
 
 
 
|-
 
| PUT
 
| /pki/config/X/connector/$id
 
| Add or modify connector config
 
| caUpdateConnector
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/ocsp
 
| Get ocsp config
 
| caGetOCSPInfo
 
|
 
| ocspGetOCSPInfo
 
|
 
 
 
|-
 
| PUT
 
| /pki/config/X/ocsp
 
| Modify ocsp config
 
| caUpdateOCSPConfig
 
|
 
|
 
|
 
 
 
|-
 
|
 
|
 
|
 
|
 
|
 
|
 
|
 
 
 
|-
 
| GET
 
| /pki/config/X/cloning
 
| Get cloning config
 
| caGetConfigEntries
 
| kraGetConfigEntries
 
| ocspGetConfigEntries
 
| tksGetConfigEntries
 
 
 
|-
 
| GET
 
| /pki/config/X/tokeninfo
 
| Get token info (for cloning)
 
| caGetTokenInfo
 
| kraGetTokenInfo
 
| ocspGetTokenInfo
 
| tksGetTokenInfo
 
 
 
|-
 
|}
 
 
 
Notes:
 
 
 
# There is still misc admin that has not yet been characterized. This is in in caca; caregistry; krakra; ocspocsp; tkstks servlets -which map to the admin servlet.
 
# Wizard and installation servlets are not covered (for the most part).
 
# I have not included token/ token key operations (which is why the main TKS operations are not there yet)
 
# We need to figure out how to handle client-auth vs. non-clientauth - which maps to ee/agent/admin.  Currently we do this by filtering urls.
 
# This is just a first cut - and hopefully a useful starting point for discussions
 
# We need to revisit POST-b in CRLs
 

Latest revision as of 21:14, 21 January 2021

Frameworks

PKI REST API

See PKI REST API Design.

References