P-SLAPOS.Certificate.Authority.Swagger.API.Specification-en-001.yml 5.54 KB
swagger: '2.0'
info:
  title: caucase
  description: Certificate Authority for Users, Certificate Authority for SErvices
  version: 0.2.0
  contact:
    name: Vincent Pelletier (Nexedi)
    url: 'http://www.nexedi.com'
    email: vincent@nexedi.com
basePath: /
schemes:
  - http
  - https
consumes:
  - application/json
produces:
  - application/json
  - application/pkix-cert
  - application/pkix-crl
  - application/pkcs10
  - application/x-x509-ca-cert
tags:
  - name: auth
    description: https client authentication required
paths:
  /csr:
    get:
      summary: List pending certificate signing requests
      operationId: getPendingCertificateRequestList
      tags:
        - auth
      produces:
        - application/json
      responses:
        '200':
          description: OK - CSR list returned
        '404':
          $ref: '#/responses/404'
    put:
      summary: Request a new certificate signature
      operationId: createCertificateSigningRequest
      consumes:
        - application/pkcs10
      parameters:
        - $ref: '#/parameters/csr'
      responses:
        '201':
          description: Created - Signing request was accepted
          headers:
            Location:
              description: URL of created resource
              type: string
        '507':
          $ref: '#/responses/507'
  /csr/{crt-id}:
    delete:
      summary: Reject a pending certificate signing request
      operationId: deletePendingCertificateRequest
      tags:
        - auth
      parameters:
        - $ref: '#/parameters/crt-id'
      responses:
        '204':
          description: No Content - CSR was successfuly rejected
        '404':
          $ref: '#/responses/404'
    get:
      summary: Retrieve a pending certificate signing request
      operationId: getCertificateSigningRequest
      produces:
        - application/pkcs10
      parameters:
        - $ref: '#/parameters/crt-id'
      responses:
        '200':
          description: OK - CSR retrieved
        '400':
          $ref: '#/responses/400'
        '404':
          $ref: '#/responses/404'
  /crt/{crt-id}:
    put:
      summary: Accept pending certificate signing request
      operationId: createCertificate
      tags:
        - auth
      responses:
        '204':
          description: No Content - CSR was successfuly signed
        '404':
          $ref: '#/responses/404'
    get:
      summary: Retrieve a signed certificate
      operationId: getCertificate
      produces:
        - application/pkix-cert
      parameters:
        - $ref: '#/parameters/crt-id'
      responses:
        '200':
          description: OK - CRT retrieved
        '404':
          $ref: '#/responses/404'
  /crt/ca.crt.pem:
    get:
      summary: Retrieve current CA certificate
      operationId: getCACertificate
      produces:
        - application/x-x509-ca-cert
      responses:
        '200':
          description: OK - CA CRT retrieved
  /crt/ca.crt.json:
    get:
      summary: Retrieve current CA certificate trust chain
      description: Response schema is described separately.
      operationId: getCACertificateChain
      produces:
        - application/json
      responses:
        '200':
          description: OK - CA CRT chain retrieved
  /crt/revoke:
    put:
      summary: Revoke a certificate
      description: Signed operation payload schema is described separately.
      operationId: revokeCertificate
      consumes:
        - application/json
      parameters:
        - $ref: '#/parameters/signed-operation'
      responses:
        '204':
          description: No Content - certificate revoked
  /crt/renew:
    put:
      summary: Renew a certificate
      description: Signed operation payload schema is described separately.
      operationId: renewCertificate
      consumes:
        - application/json
      parameters:
        - $ref: '#/parameters/signed-operation'
      responses:
        '200':
          description: OK - Renewed certificate retrieved
  /crl:
    get:
      summary: Retrieve latest certificate revocation list
      operationId: getCertificateRevocationList
      produces:
        - application/pkix-crl
      responses:
        '200':
          description: OK - CRL retrieved
definitions:
  csr:
    type: string
    description: application/pkcs10 data
  signed-operation:
    type: object
    required:
      - signature
      - payload
      - digest
    properties:
      digest:
        type: string
        description: Digest method name used to generate the signature (like "sha256", "sha512", etc)
      signature:
        type: string
        description: Base64-encoded signature generated by concatenating payload, digest and the space character (0x20), in this order.
      payload:
        type: string
        description: Operation parameters. This is a json-encoded value whose structure depends on the operation.
parameters:
  crt-id:
    name: crt-id
    in: path
    description: Opaque certificate signing request identifier
    required: true
    type: string
  csr:
    name: csr
    in: body
    description: x509 Certificate Signing Request
    required: true
    schema:
      $ref: '#/definitions/csr'
  signed-operation:
    name: signed-operation
    in: body
    description: An operation, signed with requester's private key
    schema:
      $ref: '#/definitions/signed-operation'
responses:
  '400':
    description: Bad Request - you probably provided wrong parameters
  '404':
    description: Not Found - Requested resource does not exist, or you did not provide required transport-level credentials (x509 cert over https)
  '507':
    description: Insufficient Storage