{ "openapi": "3.0.1", "info": { "title": "EJBCA REST Interface", "description": "API reference documentation.", "version": "1.0" }, "servers": [ { "url": "/ejbca/ejbca-rest-api", "description": "HTTPS Server" } ], "tags": [ { "name": "v1/ca_management", "description": "CA Management API" }, { "name": "v1/ca", "description": "CA REST API" }, { "name": "v1/certificate", "description": "Certificate REST Management API" }, { "name": "v2/certificate", "description": "Certificate REST Management API" }, { "name": "v1/configdump", "description": "Configdump REST API" }, { "name": "v1/cryptotoken", "description": "Crypto Token REST Management API" }, { "name": "v1/endentity", "description": "End Entity REST Management API" }, { "name": "v2/endentity", "description": "End Entity REST Management API V2" }, { "name": "v1/ssh", "description": "SSH REST API" }, { "name": "v1/system", "description": "System REST Management API" } ], "paths": { "/etsi/v1/certificate/{ecacertificateid}/validate": { "post": { "operationId": "etsiOperrationAuthValidation", "parameters": [ { "name": "ecacertificateid", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/etsi/v1/certificate/{ecacertificateid}/enroll": { "post": { "operationId": "etsiOperrationEcEnroll", "parameters": [ { "name": "ecacertificateid", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/etsi/v1/certificate/status": { "get": { "operationId": "status", "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/etsi/v1/endentity/{its_name}": { "delete": { "operationId": "delete", "parameters": [ { "name": "its_name", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/etsi/v1/endentity/{its_name}/edit": { "put": { "operationId": "editIts", "parameters": [ { "name": "its_name", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ItsEditRequestMessage" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/etsi/v1/endentity/register-its": { "post": { "operationId": "registerIts", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ItsRegistrationRequestMessage" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/etsi/v1/endentity/{its_name}/revoke": { "put": { "operationId": "revoke", "parameters": [ { "name": "its_name", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EndEntityRevocationRestRequest" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/etsi/v1/endentity/status": { "get": { "operationId": "status_1", "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/etsi/v1/endentity/{its_canonicalId}": { "get": { "operationId": "viewEeByCanonicalId", "parameters": [ { "name": "its_canonicalId", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/acct/{accountId}/authz/{authorizationId}": { "post": { "operationId": "authz", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } }, { "name": "accountId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "authorizationId", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/cert/{certificateId}": { "post": { "operationId": "cert", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } }, { "name": "certificateId", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "*/*": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/pem-certificate-chain": { }, "application/pkcs7-mime": { } } } } } }, "/acct/{accountId}/chall/{challengeId}": { "post": { "operationId": "challenge", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } }, { "name": "accountId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "challengeId", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/directory": { "get": { "operationId": "directoryGet", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } }, "post": { "operationId": "directoryPost", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/acct/{accountId}/orders/{orderId}/finalize": { "post": { "operationId": "finalizeOrder", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } }, { "name": "accountId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "orderId", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/keyChange": { "post": { "operationId": "keyChange", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/newAccount": { "post": { "operationId": "newAccount", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/newAuthz": { "post": { "operationId": "newAuthz", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/newNonce": { "get": { "operationId": "newNonceGet", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } }, "post": { "operationId": "newNoncePost", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } }, "head": { "operationId": "newNonceHead", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/newOrder": { "post": { "operationId": "newOrder", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/acct/{accountId}/orders/{orderId}": { "post": { "operationId": "order", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } }, { "name": "accountId", "in": "path", "required": true, "schema": { "type": "string" } }, { "name": "orderId", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/acct/{accountId}/orders": { "post": { "operationId": "orders", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } }, { "name": "accountId", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/revokeCert": { "post": { "operationId": "revokeCert", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/acct/{accountId}": { "post": { "operationId": "updateAccount", "parameters": [ { "name": "configurationId", "in": "query", "schema": { "type": "string" } }, { "name": "accountId", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/jose+json": { "schema": { "type": "string" } } } }, "responses": { "default": { "description": "default response", "content": { "application/json": { } } } } } }, "/v1/ca_management/{ca_name}/activate": { "put": { "tags": [ "v1/ca_management" ], "summary": "Activate a CA", "description": "Activates CA with given name", "operationId": "activate", "parameters": [ { "name": "ca_name", "in": "path", "description": "Name of the CA to activate", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "CA activated" } } } }, "/v1/ca_management/{ca_name}/deactivate": { "put": { "tags": [ "v1/ca_management" ], "summary": "Deactivate a CA", "description": "Deactivates CA with given name", "operationId": "deactivate", "parameters": [ { "name": "ca_name", "in": "path", "description": "Name of the CA to deactivate", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "CA deactivated" } } } }, "/v1/ca_management/status": { "get": { "tags": [ "v1/ca_management" ], "summary": "Get the status of this REST Resource", "description": "Returns status, API version and EJBCA version.", "operationId": "status_2", "responses": { "200": { "description": "Successful response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestResourceStatusRestResponse" } } } } } } }, "/v1/ca/{issuer_dn}/createcrl": { "post": { "tags": [ "v1/ca" ], "description": "Create CRL(main, partition and delta) issued by this CA", "operationId": "createCrl", "parameters": [ { "name": "issuer_dn", "in": "path", "description": "the CRL issuers DN (CAs subject DN)", "required": true, "schema": { "type": "string" } }, { "name": "deltacrl", "in": "query", "description": "true to create the deltaCRL, false to create the base CRL", "schema": { "type": "boolean", "example": true, "default": false } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateCrlRestResponse" } } } } } } }, "/v1/ca/{subject_dn}/certificate/download": { "get": { "tags": [ "v1/ca" ], "description": "Get PEM file with the active CA certificate chain", "operationId": "getCertificateAsPem", "parameters": [ { "name": "subject_dn", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "*/*": { } } } } } }, "/v1/ca/{issuer_dn}/getLatestCrl": { "get": { "tags": [ "v1/ca" ], "description": "Returns the latest CRL issued by this CA", "operationId": "getLatestCrl", "parameters": [ { "name": "issuer_dn", "in": "path", "description": "the CRL issuers DN (CAs subject DN)", "required": true, "schema": { "type": "string" } }, { "name": "deltaCrl", "in": "query", "description": "true to get the latest deltaCRL, false to get the latest complete CRL", "schema": { "type": "boolean", "example": true, "default": false } }, { "name": "crlPartitionIndex", "in": "query", "description": "the CRL partition index", "schema": { "type": "integer", "format": "int64", "default": 0 } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CrlRestResponse" } } } } } } }, "/v1/ca/{issuer_dn}/importcrl": { "post": { "tags": [ "v1/ca" ], "description": "Import a certificate revocation list (CRL) for a CA", "operationId": "importCrl", "parameters": [ { "name": "issuer_dn", "in": "path", "description": "the CRL issuers DN (CAs subject DN)", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "multipart/form-data": { "schema": { "type": "object", "properties": { "crlPartitionIndex": { "type": "integer", "description": "CRL partition index", "format": "int64", "default": 0 }, "crlFile": { "type": "string", "description": "CRL file in DER format", "format": "binary" } } } } } }, "responses": { "200": { "description": "CRL file was imported successfully" }, "400": { "description": "Error while importing CRL file" } } } }, "/v1/ca": { "get": { "tags": [ "v1/ca" ], "summary": "Returns the Response containing the list of CAs with general information per CA as Json", "description": "Returns the Response containing the list of CAs with general information per CA as Json", "operationId": "listCas", "parameters": [ { "name": "includeExternal", "in": "query", "description": "true to get external (i.e. imported) cartificates, false to not get external (i.e. imported) certificates", "schema": { "type": "boolean", "example": true, "default": false } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CaInfosRestResponse" } } } } } } }, "/v1/ca/status": { "get": { "tags": [ "v1/ca" ], "summary": "Get the status of this REST Resource", "description": "Returns status, API version and EJBCA version.", "operationId": "status_3", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestResourceStatusRestResponse" } } } } } } }, "/v1/certificate/certificaterequest": { "post": { "tags": [ "v1/certificate" ], "summary": "Enrollment with client generated keys for an existing End Entity", "description": "Enroll for a certificate given a PEM encoded PUBLICKEY, PKCS10, CRMF, SPKAC, or CVC.", "operationId": "certificateRequest", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertificateRequestRestRequest" } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertificateEnrollmentRestResponse" } } } } } } }, "/v1/certificate/enroll": { "post": { "tags": [ "v1/certificate" ], "summary": "Enrollment with client generated keys. If end entity does not exist, it will be created.", "description": "Enroll for a certificate given a PEM encoded PUBLICKEY, PKCS10, CRMF, SPKAC, or CVC. \nResponse Format is 'DER' (default when excluded) or 'PKCS7' in base64 encoded PEM format", "operationId": "enrollCertificate", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnrollCertificateWithEntityRestRequest" } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertificateEnrollmentRestResponse" } } } } } } }, "/v1/certificate/enrollkeystore": { "post": { "tags": [ "v1/certificate" ], "summary": "Keystore enrollment", "description": "Creates a keystore for the specified end entity", "operationId": "enrollKeystore", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/KeyStoreRestRequest" } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertificateEnrollmentRestResponse" } } } } } } }, "/v1/certificate/pkcs10enroll": { "post": { "tags": [ "v1/certificate" ], "summary": "Enrollment with client generated keys, using CSR subject.", "description": "Enroll for a certificate given a PEM encoded PKCS#10 CSR. \nResponse Format is 'DER' (default when excluded) or 'PKCS7' in base64 encoded PEM format", "operationId": "enrollPkcs10Certificate", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnrollCertificateRestRequest" } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertificateEnrollmentRestResponse" } } } } } } }, "/v1/certificate/{request_id}/finalize": { "post": { "tags": [ "v1/certificate" ], "summary": "Finalize enrollment", "description": "Finalizes enrollment after administrator approval using request Id", "operationId": "finalizeEnrollment", "parameters": [ { "name": "request_id", "in": "path", "description": "Approval request id", "required": true, "schema": { "type": "integer", "format": "int32" } } ], "requestBody": { "description": "responseFormat must be one of 'P12', 'BCFKS', 'JKS', 'DER'", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FinalizeRestRequest" } } } }, "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertificateRestResponse" } } } } } } }, "/v1/certificate/expire": { "get": { "tags": [ "v1/certificate" ], "summary": "Get a list of certificates that are about to expire", "description": "List of certificates expiring within specified number of days", "operationId": "getCertificatesAboutToExpire", "parameters": [ { "name": "days", "in": "query", "description": "Request certificates expiring within this number of days", "schema": { "type": "integer", "format": "int64" } }, { "name": "offset", "in": "query", "description": "Next offset to display results of, if maxNumberOfResults is exceeded. Starts from 0.", "schema": { "type": "integer", "format": "int32" } }, { "name": "maxNumberOfResults", "in": "query", "description": "Maximum number of certificates to display. If result exceeds this value. Modify 'offset' to retrieve more results", "schema": { "type": "integer", "format": "int32" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExpiringCertificatesRestResponse" } } } } } } }, "/v1/certificate/{issuer_dn}/{certificate_serial_number}/revocationstatus": { "get": { "tags": [ "v1/certificate" ], "summary": "Checks revocation status of the specified certificate", "description": "Checks revocation status of the specified certificate", "operationId": "revocationStatus", "parameters": [ { "name": "issuer_dn", "in": "path", "description": "Subject DN of the issuing CA", "required": true, "schema": { "type": "string" } }, { "name": "certificate_serial_number", "in": "path", "description": "hex serial number (without prefix, e.g. '00')", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RevokeStatusRestResponse" } } } } } } }, "/v1/certificate/{issuer_dn}/{certificate_serial_number}/revoke": { "put": { "tags": [ "v1/certificate" ], "summary": "Revokes the specified certificate", "description": "Revokes the specified certificate, changes revocation reason for an already revoked certificate, sets invalidity or revocation date", "operationId": "revokeCertificate", "parameters": [ { "name": "issuer_dn", "in": "path", "description": "Subject DN of the issuing CA", "required": true, "schema": { "type": "string" } }, { "name": "certificate_serial_number", "in": "path", "description": "Hex serial number (without prefix, e.g. '00')", "required": true, "schema": { "type": "string" } }, { "name": "reason", "in": "query", "description": "Valid RFC5280 reason. One of\n NOT_REVOKED, UNSPECIFIED ,KEY_COMPROMISE,\n CA_COMPROMISE, AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION,\n CERTIFICATE_HOLD, REMOVE_FROM_CRL, PRIVILEGES_WITHDRAWN, AA_COMPROMISE \n\n Only KEY_COMPROMISE is allowed for new revocation reason if revocation reason is to be changed.", "schema": { "type": "string" } }, { "name": "date", "in": "query", "description": "ISO 8601 Date string, eg. '2018-06-15T14:07:09Z'", "schema": { "type": "string" } }, { "name": "invalidity_date", "in": "query", "description": "ISO 8601 Date string, eg. '2018-06-15T14:07:09Z'. Will be ignored with revocation reason REMOVE_FROM_CRL", "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RevokeStatusRestResponse" } } } } } } }, "/v1/certificate/search": { "post": { "tags": [ "v1/certificate" ], "summary": "Searches for certificates confirming given criteria.", "description": "Insert as many search criteria as needed. A reference about allowed values for criteria could be found below, under SearchCertificateCriteriaRestRequest model.", "operationId": "searchCertificates", "requestBody": { "description": "Maximum number of results and collection of search criterias.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchCertificatesRestRequest" } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/SearchCertificatesRestResponse" } } } } } } } }, "/v1/certificate/status": { "get": { "tags": [ "v1/certificate" ], "summary": "Get the status of this REST Resource", "description": "Returns status, API version and EJBCA version.", "operationId": "status_4", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestResourceStatusRestResponse" } } } } } } }, "/v2/certificate/count": { "get": { "tags": [ "v2/certificate" ], "description": "Get the quantity of rather total issued or active certificates", "operationId": "getCertificateCount", "parameters": [ { "name": "isActive", "in": "query", "description": "true if an active certificates should be counted only", "schema": { "type": "boolean" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertificateCountResponse" } } } } } } }, "/v2/certificate/profile/{profile_name}": { "get": { "tags": [ "v2/certificate" ], "description": "Get Certificate Profile Info.", "operationId": "getCertificateProfileInfo", "parameters": [ { "name": "profile_name", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Sucessful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertificateProfileInfoRestResponseV2" } } } } } } }, "/v2/certificate/{issuer_dn}/keyimport": { "post": { "tags": [ "v2/certificate" ], "description": "Import keystores to CA in base64 format", "operationId": "importKeystores", "parameters": [ { "name": "issuer_dn", "in": "path", "description": "Subject DN of CA that will take over key management", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/KeyImportRestRequestV2" } } } }, "responses": { "200": { "description": "Keystores imported successfully." }, "207": { "description": "Keystores imported partially. Some key imports have failed." }, "500": { "description": "Something went wrong." } } } }, "/v2/certificate/{issuer_dn}/{certificate_serial_number}/keyrecover": { "put": { "tags": [ "v2/certificate" ], "description": "Marks certificate for key recovery.", "operationId": "markCertificateForKeyRecovery", "parameters": [ { "name": "issuer_dn", "in": "path", "description": "Subject DN of the issuing CA", "required": true, "schema": { "type": "string" } }, { "name": "certificate_serial_number", "in": "path", "description": "Hex serial number (without prefix, e.g. '00')", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Certificate marked for key recovery successfully" }, "500": { "description": "General error, while trying to mark the certificate for key recovery" } } } }, "/v2/certificate/search": { "post": { "tags": [ "v2/certificate" ], "summary": "Searches for certificates confirming given criteria and pagination.", "description": "Insert as many search criteria as needed. A reference about allowed values for criteria could be found below, under SearchCertificateCriteriaRestRequestV2 model. Use -1 for current_page to get total number of certificate for the request criteria.", "operationId": "searchCertificates_1", "requestBody": { "description": "Collection of search criterias and pagination information.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchCertificatesRestRequestV2" } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchCertificatesRestResponseV2" } } } } } } }, "/v2/certificate/status": { "get": { "tags": [ "v2/certificate" ], "summary": "Get the status of this REST Resource", "description": "Returns status, API version and EJBCA version.", "operationId": "status_5", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestResourceStatusRestResponse" } } } } } } }, "/v1/configdump": { "get": { "tags": [ "v1/configdump" ], "summary": "Get the configuration in JSON.", "description": "Returns the configdump data in JSON.", "operationId": "getJsonConfigdump", "parameters": [ { "name": "ignoreerrors", "in": "query", "description": "Print a warning instead of aborting and throwing an exception on errors.", "schema": { "type": "boolean", "default": false } }, { "name": "defaults", "in": "query", "description": "Also include fields having the default value.", "schema": { "type": "boolean", "default": false } }, { "name": "externalcas", "in": "query", "description": "Enables export of external CAs (i.e. CAs where there's only a certificate and nothing else)", "schema": { "type": "boolean", "default": false } }, { "name": "exportCasForPeerImport", "in": "query", "description": "Export an CA to be imported in a Peer as configdump", "schema": { "type": "boolean", "default": false } }, { "name": "include", "in": "query", "description": "Names of items/types to include in the export. The syntax is identical to that of exclude. For items of types that aren't listed, everything is included.", "schema": { "uniqueItems": true, "type": "array", "items": { "type": "string" } } }, { "name": "exclude", "in": "query", "description": "Names of items/types to exclude in the export, separated by semicolon. Type and name is separated by a colon, and wildcards \"\\*\" are allowed. Both are case-insensitive. E.g. exclude=\"\\*:Example CA;cryptotoken:Example\\*;systemconfiguration:\\*\".\n\nSupported types are: ACMECONFIG/acme-config, AUTOENROLLMENTCONFIG/autoenrollment-config, CA/certification-authorities, CRYPTOTOKEN/crypto-tokens, PUBLISHER/publishers, APPROVALPROFILE/approval-profiles, CERTPROFILE/certificate-profiles, EEPROFILE/end-entity-profiles, SERVICE/services, ROLE/admin-roles, KEYBINDING/internal-key-bindings, ADMINPREFS/admin-preferences, OCSPCONFIG/ocsp-configuration, PEERCONNECTOR/peer-connectors, SCEPCONFIG/scep-config, CMPCONFIG/cmp-config, ESTCONFIG/est-config, VALIDATOR/validators, CTLOG/ct-logs, EXTENDEDKEYUSAGE/extended-key-usage, CERTEXTENSION/custom-certificate-extensions, OAUTHKEY/trusted-oauth-providers, AVAILABLEPROTOCOLS/available-protocols", "schema": { "uniqueItems": true, "type": "array", "items": { "type": "string" } } } ], "responses": { "200": { "description": "Successful summary", "content": { "application/json": { "schema": { "type": "string", "format": "byte" } } } } } }, "post": { "tags": [ "v1/configdump" ], "summary": "Put the configuration in JSON.", "operationId": "postJsonImport", "parameters": [ { "name": "ignoreerrors", "in": "query", "description": "Add to warnings instead of aborting on errors.", "schema": { "type": "boolean", "default": false } }, { "name": "initialize", "in": "query", "description": "Generate initial certificate for CAs on import", "schema": { "type": "boolean", "default": false } }, { "name": "continue", "in": "query", "description": "Continue on errors. Default is to abort.", "schema": { "type": "boolean", "default": false } }, { "name": "overwrite", "in": "query", "description": "How to handle already existing configuration. Options are abort,skip,yes", "schema": { "type": "string", "default": "abort", "enum": [ "yes", "skip", "abort" ] } }, { "name": "resolve", "in": "query", "description": "How to resolve missing references. Options are abort,skip,default", "schema": { "type": "string", "default": "abort", "enum": [ "abort", "skip", "useDefault" ] } }, { "name": "expand", "in": "query", "description": "Expand variables by replacing references in form ${VARIABLE_NAME} with values of matching environment variables, e.g. VARIABLE_NAME.", "schema": { "type": "boolean", "default": false } } ], "requestBody": { "description": "JSON data in configdump format", "content": { "application/json": { "schema": { "type": "string" } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ConfigdumpResults" } } } } } } }, "/v1/configdump/{type}": { "get": { "tags": [ "v1/configdump" ], "summary": "Get the configuration for type in JSON.", "description": "Returns the configdump data in JSON.", "operationId": "getJsonConfigdumpForType", "parameters": [ { "name": "type", "in": "path", "description": "Configuration type to export.\n\nSupported types are: ACMECONFIG/acme-config, AUTOENROLLMENTCONFIG/autoenrollment-config, CA/certification-authorities, CRYPTOTOKEN/crypto-tokens, PUBLISHER/publishers, APPROVALPROFILE/approval-profiles, CERTPROFILE/certificate-profiles, EEPROFILE/end-entity-profiles, SERVICE/services, ROLE/admin-roles, KEYBINDING/internal-key-bindings, ADMINPREFS/admin-preferences, OCSPCONFIG/ocsp-configuration, PEERCONNECTOR/peer-connectors, SCEPCONFIG/scep-config, CMPCONFIG/cmp-config, ESTCONFIG/est-config, VALIDATOR/validators, CTLOG/ct-logs, EXTENDEDKEYUSAGE/extended-key-usage, CERTEXTENSION/custom-certificate-extensions, OAUTHKEY/trusted-oauth-providers, AVAILABLEPROTOCOLS/available-protocols", "required": true, "schema": { "type": "string" } }, { "name": "ignoreerrors", "in": "query", "description": "Print a warning instead of aborting and throwing an exception on errors.", "schema": { "type": "boolean", "default": false } }, { "name": "defaults", "in": "query", "description": "Also include fields having the default value.", "schema": { "type": "boolean", "default": false } }, { "name": "externalcas", "in": "query", "description": "Enables export of external CAs (i.e. CAs where there's only a certificate and nothing else)", "schema": { "type": "boolean", "default": false } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "type": "string", "format": "byte" } } } } } } }, "/v1/configdump/{type}/{setting}": { "get": { "tags": [ "v1/configdump" ], "summary": "Get the configuration for a type and setting in JSON.", "description": "Returns the configdump data in JSON.", "operationId": "getJsonConfigdumpForTypeAndSetting", "parameters": [ { "name": "type", "in": "path", "description": "Configuration type to export.\n\nSupported types are: ACMECONFIG/acme-config, AUTOENROLLMENTCONFIG/autoenrollment-config, CA/certification-authorities, CRYPTOTOKEN/crypto-tokens, PUBLISHER/publishers, APPROVALPROFILE/approval-profiles, CERTPROFILE/certificate-profiles, EEPROFILE/end-entity-profiles, SERVICE/services, ROLE/admin-roles, KEYBINDING/internal-key-bindings, ADMINPREFS/admin-preferences, OCSPCONFIG/ocsp-configuration, PEERCONNECTOR/peer-connectors, SCEPCONFIG/scep-config, CMPCONFIG/cmp-config, ESTCONFIG/est-config, VALIDATOR/validators, CTLOG/ct-logs, EXTENDEDKEYUSAGE/extended-key-usage, CERTEXTENSION/custom-certificate-extensions, OAUTHKEY/trusted-oauth-providers, AVAILABLEPROTOCOLS/available-protocols", "required": true, "schema": { "type": "string" } }, { "name": "setting", "in": "path", "description": "Individual configuration name to export", "required": true, "schema": { "type": "string" } }, { "name": "ignoreerrors", "in": "query", "description": "Print a warning instead of aborting and throwing an exception on errors.", "schema": { "type": "boolean", "default": false } }, { "name": "defaults", "in": "query", "description": "Also include fields having the default value.", "schema": { "type": "boolean", "default": false } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "type": "string", "format": "byte" } } } } } } }, "/v1/configdump/configdump.zip": { "get": { "tags": [ "v1/configdump" ], "summary": "Get the configuration as a ZIP file.", "description": "Returns a zip archive of YAML files.", "operationId": "getZipExport", "parameters": [ { "name": "ignoreerrors", "in": "query", "description": "Print a warning instead of aborting and throwing an exception on errors.", "schema": { "type": "boolean", "default": false } }, { "name": "defaults", "in": "query", "description": "Also include fields having the default value.", "schema": { "type": "boolean", "default": false } }, { "name": "externalcas", "in": "query", "description": "Enables export of external CAs (i.e. CAs where there's only a certificate and nothing else)", "schema": { "type": "boolean", "default": false } }, { "name": "exportCasForPeerImport", "in": "query", "description": "Export an CA to be imported in a Peer as configdump", "schema": { "type": "boolean", "default": false } }, { "name": "include", "in": "query", "description": "Names of items/types to include in the export. The syntax is identical to that of exclude. For items of types that aren't listed, everything is included.", "schema": { "uniqueItems": true, "type": "array", "items": { "type": "string" } } }, { "name": "exclude", "in": "query", "description": "Names of items/types to exclude in the export, separated by semicolon. Type and name is separated by a colon, and wildcards \"\\*\" are allowed. Both are case-insensitive. E.g. exclude=\"\\*:Example CA;cryptotoken:Example\\*;systemconfiguration:\\*\".\n\nSupported types are: ACMECONFIG/acme-config, AUTOENROLLMENTCONFIG/autoenrollment-config, CA/certification-authorities, CRYPTOTOKEN/crypto-tokens, PUBLISHER/publishers, APPROVALPROFILE/approval-profiles, CERTPROFILE/certificate-profiles, EEPROFILE/end-entity-profiles, SERVICE/services, ROLE/admin-roles, KEYBINDING/internal-key-bindings, ADMINPREFS/admin-preferences, OCSPCONFIG/ocsp-configuration, PEERCONNECTOR/peer-connectors, SCEPCONFIG/scep-config, CMPCONFIG/cmp-config, ESTCONFIG/est-config, VALIDATOR/validators, CTLOG/ct-logs, EXTENDEDKEYUSAGE/extended-key-usage, CERTEXTENSION/custom-certificate-extensions, OAUTHKEY/trusted-oauth-providers, AVAILABLEPROTOCOLS/available-protocols", "schema": { "uniqueItems": true, "type": "array", "items": { "type": "string" } } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/zip": { "schema": { "type": "string", "format": "byte" } } } } } }, "post": { "tags": [ "v1/configdump" ], "summary": "Put the configuration as a ZIP file.", "operationId": "postZipImport", "parameters": [ { "name": "expand", "in": "query", "description": "Expand variables by replacing references in form ${CONFIGDUMP_VARIABLE_NAME} with values of matching environment variables, e.g. CONFIGDUMP_VARIABLE_NAME (prefix should stay).", "schema": { "type": "boolean", "default": false } } ], "requestBody": { "content": { "multipart/form-data": { "schema": { "type": "object", "properties": { "zipfile": { "type": "string", "description": "A zipfile containing directories of YAML files.", "format": "binary" }, "ignoreerrors": { "type": "boolean", "description": "Add to warnings instead of aborting on errors.", "default": false }, "initialize": { "type": "boolean", "description": "Generate initial certificate for CAs on import", "default": false }, "continue": { "type": "boolean", "description": "Continue on errors. Default is to abort.", "default": false }, "overwrite": { "type": "string", "description": "How to handle already existing configuration. Options are abort,skip,yes", "default": "abort", "enum": [ "yes", "skip", "abort" ] }, "resolve": { "type": "string", "description": "How to resolve missing references. Options are abort,skip,default", "default": "abort", "enum": [ "abort", "skip", "useDefault" ] } } } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ConfigdumpResults" } } } } } } }, "/v1/configdump/status": { "get": { "tags": [ "v1/configdump" ], "summary": "Get the status of this REST Resource", "description": "Returns status, API version and EJBCA version.", "operationId": "status_6", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestResourceStatusRestResponse" } } } } } } }, "/v1/cryptotoken/{cryptotoken_name}/activate": { "put": { "tags": [ "v1/cryptotoken" ], "summary": "Activate a Crypto Token", "description": "Activates Crypto Token given name and activation code", "operationId": "activate_1", "parameters": [ { "name": "cryptotoken_name", "in": "path", "description": "Name of the token to activate", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "*/*": { "schema": { "$ref": "#/components/schemas/CryptoTokenActivationRestRequest" } } } }, "responses": { "200": { "description": "Successful operation" } } } }, "/v1/cryptotoken/{cryptotoken_name}/deactivate": { "put": { "tags": [ "v1/cryptotoken" ], "summary": "Deactivate a Crypto Token", "description": "Deactivates Crypto Token given name", "operationId": "deactivate_1", "parameters": [ { "name": "cryptotoken_name", "in": "path", "description": "Name of the token to deactivate", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation" } } } }, "/v1/cryptotoken/{cryptotoken_name}/generatekeys": { "post": { "tags": [ "v1/cryptotoken" ], "summary": "Generate keys", "description": "Generates a key pair given crypto token name, key pair alias, key algorithm and key specification, i.e. RSA 4096 or ECDSA secp256r1.", "operationId": "generateKeys", "parameters": [ { "name": "cryptotoken_name", "in": "path", "description": "Name of the token to generate keys for", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CryptoTokenKeyGenerationRestRequest" } } } }, "responses": { "200": { "description": "Successful operation" } } } }, "/v1/cryptotoken/{cryptotoken_name}/{key_pair_alias}/removekeys": { "post": { "tags": [ "v1/cryptotoken" ], "summary": "Remove keys", "description": "Remove a key pair given crypto token name and key pair alias to be removed.", "operationId": "removeKeys", "parameters": [ { "name": "cryptotoken_name", "in": "path", "description": "Name of the token to remove keys for.", "required": true, "schema": { "type": "string" } }, { "name": "key_pair_alias", "in": "path", "description": "Alias for the key to be removed from the crypto token.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation" } } } }, "/v1/cryptotoken/status": { "get": { "tags": [ "v1/cryptotoken" ], "summary": "Get the status of this REST Resource", "description": "Returns status, API version and EJBCA version.", "operationId": "status_7", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestResourceStatusRestResponse" } } } } } } }, "/v1/endentity": { "post": { "tags": [ "v1/endentity" ], "summary": "Add new end entity, if it does not exist", "description": "Register new end entity based on provided registration data", "operationId": "add", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AddEndEntityRestRequest" } } } }, "responses": { "200": { "description": "Successful operation" } } } }, "/v1/endentity/{endentity_name}": { "delete": { "tags": [ "v1/endentity" ], "summary": "Deletes end entity", "description": "Deletes specified end entity and keeps certificate information untouched, if end entity does not exist success is still returned", "operationId": "delete_1", "parameters": [ { "name": "endentity_name", "in": "path", "description": "Name of the end entity", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation" } } } }, "/v1/endentity/edit": { "post": { "tags": [ "v1/endentity" ], "summary": "Edit existing end entity ", "description": "Edit end entity based on provided data", "operationId": "edit", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AddEndEntityRestRequest" } } } }, "responses": { "200": { "description": "Successful operation" } } } }, "/v1/endentity/{endentity_name}/revoke": { "put": { "tags": [ "v1/endentity" ], "summary": "Revokes all end entity certificates", "description": "Revokes all certificates associated with given end entity name with specified reason code (see RFC 5280 Section 5.3.1), and optionally deletes the end entity", "operationId": "revoke_1", "parameters": [ { "name": "endentity_name", "in": "path", "description": "Name of the end entity", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EndEntityRevocationRestRequest" } } } }, "responses": { "200": { "description": "Successful operation" } } } }, "/v1/endentity/search": { "post": { "tags": [ "v1/endentity" ], "summary": "Searches for end entity confirming given criteria.", "description": "Insert as many search criteria as needed. A reference about allowed values for criteria could be found below, under SearchEndEntityCriteriaRestRequest model.", "operationId": "search", "requestBody": { "description": "Maximum number of results and collection of search criterias.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchEndEntitiesRestRequest" } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchEndEntitiesRestResponse" } } } } } } }, "/v1/endentity/{endentity_name}/setstatus": { "post": { "tags": [ "v1/endentity" ], "summary": "Edits end entity setting new status", "description": "Edit status, password and token type of related end entity", "operationId": "setstatus", "parameters": [ { "name": "endentity_name", "in": "path", "description": "Name of the end entity to edit status for", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SetEndEntityStatusRestRequest" } } } }, "responses": { "200": { "description": "Successful operation" } } } }, "/v1/endentity/status": { "get": { "tags": [ "v1/endentity" ], "summary": "Get the status of this REST Resource", "description": "Returns status, API version and EJBCA version.", "operationId": "status_8", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestResourceStatusRestResponse" } } } } } } }, "/v2/endentity/profiles/authorized": { "get": { "tags": [ "v2/endentity" ], "summary": "List of authorized end entity profiles for the current admin.", "description": "Returns list of all authorized end entity profiles for the current admin token", "operationId": "getAuthorizedEndEntityProfiles", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthorizedEEPsRestResponse" } } } } } } }, "/v2/endentity/profile/{endentity_profile_name}": { "get": { "tags": [ "v2/endentity" ], "summary": "Get End Entity Profile content", "description": "Returns End Entity Profile configurations: List of available CAs, list of available Certificate Profiles.", "operationId": "profile", "parameters": [ { "name": "endentity_profile_name", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EndEntityProfileResponse" } } } } } } }, "/v2/endentity/search": { "post": { "tags": [ "v2/endentity" ], "summary": "Searches and sorts for end entity conforming given criteria.", "description": "Insert as many search criteria as needed and optionally a sorting criteria. A reference about allowed values for criteria could be found below, under SearchEndEntityCriteriaRestRequestV2 model.", "operationId": "sortedSearch", "requestBody": { "description": "Maximum number of results and collection of search criterias.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchEndEntitiesRestRequestV2" } } } }, "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchEndEntitiesRestResponse" } } } } } } }, "/v2/endentity/status": { "get": { "tags": [ "v2/endentity" ], "summary": "Get the status of this REST Resource", "description": "Returns status, API version and EJBCA version.", "operationId": "status_9", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestResourceStatusRestResponse" } } } } } } }, "/v1/ssh/{ca_name}/pubkey": { "get": { "tags": [ "v1/ssh" ], "summary": "Retrieves a CA's public key in SSH format.", "description": "Retrieves a CA's public key in SSH format.", "operationId": "pubkey", "parameters": [ { "name": "ca_name", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SshPublicKeyRestResponse" } } } } } } }, "/v1/ssh/certificaterequest": { "post": { "tags": [ "v1/ssh" ], "summary": "Enrollment with public key", "description": "Enroll for a ssh certificate.", "operationId": "sshCertificateRequest", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SshCertificateRequestRestRequest" } } } }, "responses": { "200": { "description": "Successful response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SshCertificateRestResponse" } } } } } } }, "/v1/ssh/status": { "get": { "tags": [ "v1/ssh" ], "summary": "Get the status of this REST Resource", "description": "Returns status, API version and EJBCA version.", "operationId": "status_10", "responses": { "200": { "description": "Successful response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestResourceStatusRestResponse" } } } } } } }, "/v1/system/service/{service_name}/run": { "put": { "tags": [ "v1/system" ], "summary": "Runs a specified service", "description": "Run service with the provided name", "operationId": "runServiceNoTimer", "parameters": [ { "name": "service_name", "in": "path", "description": "Name of the service to run", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK Successful request" } } } }, "/{job-id}": { "get": { "operationId": "get", "parameters": [ { "name": "wait", "in": "query", "schema": { "type": "integer", "format": "int64", "default": -1 } }, { "name": "job-id", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "*/*": { } } } } }, "post": { "operationId": "readAndRemove", "parameters": [ { "name": "wait", "in": "query", "schema": { "type": "integer", "format": "int64", "default": -1 } }, { "name": "job-id", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "*/*": { } } } } }, "delete": { "operationId": "remove", "parameters": [ { "name": "job-id", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "default": { "description": "default response", "content": { "*/*": { } } } } } } }, "components": { "schemas": { "ItsEditRequestMessage": { "type": "object", "properties": { "region": { "type": "string" }, "validityPeriod": { "type": "string" }, "assuranceLevel": { "type": "string" } } }, "ItsRegistrationRequestMessage": { "type": "object", "properties": { "canonicalId": { "type": "string" }, "canonicalPublicKey": { "type": "string" }, "certificateProfileName": { "type": "string" }, "endEntityProfileName": { "type": "string" }, "caName": { "type": "string" }, "region": { "type": "string" }, "validityPeriod": { "type": "string" }, "assuranceLevel": { "type": "string" } } }, "EndEntityRevocationRestRequest": { "type": "object", "properties": { "reason_code": { "type": "integer", "description": "Reason code", "format": "int32", "example": 2, "enum": [null] }, "delete": { "type": "boolean", "description": "Delete", "example": true, "enum": [false] } }, "description": "End Entity revocation request. Available reason codes: \n 0 - Unspecified,\n 1 - Key Compromise,\n 2 - CA Compromise,\n 3 - Affiliation Changed,\n 4 - Superseded,\n 5 - Cessation of Operation,\n 6 - Certificate Hold,\n 8 - Remove from CRL,\n 9 - Privileges Withdrawn,\n 10 - AA Compromise" }, "RestResourceStatusRestResponse": { "type": "object", "properties": { "status": { "type": "string", "description": "Status", "example": "OK" }, "version": { "type": "string", "description": "Resource version", "example": "1.0" }, "revision": { "type": "string", "description": "Application revision", "example": "EJBCA 1.0.0 Enterprise" } } }, "CreateCrlRestResponse": { "type": "object", "properties": { "issuer_dn": { "type": "string", "description": "Issuer Distinguished Name", "example": "CN=ExampleCA" }, "latest_crl_version": { "type": "integer", "description": "Latest base CRL version", "format": "int32", "example": 10 }, "latest_delta_crl_version": { "type": "integer", "description": "Latest delta CRL version", "format": "int32", "example": 5 }, "latest_partition_crl_versions": { "type": "object", "additionalProperties": { "type": "integer", "format": "int32" } }, "latest_partition_delta_crl_versions": { "type": "object", "additionalProperties": { "type": "integer", "format": "int32" } }, "all_success": { "type": "boolean" } } }, "CrlRestResponse": { "type": "object", "properties": { "crl": { "type": "string", "description": "Certificate Revocation List (CRL)", "format": "byte", "example": "TUlJRVYuLi5TcVFQRQ==" }, "response_format": { "type": "string", "description": "Response format", "example": "DER" } } }, "CaInfoRestResponse": { "type": "object", "properties": { "id": { "type": "integer", "description": "CA identifier", "format": "int32", "example": 12345678 }, "name": { "type": "string", "description": "Certificate Authority (CA) name", "example": "ExampleCA" }, "subject_dn": { "type": "string", "description": "Subject Distinguished Name", "example": "CN=ExampleCA,O=Sample,C=SE" }, "issuer_dn": { "type": "string", "description": "Issuer Distinguished Name", "example": "CN=ExampleCA,O=Sample,C=SE" }, "expiration_date": { "type": "string", "description": "Expiration date", "format": "date-time", "example": "2038-01-19T03:14:07Z" }, "external": { "type": "boolean", "description": "Is external (whether CA certificate was imported)", "example": true } } }, "CaInfosRestResponse": { "type": "object", "properties": { "certificate_authorities": { "type": "array", "items": { "$ref": "#/components/schemas/CaInfoRestResponse" } } } }, "CertificateEnrollmentRestResponse": { "type": "object", "properties": { "certificate": { "type": "string", "description": "Certificate", "format": "byte", "example": "TUlJRFh6Q0NBLi4uZVcxWnJvMD0=" }, "serial_number": { "type": "string", "description": "Hex Serial Number", "example": "1234567890ABCDEF" }, "response_format": { "type": "string", "description": "Response format", "example": "DER" }, "certificate_chain": { "type": "array", "description": "CA Certificate chain", "example": [ "MII123efg...345xyz0=" ], "items": { "type": "string", "description": "CA Certificate chain", "format": "byte", "example": "WyJNSUkxMjNlZmcuLi4zNDV4eXowPSJd" } } } }, "CertificateRequestRestRequest": { "type": "object", "properties": { "certificate_request": { "type": "string", "description": "Certificate request", "example": "MIICh...V8shQ== OR -----BEGIN CERTIFICATE REQUEST-----\nMIICh...V8shQ==\n-----END CERTIFICATE REQUEST-----" }, "username": { "type": "string", "description": "Username", "example": "JohnDoe" }, "password": { "type": "string", "description": "Password", "example": "foo123" }, "include_chain": { "type": "boolean" }, "certificate_authority_name": { "type": "string", "description": "Certificate Authority (CA) name", "example": "ExampleCA" }, "certificate_request_type": { "type": "string", "description": "Certificate Request Type", "example": "PUBLICKEY, PKCS10, CRMF, SPKAC, or CVC" } } }, "AddEndEntityRestRequest": { "type": "object", "properties": { "username": { "type": "string", "description": "Username", "example": "JohnDoe" }, "password": { "type": "string", "description": "Password", "example": "foo123" }, "subject_dn": { "type": "string", "description": "Subject Distinguished Name", "example": "CN=John Doe,SURNAME=Doe,GIVENNAME=John,C=SE" }, "subject_alt_name": { "type": "string", "description": "Subject Alternative Name (SAN)", "example": "rfc822Name=john.doe@example.com" }, "email": { "type": "string", "description": "Email", "example": "john.doe@example.com" }, "extension_data": { "type": "array", "items": { "$ref": "#/components/schemas/ExtendedInformationRestRequestComponent" } }, "custom_data": { "type": "array", "items": { "$ref": "#/components/schemas/ExtendedInformationRestRequestComponent" } }, "ca_name": { "type": "string", "description": "Certificate Authority (CA) name", "example": "ExampleCA" }, "certificate_profile_name": { "type": "string", "description": "Certificate profile name", "example": "ENDUSER" }, "end_entity_profile_name": { "type": "string", "description": "End Entity profile name", "example": "ExampleEEP" }, "token": { "type": "string", "description": "Token type property", "example": "P12", "enum": [ "USERGENERATED, P12, JKS, PEM" ] }, "account_binding_id": { "type": "string", "description": "Account Binding ID", "example": "1234567890" }, "key_recoverable": { "type": "boolean", "description": "Key recoverable or not", "example": false }, "status": { "type": "string", "description": "End entity status property", "example": "NEW", "enum": [ "NEW, FAILED, INITIALIZED, INPROCESS, GENERATED, REVOKED, HISTORICAL, KEYRECOVERY, WAITINGFORADDAPPROVAL" ] }, "send_notification": { "type": "boolean", "description": "Send notification or not", "example": false }, "start_time": { "type": "string", "description": "Valid start time", "example": "ISO 8601 Date string, eg. '2023-06-15 14:07:09'" }, "end_time": { "type": "string", "description": "Valid end time", "example": "ISO 8601 Date string, eg. '2023-06-15 14:07:09'" }, "certificate_serial_number": { "type": "integer", "description": "Certificate Serial Number. If the serial number is provided both in this field and within the custom data, this field value will take precedence and the custom data value will be ignored.", "example": 1234567890 }, "card_number": { "type": "string", "description": "Card Number", "example": "1234567890" } } }, "EnrollCertificateWithEntityRestRequest": { "type": "object", "properties": { "certificate_request": { "type": "string", "description": "Certificate request", "example": "MIICh...V8shQ== OR -----BEGIN CERTIFICATE REQUEST-----\nMIICh...V8shQ==\n-----END CERTIFICATE REQUEST-----" }, "include_chain": { "type": "boolean", "description": "Key recoverable or not", "nullable": true, "example": false }, "certificate_request_type": { "type": "string", "description": "Certificate Request Type", "example": "PUBLICKEY, PKCS10, CRMF, SPKAC, or CVC" }, "response_format": { "type": "string", "description": "Response Format (DER format is default)", "example": "DER" }, "end_entity": { "$ref": "#/components/schemas/AddEndEntityRestRequest" } } }, "ExtendedInformationRestRequestComponent": { "type": "object", "properties": { "name": { "type": "string", "description": "For extension_data a certificate extension object identifier (OID), for custom_data a string variable and value see ExtendedInformation class", "example": "1.3.6.1.5.5.7.1.24/customdata_STARTTIME" }, "value": { "type": "string", "description": "OID value", "example": "3003020105/2022-12-13 00:00:00" } } }, "KeyStoreRestRequest": { "type": "object", "properties": { "username": { "type": "string", "description": "Username", "example": "JohnDoe" }, "password": { "type": "string", "description": "Password", "example": "foo123" }, "key_alg": { "type": "string", "description": "Key algorithm used for enrollment", "example": "RSA" }, "key_spec": { "type": "string", "description": "Key specification to use", "example": "4096" } } }, "EnrollCertificateRestRequest": { "type": "object", "properties": { "certificate_request": { "type": "string", "description": "Certificate request", "example": "MIICh...V8shQ== OR -----BEGIN CERTIFICATE REQUEST-----\nMIICh...V8shQ==\n-----END CERTIFICATE REQUEST-----" }, "certificate_profile_name": { "type": "string", "description": "Certificate profile name", "example": "ENDUSER" }, "end_entity_profile_name": { "type": "string", "description": "End Entity profile name", "example": "ExampleEEP" }, "certificate_authority_name": { "type": "string", "description": "Certificate Authority (CA) name", "example": "ExampleCA" }, "username": { "type": "string", "description": "Username", "example": "JohnDoe" }, "password": { "type": "string", "description": "Password", "example": "foo123" }, "account_binding_id": { "type": "string", "description": "Account Binding ID", "example": "1234567890" }, "include_chain": { "type": "boolean" }, "email": { "type": "string", "description": "Email", "example": "john.doe@example.com" }, "response_format": { "type": "string", "description": "Response Format (DER format is default)", "example": "DER" }, "subject_dn": { "type": "string", "description": "Overwrite Subject Distinguished Name", "example": "CN=John Doe,SURNAME=Doe,GIVENNAME=John,C=SE" }, "extension_data": { "type": "array", "items": { "$ref": "#/components/schemas/ExtendedInformationRestRequestComponent" } }, "custom_data": { "type": "array", "items": { "$ref": "#/components/schemas/ExtendedInformationRestRequestComponent" } }, "start_time": { "type": "string", "description": "Valid start time", "example": "ISO 8601 Date string, eg. '2023-06-15 14:07:09'" }, "end_time": { "type": "string", "description": "Valid end time", "example": "ISO 8601 Date string, eg. '2023-06-15 14:07:09'" } } }, "CertificateRestResponse": { "type": "object", "properties": { "certificate": { "type": "string", "description": "Certificate", "format": "byte", "example": "TUlJRFh6Q0NBLi4uZVcxWnJvMD0=" }, "serial_number": { "type": "string", "description": "Hex Serial Number", "example": "1234567890ABCDEF" }, "response_format": { "type": "string", "description": "Response format", "example": "DER" }, "certificate_chain": { "type": "array", "description": "Certificate chain", "example": [ "ABC123efg...345xyz0=" ], "items": { "type": "string", "description": "Certificate chain", "format": "byte", "example": "WyJBQkMxMjNlZmcuLi4zNDV4eXowPSJd" } }, "certificate_profile": { "type": "string", "description": "Certificate profile name", "example": "ENDUSER" }, "end_entity_profile": { "type": "string", "description": "End Entity profile name", "example": "ExampleEEP" } } }, "FinalizeRestRequest": { "type": "object", "properties": { "response_format": { "type": "string", "description": "Response format", "example": "P12", "enum": [ "P12, BCFKS, JKS, DER" ] }, "password": { "type": "string", "description": "Password", "example": "foo123" }, "key_alg": { "type": "string", "description": "Key algorithm", "example": "RSA" }, "key_spec": { "type": "string", "description": "Key specification", "example": "4096" } } }, "CertificatesRestResponse": { "type": "object", "properties": { "certificates": { "type": "array", "items": { "$ref": "#/components/schemas/CertificateRestResponse" } } } }, "ExpiringCertificatesRestResponse": { "type": "object", "properties": { "pagination_rest_response_component": { "$ref": "#/components/schemas/PaginationRestResponseComponent" }, "certificates_rest_response": { "$ref": "#/components/schemas/CertificatesRestResponse" } } }, "PaginationRestResponseComponent": { "type": "object", "properties": { "more_results": { "type": "boolean" }, "next_offset": { "type": "integer", "format": "int32" }, "number_of_results": { "type": "integer", "format": "int32" } } }, "RevokeStatusRestResponse": { "type": "object", "properties": { "issuer _distinguished _name": { "type": "string", "example": "CN=ExampleCA" }, "hex _serial _number": { "type": "string", "example": "1234567890ABCDEF" }, "rfc5280 revokation reason": { "type": "string", "example": "KEY_COMPROMISE" }, "revokation date": { "type": "string", "format": "date-time", "example": "1970-01-01T00:00:00Z" }, "invalidity date": { "type": "string", "format": "date-time", "example": "1970-01-01T00:00:00Z" }, "message": { "type": "string", "example": "Successfully revoked" }, "revoked": { "type": "boolean" } } }, "SearchCertificatesRestResponse": { "type": "object", "properties": { "certificates": { "type": "array", "items": { "$ref": "#/components/schemas/CertificateRestResponse" } }, "more_results": { "type": "boolean" } } }, "SearchCertificateCriteriaRestRequest": { "type": "object", "properties": { "property": { "type": "string", "description": "A search property", "example": "CERTIFICATE_PROFILE", "enum": [ "QUERY, SERIAL_NUMBER, USERNAME, SUBJECT_DN, SUBJECT_ALT_NAME, EXTERNAL_ACCOUNT_BINDING_ID, END_ENTITY_PROFILE, CERTIFICATE_PROFILE, EXTERNAL_ACCOUNT_BINDING_ID, CA, STATUS, ISSUED_DATE, EXPIRE_DATE, REVOCATION_DATE" ] }, "value": { "type": "string", "description": "A search value. This could be sting value, ISO 8601 Date string, an appropriate string name of End Entity Profile or Certificate Profile or CA", "example": "ENDUSER" }, "operation": { "type": "string", "description": "An operation for property on inserted value. 'EQUAL' for string, 'LIKE' for string value ('QUERY'), 'BEGINS_WITH' for string value (case sensitive trailing wildcard search.), 'BEFORE' or 'AFTER' for date values", "example": "EQUAL", "enum": [ "EQUAL", "LIKE", "BEGINS_WITH", "BEFORE", "AFTER" ] } }, "description": "Use one of allowed values as property(see enum values below).\nQUERY - multiplicity [0, 1] - is used to search by SubjectDn, SubjectAn, Username or SerialNr; \nSERIAL_NUMBER - multiplicity [0, 1] - is used to search by SerialNr; \nSUBJECT_DN - multiplicity [0, 1] - is used to search by SubjectDn; \nSUBJECT_ALT_NAME - multiplicity [0, 1] - is used to search by SubjectAn; \nUSERNAME - multiplicity [0, 1] - is used to search by Username; \nEXTERNAL_ACCOUNT_BINDING_ID - multiplicity [0, 1] - is used to search by Account Binding Id; \nAvailable STATUS - multiplicity [0, 12] - values are: CERT_ACTIVE, CERT_REVOKED, REVOCATION_REASON_UNSPECIFIED, REVOCATION_REASON_KEYCOMPROMISE, REVOCATION_REASON_CACOMPROMISE, REVOCATION_REASON_AFFILIATIONCHANGED, REVOCATION_REASON_SUPERSEDED, REVOCATION_REASON_CESSATIONOFOPERATION, REVOCATION_REASON_CERTIFICATEHOLD, REVOCATION_REASON_REMOVEFROMCRL, REVOCATION_REASON_PRIVILEGESWITHDRAWN, REVOCATION_REASON_AACOMPROMISE;\n\nEND_ENTITY_PROFILE, CERTIFICATE_PROFILE, CA - multiplicity [0, *) - exact match of the name for referencing End Entity Profile, Certificate Profile or CA; \nISSUED_DATE 'BEFORE' - multiplicity [0, 1] - ISO 8601 Date string; \nISSUED_DATE 'AFTER' - multiplicity [0, 1] - ISO 8601 Date string; \nEXPIRE_DATE 'BEFORE' - multiplicity [0, 1] - ISO 8601 Date string; \nEXPIRE_DATE 'AFTER' - multiplicity [0, 1] - ISO 8601 Date string; \nREVOCATION_DATE 'BEFORE' - multiplicity [0, 1] - ISO 8601 Date string; \nREVOCATION_DATE 'AFTER' - multiplicity [0, 1] - ISO 8601 Date string. \nUPDATE_TIME 'BEFORE' - multiplicity [0, 1] - ISO 8601 Date string; \nUPDATE_TIME 'AFTER' - multiplicity [0, 1] - ISO 8601 Date string; \n" }, "SearchCertificatesRestRequest": { "type": "object", "properties": { "max_number_of_results": { "type": "integer", "description": "Maximum number of results", "format": "int32", "example": 10 }, "criteria": { "type": "array", "description": "A List of search criteria.", "items": { "$ref": "#/components/schemas/SearchCertificateCriteriaRestRequest" } } } }, "CertificateCountResponse": { "type": "object", "properties": { "count": { "type": "integer", "description": "The quantity of issued or active certificates", "format": "int64", "example": 1054 } } }, "CertificateProfileInfoRestResponseV2": { "type": "object", "properties": { "certificate_profile_id": { "type": "integer", "format": "int32" }, "available_key_algs": { "type": "array", "items": { "type": "string" } }, "available_alt_key_algs": { "type": "array", "description": "Alternative algorithm keys", "items": { "type": "string", "description": "Alternative algorithm keys" } }, "available_bit_lenghts": { "type": "array", "items": { "type": "integer", "format": "int32" } }, "available_ecdsa_curves": { "type": "array", "items": { "type": "string" } }, "available_cas": { "type": "array", "items": { "type": "string" } }, "key_usages": { "type": "array", "items": { "type": "integer", "format": "int32" } }, "extended_key_usages": { "type": "array", "items": { "type": "string" } }, "validity": { "type": "string" } } }, "KeyImportRestRequestV2": { "type": "object", "properties": { "certificate_profile_name": { "type": "string", "description": "Certificate Profile Name", "example": "ENDUSER" }, "end_entity_profile_name": { "type": "string", "description": "End Entity Profile Name", "example": "ExampleEEP" }, "keystores": { "type": "array", "items": { "$ref": "#/components/schemas/KeystoreRestRequestComponent" } } } }, "KeystoreRestRequestComponent": { "type": "object", "properties": { "username": { "type": "string", "description": "Username. New or existing end entity name", "example": "JohnDoe" }, "keystore": { "type": "string", "description": "Keystore bytes (base64)", "example": "MIACaMQwqALD...452MRTqwsTR=" }, "password": { "type": "string", "description": "Password to p12", "example": "foo123" } } }, "CertificateRestResponseV2": { "type": "object", "properties": { "fingerprint": { "type": "string", "description": "Certificate fingerprint", "example": "123abc456def789ghi123klm456nop789qrs123t" }, "c_afingerprint": { "type": "string", "description": "Certificate Authority fingerprint", "example": "abc123def456ghi789klm123nop456qrs789tvx1" }, "certificate_profile_id": { "type": "integer", "description": "Certificate Profile Identifier", "format": "int32", "example": 1 }, "end_entity_profile_id": { "type": "integer", "description": "End Entity Profile Identifier", "format": "int32", "example": 1 }, "expire_date": { "type": "integer", "description": "Date after which certificate should be considered expired", "format": "int64", "example": 2147483647000 }, "issuer_dn": { "type": "string", "description": "Issuer Distinguished Name", "example": "CN=ExampleCA" }, "not_before": { "type": "integer", "description": "Date at which certificate became valid", "format": "int64", "example": 1659952800011 }, "revocation_date": { "type": "integer", "description": "Revocation date", "format": "int64", "example": -1 }, "revocation_reason": { "type": "integer", "description": "Revocation reason", "format": "int32", "example": -1, "enum": [null] }, "serial_number": { "type": "string", "description": "Hex Serial Number", "example": "1234567890ABCDEF" }, "status": { "type": "integer", "description": "Certificate status", "format": "int32", "example": 20 }, "subject_alt_name": { "type": "string", "description": "Subject Alternative Name (SAN)", "example": "rfc822Name=john.doe@example.com" }, "subject_dn": { "type": "string", "description": "Subject Distinguished Name", "example": "CN=John Doe,SURNAME=Doe,GIVENNAME=John,C=SE" }, "subject_key_id": { "type": "string", "description": "Subject Key Identifier", "example": "z123abc456def789ghi123klm456nop789qrs123" }, "tag": { "type": "string" }, "type": { "type": "integer", "format": "int32" }, "udpate_time": { "type": "integer", "description": "Update time", "format": "int64", "example": 1659967133000 }, "username": { "type": "string", "description": "Username", "example": "JohnDoe" }, "base64_cert": { "type": "string", "description": "Base64 encoded certificate", "format": "byte", "example": "VFVsSlIuLi50MkE9PQ==" }, "certificate_request": { "type": "string", "description": "Certificate request", "example": "-----BEGIN CERTIFICATE REQUEST-----\nMIICh...V8shQ==\n-----END CERTIFICATE REQUEST-----" }, "crl_partition_index": { "type": "integer", "description": "CRL partition index", "format": "int32", "example": 1 }, "invalidity_date": { "type": "integer", "description": "Invalidity date", "format": "int64", "example": -1 }, "certificate_profile": { "type": "string", "description": "Certificate Profile Name", "example": "ENDUSER" }, "end_entity_profile": { "type": "string", "description": "End Entity Profile Name", "example": "EMPTY" } } }, "PaginationSummary": { "type": "object", "properties": { "page_size": { "type": "integer", "format": "int32" }, "current_page": { "type": "integer", "format": "int32" }, "total_certs": { "type": "integer", "format": "int64" } } }, "SearchCertificatesRestResponseV2": { "type": "object", "properties": { "certificates": { "type": "array", "items": { "$ref": "#/components/schemas/CertificateRestResponseV2" } }, "pagination_summary": { "$ref": "#/components/schemas/PaginationSummary" } } }, "Pagination": { "type": "object", "properties": { "page_size": { "type": "integer", "description": "Number of results per page", "format": "int32", "example": 10 }, "current_page": { "type": "integer", "description": "Current page number", "format": "int32", "example": 1 } }, "description": "Pagination." }, "SearchCertificateSortRestRequest": { "type": "object", "properties": { "property": { "type": "string", "description": "Sorted by", "enum": [ "USERNAME", "ISSUER_DN", "SUBJECT_DN", "EXTERNAL_ACCOUNT_BINDING_ID", "END_ENTITY_PROFILE", "CERTIFICATE_PROFILE", "STATUS", "TAG", "TYPE", "UPDATE_TIME", "ISSUED_DATE", "EXPIRE_DATE", "REVOCATION_DATE" ] }, "operation": { "type": "string", "description": "Sort ascending or descending. 'ASC' for ascending, 'DESC' for descending.", "enum": [ "ASC", "DESC" ] } }, "description": "Use one of allowed values as property and operation.\nAvailable propertiesUSERNAME \nISSUER_DN \nSUBJECT_DN \nEXTERNAL_ACCOUNT_BINDING_ID \nEND_ENTITY_PROFILE \nCERTIFICATE_PROFILE \nSTATUS \nTAG \nTYPE \nUPDATE_TIME \nISSUED_DATE \nEXPIRE_DATE \nREVOCATION_DATE \n\nAvailable operationsASC \nDESC \n" }, "SearchCertificatesRestRequestV2": { "type": "object", "properties": { "pagination": { "$ref": "#/components/schemas/Pagination" }, "sort": { "$ref": "#/components/schemas/SearchCertificateSortRestRequest" }, "criteria": { "type": "array", "description": "A List of search criteria.", "items": { "$ref": "#/components/schemas/SearchCertificateCriteriaRestRequest" } } } }, "ConfigdumpResults": { "type": "object", "properties": { "success": { "type": "boolean" }, "errors": { "type": "array", "items": { "type": "string" } }, "warnings": { "type": "array", "items": { "type": "string" } } } }, "CryptoTokenActivationRestRequest": { "type": "object", "properties": { "activation_code": { "type": "string", "description": "Activation Code", "example": "foo123" } } }, "CryptoTokenKeyGenerationRestRequest": { "type": "object", "properties": { "key_pair_alias": { "type": "string", "description": "Key pair aliasof the key pair to be generated, must not already exist", "example": "signKey" }, "key_alg": { "type": "string", "description": "Key algorithm, required for some algorithms, RSA, not required for others like EC or ML-DSA", "example": "RSA" }, "key_spec": { "type": "string", "description": "Key specification, key size, curve or name, must be supported by the underlying crypto token, like 4096 for RSA or secp256r1 for EC", "example": "4096" }, "key_usage": { "type": "string", "description": "Optional key usage, affects some crypto tokens (PKCS#11 NG) but not most others. Values SIGN, ENCRYPT, SIGN_ENCRYPT", "example": "SIGN" } } }, "EndEntityRestResponse": { "type": "object", "properties": { "username": { "type": "string", "description": "Username", "example": "JohnDoe" }, "dn": { "type": "string", "description": "Subject Distinguished Name", "example": "CN=John Doe,SURNAME=Doe,GIVENNAME=John,C=SE" }, "subject_alt_name": { "type": "string", "description": "Subject Alternative Name (SAN)", "example": "rfc822Name=john.doe@example.com" }, "email": { "type": "string", "description": "Email", "example": "john.doe@example.com" }, "status": { "type": "string", "description": "End Entity status", "example": "NEW", "enum": [ "NEW, FAILED, INITIALIZED, INPROCESS, GENERATED, REVOKED, HISTORICAL, KEYRECOVERY, WAITINGFORADDAPPROVAL" ] }, "token": { "type": "string", "description": "Token type", "example": "P12", "enum": [ "USERGENERATED, P12, BCFKS, JKS, PEM" ] }, "extension_data": { "type": "array", "description": "Extended Information", "items": { "$ref": "#/components/schemas/ExtendedInformationRestResponseComponent" } } } }, "ExtendedInformationRestResponseComponent": { "type": "object", "properties": { "name": { "type": "string", "description": "Extended Information property name", "example": "1.3.6.1.5.5.7.1.24" }, "value": { "type": "string", "description": "Property value", "example": "3003020105" }, "internal_name": { "type": "boolean" } }, "description": "Extended Information" }, "SearchEndEntitiesRestResponse": { "type": "object", "properties": { "end_entities": { "type": "array", "items": { "$ref": "#/components/schemas/EndEntityRestResponse" } }, "more_results": { "type": "boolean" } } }, "SearchEndEntitiesRestRequest": { "type": "object", "properties": { "max_number_of_results": { "type": "integer", "description": "Maximum number of results", "format": "int32", "example": 10 }, "current_page": { "type": "integer", "description": "Current page number", "format": "int32", "example": 0 }, "criteria": { "type": "array", "description": "A List of search criteria.", "items": { "$ref": "#/components/schemas/SearchEndEntityCriteriaRestRequest" } } } }, "SearchEndEntityCriteriaRestRequest": { "type": "object", "properties": { "property": { "type": "string", "description": "A search property", "enum": [ "QUERY", "END_ENTITY_PROFILE", "CERTIFICATE_PROFILE", "CA", "STATUS", "MODIFIED_BEFORE", "MODIFIED_AFTER" ] }, "value": { "type": "string", "description": "A search value. This could be string value, an appropriate string name of End Entity Profile or Certificate Profile or CA", "example": "exampleUsername" }, "operation": { "type": "string", "description": "An operation for property on inserted value. 'EQUALS' for string, 'LIKE' for string value ('QUERY')", "enum": [ "EQUAL", "LIKE" ] } }, "description": "Use one of allowed values as property(see enum values below).\nQUERY - multiplicity [0, 1] - is used to search by SubjectDn, SubjectAn, Username; \nAvailable STATUS - multiplicity [0, 9] - values are: NEW, FAILED, INITIALIZED, INPROCESS, GENERATED, REVOKED, HISTORICAL, KEYRECOVERY, WAITINGFORADDAPPROVAL;\n\nEND_ENTITY_PROFILE, CERTIFICATE_PROFILE, CA - multiplicity [0, *) - exact match of the name for referencing End Entity Profile, Certificate Profile or CA; \n" }, "SetEndEntityStatusRestRequest": { "type": "object", "properties": { "password": { "type": "string", "description": "Password", "example": "foo123" }, "token": { "type": "string", "description": "Token type property", "example": "USERGENERATED", "enum": [ "USERGENERATED, P12, BCFKS, JKS, PEM" ] }, "status": { "type": "string", "description": "End entity status property", "example": "NEW", "enum": [ "NEW, FAILED, INITIALIZED, INPROCESS, GENERATED, REVOKED, HISTORICAL, KEYRECOVERY, WAITINGFORADDAPPROVAL" ] } }, "description": "Use one of allowed values as property(see enum values below).\nAvailable TOKEN - USERGENERATED, P12, BCFKS, JKS, PEM; \nAvailable STATUS - NEW, FAILED, INITIALIZED, INPROCESS, GENERATED, REVOKED, HISTORICAL, KEYRECOVERY, WAITINGFORADDAPPROVAL;\n" }, "AuthorizedEEPsRestResponse": { "type": "object", "properties": { "end_entitie_profiles": { "type": "array", "items": { "$ref": "#/components/schemas/EndEntityProfileRestResponse" } } } }, "EndEntityProfileRestResponse": { "type": "object", "properties": { "name": { "type": "string", "description": "End Entity profile name", "example": "ExampleEEP" }, "id": { "type": "integer", "description": "End Entity profile ID", "format": "int64", "example": 1234567890 }, "description": { "type": "string", "description": "Description", "example": "Example End Entity profile" } } }, "EndEntityProfileResponse": { "type": "object", "properties": { "end_entity_profile_name": { "type": "string", "description": "End Entity profile name", "example": "ExampleEEP" }, "available_cas": { "type": "array", "description": "List of available Certificate Authorities (CAs)", "example": [ "ExampleCA" ], "items": { "type": "string", "description": "List of available Certificate Authorities (CAs)", "example": "[\"ExampleCA\"]" } }, "available_certificate_profiles": { "type": "array", "description": "List of available Certificate Profiles", "example": [ "ENDUSER" ], "items": { "type": "string", "description": "List of available Certificate Profiles", "example": "[\"ENDUSER\"]" } }, "subject_distinguished_name_fields": { "type": "array", "description": "List of Subject DN Attributes", "example": [ "CN" ], "items": { "type": "string", "description": "List of Subject DN Attributes", "example": "[\"CN\"]" } }, "subject_alternative_name_fields": { "type": "array", "description": "List of Subject Alternative Name fields", "example": [ "RFC822NAME" ], "items": { "type": "string", "description": "List of Subject Alternative Name fields", "example": "[\"RFC822NAME\"]" } } } }, "SearchEndEntitiesRestRequestV2": { "type": "object", "properties": { "max_number_of_results": { "type": "integer", "description": "Maximum number of results", "format": "int32", "example": 10 }, "current_page": { "type": "integer", "description": "Current page number", "format": "int32", "example": 1 }, "criteria": { "type": "array", "description": "A List of search criteria.", "items": { "$ref": "#/components/schemas/SearchEndEntityCriteriaRestRequest" } }, "sort_operation": { "$ref": "#/components/schemas/SearchEndEntitiesSortRestRequest" } } }, "SearchEndEntitiesSortRestRequest": { "type": "object", "properties": { "property": { "type": "string", "description": "Sorted by", "enum": [ "USERNAME", "SUBJECT_DN", "SUBJECT_ALT_NAME", "END_ENTITY_PROFILE", "CERTIFICATE_PROFILE", "STATUS", "UPDATE_TIME", "CREATED_TIME" ] }, "operation": { "type": "string", "description": "Sort ascending or descending. 'ASC' for ascending, 'DESC' for descending.", "enum": [ "ASC", "DESC" ] } }, "description": "Use one of allowed values as property and operation.\nAvailable propertiesUSERNAME \nSUBJECT_DN \nSUBJECT_ALT_NAME \nEND_ENTITY_PROFILE(by databse identifier, not user-given name) \nCERTIFICATE_PROFILE(by identifier) \nCA(by identifier) \nSTATUS \nUPDATE_TIME \nCREATED_DATE \n\nAvailable operationsASC \nDESC \n" }, "SshPublicKeyRestResponse": { "type": "object", "properties": { "ca_name": { "type": "string", "description": "Certificate Authority (CA) name", "example": "ExampleCA" }, "response": { "type": "string", "description": "CA’s public key", "example": "ssh-rsa AAAAB...QxLwx SshCA" } } }, "SshCertificateRestResponse": { "type": "object", "properties": { "certificate": { "type": "string", "description": "Certificate", "format": "byte", "example": "YzNOLi4uVDA5" }, "response_format": { "type": "string", "description": "Response format", "example": "BYTE" } } }, "SshCertificateRequestRestRequest": { "type": "object", "properties": { "end_entity_profile": { "type": "string", "description": "End Entity profile name", "example": "ExampleEEP" }, "certificate_profile": { "type": "string", "description": "Certificate profile name", "example": "ENDUSER" }, "certificate_authority": { "type": "string", "description": "Certificate Authority (CA) name", "example": "ExampleCA" }, "key_id": { "type": "string", "description": "SSH Key Identifier", "example": "ski-02" }, "comment": { "type": "string", "description": "Comment", "example": "Yellow fish under blue water" }, "public_key": { "type": "string", "description": "Public Key", "example": "ssh-rsa AAA...EWj" }, "principals": { "type": "array", "description": "Valid principals", "example": [ "Wishman", "Bradman" ], "items": { "type": "string", "description": "Valid principals", "example": "[\"Wishman\",\"Bradman\"]" } }, "critical_options": { "$ref": "#/components/schemas/SshCriticalOptions" }, "additional_extensions": { "type": "object", "additionalProperties": { "type": "string", "format": "byte", "readOnly": true }, "readOnly": true }, "username": { "type": "string", "description": "Username", "example": "JohnDoe" }, "password": { "type": "string", "description": "Password", "example": "foo123" }, "not_before": { "type": "string", "description": "Valid notBefore date", "example": "ISO 8601 Date string, eg. '2023-06-15T14:07:09Z'" }, "not_after": { "type": "string", "description": "Valid notAfter date", "example": "ISO 8601 Date string, eg. '2024-06-15T14:07:09Z'" } } }, "SshCriticalOptions": { "type": "object", "properties": { "forceCommand": { "type": "string", "description": "force-command", "example": "./init.sh" }, "sourceAddress": { "type": "string", "description": "source-address", "example": "1.2.3.0/24,1.10.10.1/32" } }, "description": "Critical options" } } } }