{ "swagger": "2.0", "info": { "title": "plgd certificate authority - API", "version": "1.0", "contact": { "name": "plgd.dev", "url": "https://github.com/plgd-dev/hub", "email": "info@plgd.dev" }, "license": { "name": "Apache License 2.0", "url": "https://github.com/plgd-dev/hub/blob/v2/LICENSE" } }, "tags": [ { "name": "CertificateAuthority" } ], "schemes": [ "https" ], "consumes": [ "application/json", "application/protojson" ], "produces": [ "application/json", "application/protojson" ], "paths": { "/api/v1/sign/csr": { "post": { "summary": "SignCertificate sends a Certificate Signing Request to the certificate authority \nand obtains a signed certificate. Both in the PEM format.", "operationId": "CertificateAuthority_SignCertificate", "responses": { "200": { "description": "A successful response.", "schema": { "$ref": "#/definitions/pbSignCertificateResponse" } }, "default": { "description": "An unexpected error response.", "schema": { "$ref": "#/definitions/rpcStatus" } } }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/pbSignCertificateRequest" } } ], "tags": [ "sign csr" ] } }, "/api/v1/sign/identity-csr": { "post": { "summary": "SignIdentityCertificate sends a Identity Certificate Signing Request to the certificate authority \nand obtains a signed certificate. Both in the PEM format. It adds EKU: '1.3.6.1.4.1.44924.1.6' .", "operationId": "CertificateAuthority_SignIdentityCertificate", "responses": { "200": { "description": "A successful response.", "schema": { "$ref": "#/definitions/pbSignCertificateResponse" } }, "default": { "description": "An unexpected error response.", "schema": { "$ref": "#/definitions/rpcStatus" } } }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/pbSignCertificateRequest" } } ], "tags": [ "sign csr" ] } }, "/api/v1/signing/records": { "get": { "summary": "Get signed certificate records.", "operationId": "CertificateAuthority_GetSigningRecords", "responses": { "200": { "description": "A successful response.(streaming responses)", "schema": { "type": "object", "properties": { "result": { "$ref": "#/definitions/pbSigningRecord" }, "error": { "$ref": "#/definitions/rpcStatus" } }, "title": "Stream result of pbSigningRecord" } }, "default": { "description": "An unexpected error response.", "schema": { "$ref": "#/definitions/rpcStatus" } } }, "parameters": [ { "name": "idFilter", "description": "Filter by id.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" }, { "name": "commonNameFilter", "description": "Filter by common_name.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" }, { "name": "deviceIdFilter", "description": "Filter by device_id - provides only identity certificates.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" } ], "tags": [ "signing records" ] }, "delete": { "summary": "Revoke signed certificate records or delete expired signed certificate records.", "operationId": "CertificateAuthority_DeleteSigningRecords", "responses": { "200": { "description": "A successful response.", "schema": { "$ref": "#/definitions/pbDeletedSigningRecords" } }, "default": { "description": "An unexpected error response.", "schema": { "$ref": "#/definitions/rpcStatus" } } }, "parameters": [ { "name": "idFilter", "description": "Filter by id.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" }, { "name": "deviceIdFilter", "description": "Filter by common_name.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" } ], "tags": [ "signing records" ] } }, "/certificate-authority/api/v1/sign/csr": { "post": { "summary": "SignCertificate sends a Certificate Signing Request to the certificate authority \nand obtains a signed certificate. Both in the PEM format.", "operationId": "CertificateAuthority_SignCertificate2", "responses": { "200": { "description": "A successful response.", "schema": { "$ref": "#/definitions/pbSignCertificateResponse" } }, "default": { "description": "An unexpected error response.", "schema": { "$ref": "#/definitions/rpcStatus" } } }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/pbSignCertificateRequest" } } ], "tags": [ "sign csr" ] } }, "/certificate-authority/api/v1/sign/identity-csr": { "post": { "summary": "SignIdentityCertificate sends a Identity Certificate Signing Request to the certificate authority \nand obtains a signed certificate. Both in the PEM format. It adds EKU: '1.3.6.1.4.1.44924.1.6' .", "operationId": "CertificateAuthority_SignIdentityCertificate2", "responses": { "200": { "description": "A successful response.", "schema": { "$ref": "#/definitions/pbSignCertificateResponse" } }, "default": { "description": "An unexpected error response.", "schema": { "$ref": "#/definitions/rpcStatus" } } }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/pbSignCertificateRequest" } } ], "tags": [ "sign csr" ] } }, "/certificate-authority/api/v1/signing/records": { "get": { "summary": "Get signed certificate records.", "operationId": "CertificateAuthority_GetSigningRecords2", "responses": { "200": { "description": "A successful response.(streaming responses)", "schema": { "type": "object", "properties": { "result": { "$ref": "#/definitions/pbSigningRecord" }, "error": { "$ref": "#/definitions/rpcStatus" } }, "title": "Stream result of pbSigningRecord" } }, "default": { "description": "An unexpected error response.", "schema": { "$ref": "#/definitions/rpcStatus" } } }, "parameters": [ { "name": "idFilter", "description": "Filter by id.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" }, { "name": "commonNameFilter", "description": "Filter by common_name.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" }, { "name": "deviceIdFilter", "description": "Filter by device_id - provides only identity certificates.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" } ], "tags": [ "signing records" ] }, "delete": { "summary": "Revoke signed certificate records or delete expired signed certificate records.", "operationId": "CertificateAuthority_DeleteSigningRecords2", "responses": { "200": { "description": "A successful response.", "schema": { "$ref": "#/definitions/pbDeletedSigningRecords" } }, "default": { "description": "An unexpected error response.", "schema": { "$ref": "#/definitions/rpcStatus" } } }, "parameters": [ { "name": "idFilter", "description": "Filter by id.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" }, { "name": "deviceIdFilter", "description": "Filter by common_name.", "in": "query", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" } ], "tags": [ "signing records" ] } } }, "definitions": { "pbCredentialStatus": { "type": "object", "properties": { "date": { "type": "string", "format": "int64", "description": "Last time the device requested provisioning, in unix nanoseconds timestamp format.\n\n@gotags: bson:\"date\"" }, "certificatePem": { "type": "string", "description": "Last certificate issued.\n\n@gotags: bson:\"identityCertificate\"" }, "validUntilDate": { "type": "string", "format": "int64", "description": "@gotags: bson:\"validUntilDate\"", "title": "Record valid until date, in unix nanoseconds timestamp format" }, "serial": { "type": "string", "description": "@gotags: bson:\"serial\"", "title": "Serial number of the last certificate issued" }, "issuerId": { "type": "string", "description": "@gotags: bson:\"issuerId\"", "title": "Issuer id is calculated from the issuer's public certificate, and it is computed as uuid.NewSHA1(uuid.NameSpaceX500, publicKeyRaw)" } } }, "pbDeletedSigningRecords": { "type": "object", "properties": { "count": { "type": "string", "format": "int64", "description": "Number of deleted records." } }, "title": "Revoke or delete certificates" }, "pbSignCertificateRequest": { "type": "object", "properties": { "certificateSigningRequest": { "type": "string", "format": "byte", "title": "PEM format" } } }, "pbSignCertificateResponse": { "type": "object", "properties": { "certificate": { "type": "string", "format": "byte", "title": "PEM format" } } }, "pbSigningRecord": { "type": "object", "properties": { "id": { "type": "string", "description": "The registration ID is determined by applying a formula that utilizes the certificate properties, and it is computed as uuid.NewSHA1(uuid.NameSpaceX500, common_name + uuid.NewSHA1(uuid.NameSpaceX500, publicKeyRaw)).\n\n@gotags: bson:\"_id\"" }, "owner": { "type": "string", "description": "Certificate owner.\n\n@gotags: bson:\"owner\"" }, "commonName": { "type": "string", "description": "Common name of the certificate. If device_id is provided in the common name, then for update public key must be same.\n\n@gotags: bson:\"commonName\"" }, "deviceId": { "type": "string", "description": "DeviceID of the identity certificate.\n\n@gotags: bson:\"deviceId,omitempty\"" }, "publicKey": { "type": "string", "description": "Public key fingerprint in uuid.NewSHA1(uuid.NameSpaceX500, publicKeyRaw) of the certificate.\n\n@gotags: bson:\"publicKey\"" }, "creationDate": { "type": "string", "format": "int64", "description": "@gotags: bson:\"creationDate,omitempty\"", "title": "Record creation date, in unix nanoseconds timestamp format" }, "credential": { "$ref": "#/definitions/pbCredentialStatus", "description": "Last credential provision overview.\n\n@gotags: bson:\"credential\"" } } }, "protobufAny": { "type": "object", "properties": { "@type": { "type": "string" } }, "additionalProperties": {} }, "rpcStatus": { "type": "object", "properties": { "code": { "type": "integer", "format": "int32" }, "message": { "type": "string" }, "details": { "type": "array", "items": { "type": "object", "$ref": "#/definitions/protobufAny" } } } } } }