openapi: 3.1.0 info: title: CZERTAINLY Authority Provider Legacy API description: REST API for implementations of custom Legacy Authority Provider contact: name: CZERTAINLY url: https://www.czertainly.com email: info@czertainly.com license: name: MIT License url: https://github.com/CZERTAINLY/CZERTAINLY/blob/develop/LICENSE.md version: 2.14.1 x-logo: url: images/czertainly_color_H.svg externalDocs: description: CZERTAINLY Documentation url: https://docs.czertainly.com servers: - url: https://demo.czertainly.online/api description: CZERTAINLY Demo server tags: - name: Connector Info description: "Connector Information API. Each connector may have multiple functions represented by FunctionGroupCode. For each FunctionGroupCode there is a list of implemented end points. These endpoints must be according the specified interface, this is validated by the core. You can also implement helper end points that are used for callbacks and other relevant operations specific to implementation." - name: Certificate Management description: Certificate Management API - name: End Entity Profiles description: End Entity Profiles API - name: Health check description: "Connector Health check API. Connector returns own status and in some cases can return status of services on which it depends like database, HSM and so on." - name: Authority Management description: Authority Management API - name: End Entity Management description: End Entity Management API - name: Connector Attributes description: Connector Attributes API. Provides information about supported Attributes of the connector. Attributes are specific to implementation and gives information about the data that can be exchanged and properly parsed by the connector. Part of this API is validation of the Attributes. paths: /v1/authorityProvider/authorities/{uuid}/endEntityProfiles/{endEntityProfileName}/endEntities/{endEntityName}/resetPassword: put: tags: - End Entity Management summary: Reset End Entity password operationId: resetPassword parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileName in: path description: End Entity Profile Name required: true schema: type: string - name: endEntityName in: path description: End Entity Name required: true schema: type: string responses: "200": description: End Entity password reset "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/{functionalGroup}/{kind}/attributes/validate: post: tags: - Connector Attributes summary: Validate Attributes operationId: validateAttributes parameters: - name: functionalGroup in: path description: Function Group required: true schema: $ref: "#/components/schemas/FunctionGroupCode" - name: kind in: path description: Kind required: true schema: type: string requestBody: content: application/json: schema: type: array items: $ref: "#/components/schemas/RequestAttributeDto" required: true responses: "200": description: Attribute validation completed "422": description: Attribute validation failed content: application/json: schema: type: array items: type: string example: - Error Message 1 - Error Message 2 "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities: get: tags: - Authority Management summary: List Authority instances operationId: listAuthorityInstances responses: "200": description: Authority instance list retrieved content: application/json: schema: type: array items: $ref: "#/components/schemas/AuthorityProviderInstanceDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] post: tags: - Authority Management summary: Create Authority instance operationId: createAuthorityInstance requestBody: content: application/json: schema: $ref: "#/components/schemas/AuthorityProviderInstanceRequestDto" required: true responses: "200": description: Authority instance created content: application/json: schema: $ref: "#/components/schemas/AuthorityProviderInstanceDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}: get: tags: - Authority Management summary: Get an Authority instance operationId: getAuthorityInstance parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string responses: "200": description: Authority instance retrieved content: application/json: schema: $ref: "#/components/schemas/AuthorityProviderInstanceDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] post: tags: - Authority Management summary: Update Authority instance operationId: updateAuthorityInstance parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/AuthorityProviderInstanceRequestDto" required: true responses: "200": description: Authority instance updated content: application/json: schema: $ref: "#/components/schemas/AuthorityProviderInstanceDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] delete: tags: - Authority Management summary: Remove Authority instance operationId: removeAuthorityInstance parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string responses: "200": description: Authority instance removed "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error "204": description: No Content security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/raProfile/attributes/validate: post: tags: - Authority Management summary: Validate RA Profile attributes operationId: validateRAProfileAttributes parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string requestBody: content: application/json: schema: type: array items: $ref: "#/components/schemas/RequestAttributeDto" required: true responses: "200": description: RA Profile Attributes information validated "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/endEntityProfiles/{endEntityProfileName}/endEntities: get: tags: - End Entity Management summary: List End Entities operationId: listEndEntities parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileName in: path description: End Entity Profile Name required: true schema: type: string responses: "200": description: End Entities retrieved content: application/json: schema: type: array items: $ref: "#/components/schemas/EndEntityDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] post: tags: - End Entity Management summary: Create End Entity operationId: createEndEntity parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileName in: path description: End Entity Profile Name required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/AddEndEntityRequestDto" required: true responses: "200": description: End Entity created "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/endEntityProfiles/{endEntityProfileName}/endEntities/{endEntityName}: get: tags: - End Entity Management summary: Get End Entity operationId: getEndEntity parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileName in: path description: End Entity Profile Name required: true schema: type: string - name: endEntityName in: path description: End Entity Name required: true schema: type: string responses: "200": description: End Entity retrieved content: application/json: schema: $ref: "#/components/schemas/EndEntityDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] post: tags: - End Entity Management summary: Update End Entity operationId: updateEndEntity parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileName in: path description: End Entity Profile Name required: true schema: type: string - name: endEntityName in: path description: End Entity Name required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/EditEndEntityRequestDto" required: true responses: "200": description: End Entity updated "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] delete: tags: - End Entity Management summary: Remove End Entity operationId: removeEndEntity parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileName in: path description: End Entity Profile Name required: true schema: type: string - name: endEntityName in: path description: End Entity Name required: true schema: type: string responses: "200": description: End Entity removed "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/endEntityProfiles/{endEntityProfileName}/certificates/revoke: post: tags: - Certificate Management summary: Revoke Certificate operationId: revokeCertificate parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileName in: path description: End Entity Profile Name required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/CertRevocationDto" required: true responses: "200": description: Certificate revoked "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/endEntityProfiles/{endEntityProfileName}/certificates/issue: post: tags: - Certificate Management summary: Issue Certificate operationId: issueCertificate parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileName in: path description: End Entity Profile Name required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/CertificateSignRequestDto" required: true responses: "200": description: Certificate issued content: application/json: schema: $ref: "#/components/schemas/CertificateSignResponseDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/crl: post: tags: - Authority Management summary: Get the latest CRL for the Authority Instance description: "Returns the latest CRL for the Authority Instance. If delta is true, the delta CRL is returned, otherwise the full CRL is returned. When the CRL is not available for Authority Instance, null data is returned." operationId: getCrl parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/CertificateRevocationListRequestDto" required: true responses: "200": description: CRL retrieved content: application/json: schema: $ref: "#/components/schemas/CertificateRevocationListResponseDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/caCertificates: post: tags: - Authority Management summary: Get the Authority Instance's certificate chain description: "Returns the Authority Instance's certificate chain. The chain is returned as a list of Base64 encoded certificates, starting with the Authority Instance's certificate and ending with the root certificate, if available." operationId: getCaCertificates parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/CaCertificatesRequestDto" required: true responses: "200": description: Authority Instance's certificate chain retrieved content: application/json: schema: $ref: "#/components/schemas/CaCertificatesResponseDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1: get: tags: - Connector Info summary: List supported functions of the connector description: Returns map of functional code and implemented end points operationId: listSupportedFunctions responses: "200": description: Functions found content: application/json: schema: type: array items: $ref: "#/components/schemas/InfoResponse" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/{functionalGroup}/{kind}/attributes: get: tags: - Connector Attributes summary: List available Attributes operationId: listAttributeDefinitions parameters: - name: functionalGroup in: path description: Function Group required: true schema: $ref: "#/components/schemas/FunctionGroupCode" - name: kind in: path description: Kind required: true schema: type: string responses: "200": description: Attributes retrieved content: application/json: schema: type: array items: $ref: "#/components/schemas/BaseAttributeDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/health: get: tags: - Health check summary: Health check operationId: checkHealth responses: "200": description: Health check completed successfully content: application/json: schema: $ref: "#/components/schemas/HealthDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/raProfile/attributes: get: tags: - Authority Management summary: List RA Profile Attributes operationId: listRAProfileAttributes parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string responses: "200": description: RA Profile Attributes retrieved content: application/json: schema: type: array items: $ref: "#/components/schemas/BaseAttributeDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/endEntityProfiles: get: tags: - End Entity Profiles summary: List available end entity profiles operationId: listEntityProfiles parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string responses: "200": description: End entities retrieved content: application/json: schema: type: array items: $ref: "#/components/schemas/NameAndIdDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/endEntityProfiles/{endEntityProfileId}/certificateprofiles: get: tags: - End Entity Profiles summary: List available certificate profiles for given end entity profile operationId: listCertificateProfiles parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileId in: path description: End Entity Profile Id required: true schema: type: integer format: int32 responses: "200": description: Certificate profiles retrieved content: application/json: schema: type: array items: $ref: "#/components/schemas/NameAndIdDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/endEntityProfiles/{endEntityProfileId}/cas: get: tags: - End Entity Profiles summary: List available certification authorities for given end entity profile operationId: listCAsInProfile parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string - name: endEntityProfileId in: path description: End Entity Profile Id required: true schema: type: integer format: int32 responses: "200": description: CAs retrieved content: application/json: schema: type: array items: $ref: "#/components/schemas/NameAndIdDto" "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] /v1/authorityProvider/authorities/{uuid}/connect: get: tags: - Authority Management summary: Connect to Authority operationId: getConnection parameters: - name: uuid in: path description: Authority Instance UUID required: true schema: type: string responses: "204": description: Authority instance connected "400": description: Bad Request content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "401": description: Unauthorized "403": description: Forbidden content: application/json: schema: $ref: "#/components/schemas/AuthenticationServiceExceptionDto" "404": description: Not Found content: application/json: schema: $ref: "#/components/schemas/ErrorMessageDto" "500": description: Internal Server Error security: - NoAuth: [] - CertificateTLSAuth: [] - ConnectorAPIKeyAuth: [] - BasicAuth: [] components: schemas: ErrorMessageDto: type: object properties: message: type: string description: Error message detail examples: - Error message required: - message AuthenticationServiceExceptionDto: type: object properties: statusCode: type: integer format: int32 description: Status code of the HTTP Request code: type: string description: Code of the result message: type: string description: Exception message required: - code - message - statusCode FunctionGroupCode: type: string enum: - credentialProvider - legacyAuthorityProvider - authorityProvider - discoveryProvider - entityProvider - complianceProvider - cryptographyProvider - notificationProvider AttributeCallback: type: object properties: callbackContext: type: string description: Context part of callback URL callbackMethod: type: string description: HTTP method of the callback mappings: type: array description: Mappings for the callback method items: $ref: "#/components/schemas/AttributeCallbackMapping" uniqueItems: true required: - callbackContext - callbackMethod - mappings AttributeCallbackMapping: type: object properties: from: type: string description: Name of the attribute whose value is to be used as value of path variable or request param or body field.It is optional and must be set only if value is not set. attributeType: $ref: "#/components/schemas/AttributeType" description: Type of the attribute. It is optional and must be set only if special behaviour is needed. attributeContentType: $ref: "#/components/schemas/AttributeContentType" description: 'Type of the attribute content. ' to: type: string description: Name of the path variable or request param or body field which is to be used to assign value of attribute targets: type: array description: Set of targets for propagating value. items: $ref: "#/components/schemas/AttributeValueTarget" uniqueItems: true value: type: object description: Static value to be propagated to targets. It is optional and is set only if the value is known at attribute creation time. required: - targets - to AttributeConstraintType: type: string enum: - regExp - range - dateTime AttributeContentType: type: string enum: - string - text - integer - boolean - float - date - time - datetime - secret - file - credential - codeblock - object AttributeType: type: string enum: - data - group - info - meta - custom AttributeValueTarget: type: string enum: - pathVariable - requestParameter - body BaseAttributeConstraintDto: type: object description: Base Attribute Constraint definition discriminator: propertyName: type mapping: regExp: "#/components/schemas/RegexpAttributeConstraint" range: "#/components/schemas/RangeAttributeConstraint" dateTime: "#/components/schemas/DateTimeAttributeConstraint" oneOf: - $ref: "#/components/schemas/RegexpAttributeConstraint" - $ref: "#/components/schemas/RangeAttributeConstraint" - $ref: "#/components/schemas/DateTimeAttributeConstraint" properties: type: $ref: "#/components/schemas/AttributeConstraintType" description: Attribute Constraint Type errorMessage: type: string description: Error message to be displayed for wrong data description: type: string description: Description of the constraint required: - type BaseAttributeContentDto: type: object description: Base Attribute content definition oneOf: - $ref: "#/components/schemas/BooleanAttributeContent" - $ref: "#/components/schemas/CodeBlockAttributeContent" - $ref: "#/components/schemas/CredentialAttributeContent" - $ref: "#/components/schemas/DateAttributeContent" - $ref: "#/components/schemas/DateTimeAttributeContent" - $ref: "#/components/schemas/FileAttributeContent" - $ref: "#/components/schemas/FloatAttributeContent" - $ref: "#/components/schemas/IntegerAttributeContent" - $ref: "#/components/schemas/ObjectAttributeContent" - $ref: "#/components/schemas/SecretAttributeContent" - $ref: "#/components/schemas/StringAttributeContent" - $ref: "#/components/schemas/TextAttributeContent" - $ref: "#/components/schemas/TimeAttributeContent" properties: reference: type: string description: Content Reference BooleanAttributeContent: type: object description: Boolean attribute content to store true/false values properties: reference: type: string description: Content Reference data: type: boolean description: Boolean attribute value required: - data CodeBlockAttributeContent: type: object description: Codeblock attribute content to store encoded snippets of programming language code properties: reference: type: string description: Content Reference data: $ref: "#/components/schemas/CodeBlockAttributeContentData" description: CodeBlock attribute content data required: - data CodeBlockAttributeContentData: type: object properties: language: $ref: "#/components/schemas/ProgrammingLanguageEnum" description: Definition of programming languages used for code examples: - "JAVA, PHP, C, etc" code: type: string description: Block of the code in Base64. Formatting of the code is specified by variable language required: - code - language CredentialAttributeContent: type: object description: Credential attribute content carrying information about credential to use properties: reference: type: string description: Content Reference data: $ref: "#/components/schemas/CredentialAttributeContentData" description: Credential attribute content data required: - data CredentialAttributeContentData: type: object properties: uuid: type: string description: Object identifier examples: - 7b55ge1c-844f-11dc-a8a3-0242ac120002 name: type: string description: Object Name examples: - Name kind: type: string description: Credential Kind examples: - "SoftKeyStore, Basic, ApiKey, etc" attributes: type: array description: List of Credential Attributes items: $ref: "#/components/schemas/DataAttribute" required: - attributes - kind - name - uuid DataAttribute: type: object description: Data attribute allows to store and transfer dynamic data. Its content can be edited and send in requests to store. properties: version: type: integer format: int32 default: "2" description: Version of the Attribute examples: - "2" uuid: type: string description: UUID of the Attribute for unique identification examples: - 166b5cf52-63f2-11ec-90d6-0242ac120003 name: type: string description: Name of the Attribute that is used for identification examples: - Attribute description: type: string description: "Optional description of the Attribute, should contain helper text on what is expected" content: type: array items: $ref: "#/components/schemas/BaseAttributeContentDto" type: $ref: "#/components/schemas/AttributeType" default: data description: Type of the Attribute contentType: $ref: "#/components/schemas/AttributeContentType" description: Type of the Content properties: $ref: "#/components/schemas/DataAttributeProperties" description: Properties of the Attributes constraints: type: array description: Optional constraints used for validating the Attribute content items: $ref: "#/components/schemas/BaseAttributeConstraintDto" attributeCallback: $ref: "#/components/schemas/AttributeCallback" description: Optional definition of callback for getting the content of the Attribute based on the action required: - contentType - name - properties - type - uuid DataAttributeProperties: type: object properties: label: type: string description: Friendly name of the the Attribute examples: - Attribute Name visible: type: boolean default: "true" description: "Boolean determining if the Attribute is visible and can be displayed, otherwise it should be hidden to the user." group: type: string description: "Group of the Attribute, used for the logical grouping of the Attribute" examples: - requiredAttributes required: type: boolean default: "false" description: "Boolean determining if the Attribute is required. If true, the Attribute must be provided." readOnly: type: boolean default: "false" description: "Boolean determining if the Attribute is read only. If true, the Attribute content cannot be changed." list: type: boolean default: "false" description: Boolean determining if the Attribute contains list of values in the content multiSelect: type: boolean default: "false" description: Boolean determining if the Attribute can have multiple values required: - label - list - multiSelect - readOnly - required - visible DateAttributeContent: type: object description: Date attribute content in predefined format properties: reference: type: string description: Content Reference data: type: string format: date description: Date attribute value in format yyyy-MM-dd required: - data DateTimeAttributeConstraint: type: object description: DateTime attribute constraint to specify boundaries for date value properties: description: type: string description: Description of the constraint errorMessage: type: string description: Error message to be displayed for wrong data type: $ref: "#/components/schemas/AttributeConstraintType" description: Attribute Constraint Type data: $ref: "#/components/schemas/DateTimeAttributeConstraintData" description: DateTime Range Attribute Constraint Data required: - type DateTimeAttributeConstraintData: type: object properties: from: type: string format: date-time description: Start of the datetime for validation to: type: string format: date-time description: End of the datetime for validation DateTimeAttributeContent: type: object description: DateTime attribute content in predefined format with timezone properties: reference: type: string description: Content Reference data: type: string format: date-time description: DateTime attribute value in format yyyy-MM-ddTHH:mm:ss.SSSXXX required: - data FileAttributeContent: type: object description: File attribute content for storing encoded file content with additional info properties: reference: type: string description: Content Reference data: $ref: "#/components/schemas/FileAttributeContentData" description: File attribute content data required: - data FileAttributeContentData: type: object properties: content: type: string description: File content fileName: type: string description: Name of the file mimeType: type: string description: Type of the file uploaded required: - content - fileName - mimeType FloatAttributeContent: type: object description: Float attribute content for decimal numbers properties: reference: type: string description: Content Reference data: type: number format: float description: Float attribute value required: - data IntegerAttributeContent: type: object description: Integer attribute content for integer numbers properties: reference: type: string description: Content Reference data: type: integer format: int32 description: Integer attribute value required: - data ObjectAttributeContent: type: object description: Object attribute content for data with custom structure properties: reference: type: string description: Content Reference data: type: object description: Object attribute content data required: - data ProgrammingLanguageEnum: type: string enum: - apacheconf - bash - basic - c - csharp - cpp - css - docker - fsharp - gherkin - git - go - graphql - html - http - ini - java - javascript - json - kotlin - latex - lisp - makefile - markdown - matlab - nginx - objectivec - perl - php - powershell - properties - python - ruby - rust - smalltalk - sql - typescript - vbnet - xquery - xml - yaml RangeAttributeConstraint: type: object description: Range attribute constraint to specify boundaries for integer value properties: description: type: string description: Description of the constraint errorMessage: type: string description: Error message to be displayed for wrong data type: $ref: "#/components/schemas/AttributeConstraintType" description: Attribute Constraint Type data: $ref: "#/components/schemas/RangeAttributeConstraintData" description: Integer Range Attribute Constraint Data required: - type RangeAttributeConstraintData: type: object properties: from: type: integer format: int32 description: Start of the range for validation to: type: integer format: int32 description: End of the range for validation RegexpAttributeConstraint: type: object description: RegExp attribute constraint to restrict string value by regular expression properties: description: type: string description: Description of the constraint errorMessage: type: string description: Error message to be displayed for wrong data type: $ref: "#/components/schemas/AttributeConstraintType" description: Attribute Constraint Type data: type: string description: Regular Expression Attribute Constraint Data required: - type RequestAttributeDto: type: object description: Request attribute to send attribute content for object properties: uuid: type: string description: UUID of the Attribute examples: - 166b5cf52-63f2-11ec-90d6-0242ac120003 name: type: string description: Name of the Attribute examples: - Attribute contentType: $ref: "#/components/schemas/AttributeContentType" description: Content Type of the Attribute examples: - Attribute content: type: array description: Content of the Attribute items: $ref: "#/components/schemas/BaseAttributeContentDto" required: - content - contentType - name - uuid SecretAttributeContent: type: object description: Secret attribute content carrying secrets with defined protection level properties: reference: type: string description: Content Reference data: $ref: "#/components/schemas/SecretAttributeContentData" description: Secret attribute content data required: - data SecretAttributeContentData: type: object properties: secret: type: string description: Secret attribute data protectionLevel: type: string description: Level of protection of the data StringAttributeContent: type: object description: String attribute content properties: reference: type: string description: Content Reference data: type: string description: String attribute value required: - data TextAttributeContent: type: object description: Text attribute content used to store longer formatted strings properties: reference: type: string description: Content Reference data: type: string description: Text attribute value required: - data TimeAttributeContent: type: object description: Time attribute content in predefined format properties: reference: type: string description: Content Reference data: type: string description: Time attribute value in format HH:mm:ss required: - data AuthorityProviderInstanceRequestDto: type: object properties: name: type: string description: Authority instance name kind: type: string description: Kind of Authority instance attributes: type: array description: List of Authority instance Attributes items: $ref: "#/components/schemas/RequestAttributeDto" required: - attributes - kind - name AuthorityProviderInstanceDto: type: object properties: uuid: type: string description: Object identifier examples: - 7b55ge1c-844f-11dc-a8a3-0242ac120002 name: type: string description: Object Name examples: - Name attributes: type: array description: List of Authority instance Attributes items: $ref: "#/components/schemas/BaseAttributeDto" required: - attributes - name - uuid BaseAttributeDto: type: object description: Base Attribute definition discriminator: propertyName: type mapping: data: "#/components/schemas/DataAttribute" info: "#/components/schemas/InfoAttribute" group: "#/components/schemas/GroupAttribute" meta: "#/components/schemas/MetadataAttribute" custom: "#/components/schemas/CustomAttribute" oneOf: - $ref: "#/components/schemas/DataAttribute" - $ref: "#/components/schemas/InfoAttribute" - $ref: "#/components/schemas/GroupAttribute" - $ref: "#/components/schemas/MetadataAttribute" - $ref: "#/components/schemas/CustomAttribute" required: - name - type - uuid CustomAttribute: type: object description: Custom attribute allows to store and transfer dynamic data. Its content can be edited and send in requests to store. properties: version: type: integer format: int32 default: "2" description: Version of the Attribute examples: - "2" uuid: type: string description: UUID of the Attribute for unique identification examples: - 166b5cf52-63f2-11ec-90d6-0242ac120003 name: type: string description: Name of the Attribute that is used for identification examples: - Attribute description: type: string description: "Optional description of the Attribute, should contain helper text on what is expected" content: type: array description: Content of the Attribute items: $ref: "#/components/schemas/BaseAttributeContentDto" type: $ref: "#/components/schemas/AttributeType" default: data description: Type of the Attribute contentType: $ref: "#/components/schemas/AttributeContentType" description: Type of the Content properties: $ref: "#/components/schemas/CustomAttributeProperties" description: Properties of the Attributes required: - contentType - name - properties - type - uuid CustomAttributeProperties: type: object properties: label: type: string description: Friendly name of the the Attribute examples: - Attribute Name visible: type: boolean default: "true" description: "Boolean determining if the Attribute is visible and can be displayed, otherwise it should be hidden to the user." group: type: string description: "Group of the Attribute, used for the logical grouping of the Attribute" examples: - requiredAttributes required: type: boolean default: "false" description: "Boolean determining if the Attribute is required. If true, the Attribute must be provided." readOnly: type: boolean default: "false" description: "Boolean determining if the Attribute is read only. If true, the Attribute content cannot be changed." list: type: boolean default: "false" description: Boolean determining if the Attribute contains list of values in the content multiSelect: type: boolean default: "false" description: Boolean determining if the Attribute can have multiple values required: - label - list - multiSelect - readOnly - required - visible GroupAttribute: type: object description: Group attribute and its content represents dynamic list of additional attributes retrieved by callback. Its content can not be edited and is not send in requests to store. properties: version: type: integer format: int32 default: "2" description: Version of the Attribute examples: - "2" uuid: type: string description: UUID of the Attribute for unique identification examples: - 166b5cf52-63f2-11ec-90d6-0242ac120003 name: type: string description: Name of the Attribute that is used for identification examples: - Attribute description: type: string description: "Optional description of the Attribute, should contain helper text on what is expected" content: type: array items: $ref: "#/components/schemas/BaseAttributeDto" type: $ref: "#/components/schemas/AttributeType" default: data description: Type of the Attribute attributeCallback: $ref: "#/components/schemas/AttributeCallback" description: Optional definition of callback for getting the content of the Attribute based on the action required: - name - type - uuid InfoAttribute: type: object description: Info attribute contains content that is for information purpose or represents additional information for object (metadata). Its content can not be edited and is not send in requests to store. properties: version: type: integer format: int32 default: "2" description: Version of the Attribute examples: - "2" uuid: type: string description: UUID of the Attribute for unique identification examples: - 166b5cf52-63f2-11ec-90d6-0242ac120003 name: type: string description: Name of the Attribute that is used for identification examples: - Attribute description: type: string description: "Optional description of the Attribute, should contain helper text on what is expected" content: type: array description: Content of the Attribute items: $ref: "#/components/schemas/BaseAttributeContentDto" type: $ref: "#/components/schemas/AttributeType" default: data description: Type of the Attribute contentType: $ref: "#/components/schemas/AttributeContentType" description: Type of the Content properties: $ref: "#/components/schemas/InfoAttributeProperties" description: Properties of the Attributes required: - content - contentType - name - properties - type - uuid InfoAttributeProperties: type: object properties: label: type: string description: Friendly name of the the Attribute examples: - Attribute Name visible: type: boolean default: "true" description: "Boolean determining if the Attribute is visible and can be displayed, otherwise it should be hidden to the user." group: type: string description: "Group of the Attribute, used for the logical grouping of the Attribute" examples: - requiredAttributes required: - label - visible MetadataAttribute: type: object description: Info attribute contains content that is for metadata. Its content can not be edited and is not send in requests to store. properties: version: type: integer format: int32 default: "2" description: Version of the Attribute examples: - "2" uuid: type: string description: UUID of the Attribute for unique identification examples: - 166b5cf52-63f2-11ec-90d6-0242ac120003 name: type: string description: Name of the Attribute that is used for identification examples: - Attribute description: type: string description: "Optional description of the Attribute, should contain helper text on what is expected" content: type: array description: Content of the Attribute items: $ref: "#/components/schemas/BaseAttributeContentDto" type: $ref: "#/components/schemas/AttributeType" default: data description: Type of the Attribute contentType: $ref: "#/components/schemas/AttributeContentType" description: Type of the Content properties: $ref: "#/components/schemas/MetadataAttributeProperties" description: Properties of the Attributes required: - contentType - name - properties - type - uuid MetadataAttributeProperties: type: object properties: label: type: string description: Friendly name of the the Attribute examples: - Attribute Name visible: type: boolean default: "true" description: "Boolean determining if the Attribute is visible and can be displayed, otherwise it should be hidden to the user." group: type: string description: "Group of the Attribute, used for the logical grouping of the Attribute" examples: - requiredAttributes global: type: boolean default: "false" description: Boolean determining if the Metadata is a global metadata. overwrite: type: boolean default: "false" description: Boolean determining if the new metadata content should overwrite (replace) existing content instead of appending. required: - label - visible AddEndEntityRequestDto: type: object properties: raProfile: $ref: "#/components/schemas/RaProfileDto" description: RA profile related to End Entity email: type: string description: End Entity email extensionData: type: array description: End Entity extension data items: $ref: "#/components/schemas/EndEntityExtendedInfoDto" password: type: string description: End Entity password subjectAltName: type: string description: End Entity Subject alternative name subjectDN: type: string description: End Entity subject domain name username: type: string description: End Entity name required: - password - raProfile - subjectDN - username EndEntityExtendedInfoDto: type: object properties: name: type: string value: type: string RaProfileDto: type: object properties: uuid: type: string description: Object identifier examples: - 7b55ge1c-844f-11dc-a8a3-0242ac120002 name: type: string description: Object Name examples: - Name description: type: string description: Description of RA Profile authorityInstanceUuid: type: string description: UUID of Authority provider authorityInstanceName: type: string description: Name of Authority instance legacyAuthority: type: boolean description: Has Authority of legacy authority provider enabled: type: boolean description: Enabled flag - true = enabled; false = disabled attributes: type: array description: List of RA Profiles attributes items: $ref: "#/components/schemas/ResponseAttributeDto" customAttributes: type: array description: List of Custom Attributes items: $ref: "#/components/schemas/ResponseAttributeDto" enabledProtocols: type: array description: List of protocols enabled items: type: string validationEnabled: type: boolean description: Indicator whether validation of certificates associated with RA profile should be enabled validationFrequency: type: integer format: int32 description: Frequency of validation of certificates in days expiringThreshold: type: integer format: int32 description: How many days before expiration should certificate validation status change to Expiring required: - authorityInstanceName - authorityInstanceUuid - enabled - name - uuid - validationEnabled ResponseAttributeDto: type: object description: Response attribute with content for object it belongs to properties: uuid: type: string description: UUID of the Attribute examples: - 166b5cf52-63f2-11ec-90d6-0242ac120003 name: type: string description: Name of the Attribute examples: - Attribute label: type: string description: Label of the the Attribute examples: - Attribute Name type: $ref: "#/components/schemas/AttributeType" description: Type of the Attribute contentType: $ref: "#/components/schemas/AttributeContentType" description: Content Type of the Attribute examples: - Attribute content: type: array description: Content of the Attribute items: $ref: "#/components/schemas/BaseAttributeContentDto" required: - contentType - label - name - type EditEndEntityRequestDto: type: object properties: raProfile: $ref: "#/components/schemas/RaProfileDto" description: RA profile related to End Entity email: type: string description: End Entity email extensionData: type: array description: End Entity extension data items: $ref: "#/components/schemas/EndEntityExtendedInfoDto" password: type: string description: End Entity password subjectAltName: type: string description: End Entity Subject alternative name subjectDN: type: string description: End Entity subject domain name status: type: string description: End Entity Subject domain name enum: - NEW - FAILED - INITIALIZED - IN_PROCESS - GENERATED - REVOKED - HISTORICAL - KEY_RECOVERY - WAITING_FOR_ADD_APPROVAL required: - password - raProfile - status - subjectDN CertRevocationDto: type: object properties: certificateSN: type: string description: Certificate serial number issuerDN: type: string description: Issuer domain name reason: $ref: "#/components/schemas/CertificateRevocationReason" description: Revocation reason required: - certificateSN - issuerDN - reason CertificateRevocationReason: type: string enum: - unspecified - keyCompromise - cACompromise - affiliationChanged - superseded - cessationOfOperation - certificateHold - privilegeWithdrawn - aACompromise CertificateSignRequestDto: type: object properties: password: type: string description: End Entity password pkcs10: type: string description: Certificate sign request (PKCS#10) encoded as Base64 string username: type: string description: End Entity username required: - password - pkcs10 - username CertificateSignResponseDto: type: object properties: certificateData: type: string description: Base64 encoded Certificate required: - certificateData CertificateRevocationListRequestDto: type: object properties: delta: type: boolean default: "false" description: "If true, the delta CRL is returned, otherwise the full CRL is returned" raProfileAttributes: type: array description: List of RA Profiles attributes items: $ref: "#/components/schemas/RequestAttributeDto" required: - raProfileAttributes CertificateRevocationListResponseDto: type: object properties: crlData: type: string format: byte description: Base64 encoded CRL data required: - crlData CaCertificatesRequestDto: type: object properties: raProfileAttributes: type: array description: List of RA Profiles attributes items: $ref: "#/components/schemas/RequestAttributeDto" required: - raProfileAttributes CaCertificatesResponseDto: type: object properties: certificates: type: array description: List of Certificates items: $ref: "#/components/schemas/CertificateDataResponseDto" required: - certificates CertificateDataResponseDto: type: object properties: certificateData: type: string description: Base64 encoded Certificate content uuid: type: string description: UUID of Certificate meta: type: array description: Metadata for the Certificate items: $ref: "#/components/schemas/MetadataAttribute" certificateType: $ref: "#/components/schemas/CertificateType" default: X509 description: Type of the Certificate required: - certificateData CertificateType: type: string enum: - X.509 - SSH EndpointDto: type: object properties: uuid: type: string description: Object identifier examples: - 7b55ge1c-844f-11dc-a8a3-0242ac120002 name: type: string description: Object Name examples: - Name context: type: string description: Context of the Endpoint examples: - /v1 method: type: string description: Method to be used for the Endpoint examples: - POST required: type: boolean description: True if the Endpoint is required for implementation examples: - "true" required: - context - method - name - required - uuid InfoResponse: type: object properties: functionGroupCode: $ref: "#/components/schemas/FunctionGroupCode" description: Enumerated code of functional group kinds: type: array description: List of supported functional group kinds examples: - "[\"SoftKeyStore\", \"Basic\", \"ApiKey\"]" items: type: string endPoints: type: array description: List of end points related to functional group items: $ref: "#/components/schemas/EndpointDto" required: - endPoints - functionGroupCode - kinds HealthDto: type: object properties: status: $ref: "#/components/schemas/HealthStatus" description: Current connector operational status description: type: string description: Detailed status description parts: type: object additionalProperties: $ref: "#/components/schemas/HealthDto" description: Nested status of services required: - status HealthStatus: type: string enum: - ok - nok - unknown NameAndIdDto: type: object properties: id: type: integer format: int32 description: Object identifier name: type: string description: Object name required: - id - name EndEntityDto: type: object properties: subjectDN: type: string description: End Entity subject domain name email: type: string description: End Entity email extensionData: type: array description: End Entity extension data items: $ref: "#/components/schemas/EndEntityExtendedInfoDto" subjectAltName: type: string description: End Entity Subject alternative name status: type: string description: End Entity Subject domain name enum: - NEW - FAILED - INITIALIZED - IN_PROCESS - GENERATED - REVOKED - HISTORICAL - KEY_RECOVERY - WAITING_FOR_ADD_APPROVAL username: type: string description: End Entity name required: - status - subjectDN - username securitySchemes: ConnectorAPIKeyAuth: type: apiKey description: API Key in header configured for connector name: X-API-KEY in: header BasicAuth: type: http scheme: Basic SessionAuth: type: apiKey description: Session-based authentication with session ID stored in 'czertainly-session' cookie name: czertainly-session in: cookie CertificateAuth: type: apiKey description: Base64 encoded X.509 certificate passed in header name: X-APP-CERTIFICATE in: header CertificateTLSAuth: type: mutualTLS description: Client certificate authentication NoAuth: type: http description: No authentication scheme: none BearerJWTAuth: type: http scheme: Bearer bearerFormat: JWT