-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopenapi.yaml
366 lines (366 loc) · 12.1 KB
/
openapi.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
openapi: 3.0.3
info:
title: PKI-Vault API
version: 1.0.0
description: An API for managing X.509 certificates and subscriptions.
paths:
/v1/x509/import/bundle:
post:
summary: 'Import a Bundle of Certificate + Private Key + Certificate Chain'
description: >
Import a X.509 certificate bundle of a PEM-encoded X.509 certificate, a PEM-encoded private key that
corresponds to the certificate's public key and a chain of PEM-encoded X.509 intermediate certificates that links
the certificate to a trusted root certificate
operationId: importX509BundleV1
tags:
- X.509
requestBody:
description: >
Request body to import a X.509 certificate bundle of a PEM-encoded X.509 certificate, a PEM-encoded private key that
corresponds to the certificate's public key and a chain of PEM-encoded X.509 intermediate certificates that links
the certificate to a trusted root certificate
content:
application/json:
schema:
$ref: '#/components/schemas/ImportX509CertificateBundle'
responses:
201:
description: Certificate bundle successfully imported
content:
application/json:
schema:
type: object
properties:
certificates:
type: array
items:
$ref: '#/components/schemas/X509Certificate'
private_keys:
type: array
items:
$ref: '#/components/schemas/X509PrivateKey'
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
default:
description: Unexpected error
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
/v1/x509/import/bulk:
post:
summary: 'Import Multiple Certificates + Private Keys'
description: Import multiple X.509 certificates at once
operationId: bulkImportX509V1
tags:
- X.509
requestBody:
description: Request body for importing multiple X.509 certificates at once
content:
application/json:
schema:
$ref: '#/components/schemas/ImportX509CertificatesInBulk'
responses:
201:
description: Certificates successfully created
content:
application/json:
schema:
type: object
properties:
certificates:
type: array
items:
$ref: '#/components/schemas/X509Certificate'
private_keys:
type: array
items:
$ref: '#/components/schemas/X509PrivateKey'
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
default:
description: Unexpected error
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
/v1/x509/certificates/updates:
get:
summary: Get Certificate Updates
description: >
Retrieve the most recent versions of X.509 certificates satisfying a subscriptions requirements
operationId: getX509CertificateUpdatesV1
tags:
- X.509
parameters:
- in: query
name: subscriptions
description: A list of subscription IDs
schema:
type: array
items:
type: string
format: uuid
required: true
- in: query
name: after
description: Retrieve updates that occurred after the specified timestamp
schema:
type: string
format: date-time
required: true
responses:
200:
description: A list of X.509 certificate updates
content:
application/json:
schema:
type: object
properties:
certificates:
type: array
items:
$ref: '#/components/schemas/X509Certificate'
private_keys:
type: array
items:
$ref: '#/components/schemas/X509PrivateKey'
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
default:
description: Unexpected error
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
/v1/x509/certificates/subscriptions:
post:
summary: Create Subscription
description: Create a subscription for X.509 certificate update retrieval
operationId: createX509CertificateSubscriptionV1
tags:
- X.509
requestBody:
description: Request body for creating a subscription for X.509 certificate updates
content:
application/json:
schema:
$ref: '#/components/schemas/CreateX509CertificateSubscription'
responses:
200:
description: Subscription successfully created
content:
application/json:
schema:
$ref: '#/components/schemas/X509CertificateSubscription'
default:
description: Unexpected error
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
/v1/x509/certificates/subscriptions/{id}:
delete:
summary: Delete Subscription
description: Delete an X.509 certificate subscription
operationId: deleteX509CertificateSubscriptionV1
tags:
- X.509
parameters:
- name: id
in: path
description: Subscription ID
schema:
type: string
format: uuid
required: true
responses:
204:
description: Subscription successfully deleted
404:
description: Subscription does not exist
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
default:
description: Unexpected error
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
components:
schemas:
Error:
type: object
properties:
code:
type: integer
message:
type: string
detailMessage:
type: string
X509PrivateKey:
type: object
properties:
id:
type: string
format: uuid
key:
type: string
description: PEM-encoded private key that corresponds to the certificate's public key
example: |
-----BEGIN PRIVATE KEY-----\n [...] \n-----END PRIVATE KEY-----\n
required:
- id
- key
X509Certificate:
type: object
properties:
id:
type: string
format: uuid
common_name:
type: string
description: Subject common name of the certificate
sans:
type: array
description: Subject alternative names of the certificate
items:
type: string
certificate:
type: string
description: PEM-encoded X.509 certificate
example: |
-----BEGIN CERTIFICATE-----\n [...] \n-----END CERTIFICATE-----\n
private_key_id:
type: string
format: uuid
description: ID of the private key that corresponds to the certificate's public key
parent_certificate_id:
type: string
format: uuid
description: ID of the certificate which links the certificate to its authority certificate
not_before:
type: string
format: date-time
description: Point in time when the certificate starts to be valid
not_after:
type: string
format: date-time
description: Point in time when the certificate ends to be valid
created_at:
type: string
format: date-time
description: Point in time when the certificate was created in the service
required:
- id
- sans
- certificate
- not_before
- not_after
- created_at
ImportX509CertificateBundle:
type: object
description: >
Schema for importing a X.509 certificate bundle of a PEM-encoded X.509 certificate, a PEM-encoded private key that
corresponds to the certificate's public key and a chain of PEM-encoded X.509 intermediate certificates that links
the certificate to a trusted root certificate
properties:
certificate:
type: string
description: PEM-encoded X.509 certificate
example: |
-----BEGIN CERTIFICATE-----\n [...] \n-----END CERTIFICATE-----\n
private_key:
type: string
description: PEM-encoded private key that corresponds to the certificate's public key
example: |
-----BEGIN PRIVATE KEY-----\n [...] \n-----END PRIVATE KEY-----\n
chain:
type: string
description: Chain of PEM-encoded X.509 intermediate certificates that links the certificate to a trusted root certificate
example: |
-----BEGIN CERTIFICATE-----\n [...] \n-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----\n [...] \n-----END CERTIFICATE-----\n
required:
- certificate
- chain
ImportX509CertificatesInBulk:
type: object
description: Schema for importing multiple X.509 certificates at once
properties:
certificates:
type: array
description: List of PEM-encoded X.509 certificates
items:
type: string
description: PEM-encoded X.509 certificate
example:
- -----BEGIN CERTIFICATE-----\n [...] \n-----END CERTIFICATE-----\n
private_keys:
type: array
description: List of PEM-encoded private keys
items:
type: string
description: PEM-encoded private key
example:
- -----BEGIN PRIVATE KEY-----\n [...] \n-----END PRIVATE KEY-----\n
CreateX509CertificateSubscription:
type: object
description: Schema for creating a subscription for X.509 certificate updates
properties:
subject_alt_names:
type: array
description: Subject alternative names certificates should at least include to match the subscriptions requirements
items:
type: string
example:
- api.example.net
- api.example.com
include_private_key:
type: boolean
description: Whether update responses should include private keys
required:
- subject_alt_names
- include_private_key
X509CertificateSubscription:
type: object
description: Schema for an X.509 certificate subscription
properties:
id:
type: string
format: uuid
minimum: 1
subject_alt_names:
type: array
description: Subject alternative names certificates should at least include to match the subscriptions requirements
items:
type: string
example:
- api.example.net
- api.example.com
include_private_key:
type: boolean
description: Whether update responses should include private keys
created_at:
type: string
format: date-time
description: Point in time when the certificate subscription was created in the service
required:
- id
- subject_alt_names
- include_private_key
- created_at