File: api.txt

package info (click to toggle)
certmonger 0.75.14-3
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 8,540 kB
  • ctags: 2,176
  • sloc: ansic: 41,340; sh: 9,551; makefile: 528; python: 207; xml: 190; sed: 16
file content (247 lines) | stat: -rw-r--r-- 11,309 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
This is modeled after the NetworkManager API, which seems to expose quite a
bit to unprivileged processes running on the desktop.
http://people.redhat.com/dcbw/NetworkManager/NetworkManager%20DBUS%20API.txt

Despite efforts, this may not match introspection data and the implementation,
since they're only kept in agreement manually.  These may not all be
implemented yet, but if you find a piece you need, please add a ticket or a
patch to do so.  Eventually we'll get it all.

The D-Bus API:
o service name = org.fedorahosted.certmonger
o object layout

  /org/fedorahosted/certmonger
  interface=org.fedorahosted.certmonger
  - find_request_by_nickname
    arguments: nickname -> string of request's nickname
    returns: path -> object path for request, if found
  - get_requests
    returns: array of paths -> object paths for requests
  - get_supported_key_types
    returns: array of string -> "RSA"
  - get_supported_key_storage
    returns: array of string -> "NSSDB", "FILE"
  - get_supported_cert_storage
    returns: array of string -> "NSSDB", "FILE"
  - add_request
    arguments: [dict{string,variant{string/path/array-of-string/number/boolean}}]
               {"NICKNAME"("nickname"),string}
               {"KEY_TYPE"("key-type"),"RSA"/"DSA"/"EC"}
               {"KEY_SIZE"("key-size"),integer}
               {"KEY_STORAGE"("key-storage"),"NSSDB"/"FILE"/"NONE"}*
               {"KEY_LOCATION"("key-file"/"key-database"),string}*
               {"KEY_NICKNAME"("key-nickname"),string}
               {"KEY_TOKEN"("key-token"),string}
               {"KEY_PIN"("key-pin"),string}
               {"KEY_PIN_FILE"("key-pin-file"),string}
               {"CERT_STORAGE"("cert-storage"),"NSSDB"/"FILE"}*
               {"CERT_LOCATION"("cert-file"/"cert-database"),string}*
               {"CERT_NICKNAME"("cert-nickname"),string}
               {"CERT_TOKEN"("cert-token"),string}
               {"TRACK"("monitoring"),boolean}
               {"RENEW"("autorenew"),boolean}
               {"SUBJECT"("template-subject"),string}
               {"KU"("template-ku"),string (bit field)}
               {"EKU"("template-eku"),array-of-string (oids)}
               {"PRINCIPAL"("template-principal"),array-of-string (principal names)}
               {"DNS"("template-hostname"),array-of-string (dns names)}
               {"EMAIL"("template-email"),array-of-string (email addresses)}
               {"CA"("ca"),path (known CA to use)}
               {("ca-profile"),string (known CA profile to use)}
               {("template-ip-address"),array-of-string (IP addresses in text form)} (since 0.75)
               {("template-is-ca"),boolean}
               {("template-ca-path-length"),integer}
               {("template-ocsp"),array-of-string (ocsp responder URIs)}
               {("template-crldp"),array-of-string (CRL distribution point URIs)}
               {("template-ns-comment"),string (Netscape comment)}
               {("template-profile"),string (certificate profile)}
               {("cert-presave-command"),string}
               {("cert-postsave-command"),string}
               * = required values
    returns: boolean -> succeeded
             path (optional) -> object path for new request
  - remove_request
    arguments: path -> object path for request
    returns: boolean -> succeeded
  - find_ca_by_nickname
    arguments: nickname -> string of ca's nickname
    returns: path -> object path for ca, if found
  - get_known_cas
    returns: array of path -> object paths for known cas
  - add_known_ca
    arguments: string -> ca nickname
               string -> external helper command
               array of string (optional) -> known issuer names used by ca
    returns: boolean -> succeeded
  - remove_known_ca
    arguments: path -> object path for ca
    returns: boolean -> succeeded

  (objects whose names are returned by "get-requests" or "get-defaults")
  interface=org.fedorahosted.certmonger.request
  - get_nickname ("nickname" property)
    returns: string
  - get_status ("status"/"stuck" property pair)
    returns: string -> state name
             boolean -> i-am-stuck
  - get_key_type_and_size ("key-type"/"key-size" property pair)
    returns: string -> key algorithm
             number -> key size
  - get_key_storage_info ("key-storage"/"key-file"/"key-database"/"key-nickname"/"key-token" property set)
    returns: string -> "file", "nssdb"
             string(required for "nssdb" or "file") -> filename (for "file"), or directory (for "nssdb")
             string(required for "nssdb") -> nssdb nickname
             string(optional) -> nssdb token name
  - get_cert_storage_info ("key-storage"/"key-file"/"key-database"/"key-nickname"/"key-token" property set)
    returns: string -> "file", "nssdb"
             string -> filename (for "file"), or directory (for "nssdb")
             string(required for "nssdb") -> nssdb nickname
             string(optional) -> nssdb token name
  - get_cert_data ("cert" property)
    returns: string -> certificate in PEM format
  - get_cert_info ("issuer"/"serial"/"subject"/"email"/"hostname"/"principal"/"eku" property set)
    returns: string -> issuer
             string -> serial number
             string -> subject
             number -> expiration (unix time)
             array of string -> email addresses
             array of string -> dns names
             array of string -> principal names
             number -> key usage as bitfield based on RFC5280's values
             array of string -> oid values
  - get_monitoring ("monitoring" property)
    returns: boolean -> enabled?
  - get_cert_last_checked ("last-checked" property)
    returns: number -> time of last check for expiration (unix time)
  - get_notification_info ("notification-type"/"notification-syslog-priority"/"notification-email" property set)
    returns: string -> method ("syslog", "email")
             string -> destination (log level or recipient)
  - get_autorenew ("autorenew" property)
    returns: boolean -> enabled?
  - get_csr_info ("template-subject"/"template-email"/"template-hostname"/"template-principal"/"template-eku" property set)
    returns: string -> subject
             array of string -> email addresses
             array of string -> dns names
             array of string -> principal names
             number -> key usage as bitfield based on RFC5280's values
             array of string -> oid values
  - get_key_pin ("key-pin" property)
    returns: string -> key storage PIN
  - get_key_pin_file ("key-pin-file" property)
    returns: string -> path of file containing key storage PIN
  - get_csr_data ("csr" property)
    returns: string -> signing request in PEM format
  - get_ca ("ca" property)
    returns: path(optional) -> path to CA object
  - get_submitted_date ("submitted-date" property)
    returns: number(optional) -> time of last submission to a CA (as time_t)
  - get_submitted_cookie ("ca-cookie" property)
    returns: string(optional) -> CA-specific value
  - get_ca_error ("ca-error" property)
    returns: text(optional) -> error text sent by the CA
  - modify
    arguments: [dict{string,variant{string/path/array-of-string/number/boolean}}]
               {"NICKNAME"("nickname"),string}
               {"CA"("ca"),path (known CA to use)}
               {("ca-profile"),string (known CA profile to use)}
               {"TRACK"("monitoring"),boolean}
               {"RENEW"("autorenew"),boolean}
               {"SUBJECT"("template-subject"),string}
               {"KEY_PIN"("key-pin"),string}
               {"KEY_PIN_FILE"("key-pin-file"),string}
               {"KU"("template-ku"),string (bit field)}
               {"EKU"("template-eku"),array-of-string (oids)}
               {"PRINCIPAL"("template-principal"),array-of-string (principal names)}
               {"DNS"("template-hostname"),array-of-string (dns names)}
               {"EMAIL"("template-email"),array-of-string (email addresses)}
               {("template-ip-address"),array-of-string (IP addresses in text form)} (since 0.75)
               {("template-is-ca"),boolean}
               {("template-ca-path-length"),integer}
               {("template-ocsp"),array-of-string (ocsp responder URIs)}
               {("template-crldp"),array-of-string (CRL distribution point URIs)}
               {("template-ns-comment"),string (Netscape comment)}
               {("template-profile"),string (certificate profile)}
               {("cert-presave-command"),string}
               {("cert-postsave-command"),string}
    - nickname for request
      argument: string -> new ID
    - pin for key storage
      argument: string -> PIN used for key storage
    - pin file for key storage
      argument: string -> name of file containing PIN used for key storage
    - requested subject name
      argument: string -> requested subject
    - requested subject alternative name(s): email
      argument: array of string -> new requested addresses
    - requested subject alternative name(s): dnsname
      argument: array of string -> new requested hostnames
    - requested subject alternative name(s): principalname
      argument: array of string -> new requested principal names
    - requested new key usage
      argument: number -> key usage as bitfield based on RFC5280's values
    - requested new extended key usage
      argument: array of string -> requested OIDs
    - known-ca to use
      argument: path -> object path of CA
    returns: boolean -> ok
             path    -> object path, in case it changed
  - refresh
    returns: boolean -> in progress
  - resubmit (for requests that have been denied, generates a new csr)
    returns: boolean -> working-on-it

  (objects whose names are returned by "get-known-cas")
  interface=org.fedorahosted.certmonger.ca
  - get_nickname ("nickname" property)
    returns: string
  - get_is_default ("is-default" property)
    returns: boolean -> is-the-default-ca
  - get_type
    returns: string -> "EXTERNAL" if this is implemented by an external helper
  - get_location
    returns: string -> path to external helper
  - get_serial
    returns: string -> hex value (optional)
  - get_issuer_names ("issuer-names" property)
    returns: array of string (optional) -> set of known issuer names
  - modify
    - nickname
      arguments: string -> name of ca
      returns: boolean -> changed?
    - is-default
      arguments: boolean -> should-be-the-default-ca
      returns: boolean -> is-the-default-ca
    - helper-location
      arguments: string -> path to external helper
      returns: boolean -> changed?
    - associated issuer names (for when we have to guess which CA to use)
      arguments: array of string (optional) -> set of issuer names
  - refresh
    returns: boolean -> in progress

Marshallers needed:
Arguments:
	string
	path
	string,string,string,array-of-string
	string,string
	boolean
	array-of-string
	dict{string,variant{string/array-of-string/number/boolean}}
Return:
	boolean
	number
	string
	path
	boolean,string
	boolean,path
	string,boolean
	string,number
	string,string
	array-of-path
	array-of-string
	string,string,string
	string,string,string,string
	string,string,string,array-of-string
	string,string,string,number,array-of-string,array-of-string,array-of-string,number,array-of-string