Certificates.idl

Go to the documentation of this file.

/**
 * @file     Certificates.idl
 * @brief    API for certificate handling
 * @version  3
 */

#import <kerio/web/idl/SharedStructures.idl>
#import <kerio/web/idl/Certificates.idl>
#import <common.idl>

module webadmin {

interface Certificates : kerio::web::Certificates {

   /**
    * Generate certificate.
    *
    * @param  id - ID of generated certificate
    * @param  subject - properties specified by user
    * @param  name - name of the new certificate
    * @param  type - type of certificate to be generated, valid input is one of: InactiveCertificate/CertificateRequest/LocalAuthority
    * @param  period - time properties specified by user, not relevant for CertificateRequest
    * @param  subjectAlternativeNameList - Lists of subject alternative names in certificate. Key is similar to openSSL subj. alt. name type (see http://www.openssl.org/docs/apps/x509v3_config.html)
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired. - "The user is not logged in." \n
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation." \n
    *                Invalid params.  - "Unable to generate certificate, expiration date has already passed." \n
    *                Invalid params.  - "Unable to generate certificate, properties are invalid."
    */
   void generateEx(out kerio::web::KId id, in kerio::web::NamedValueList subject, in string name, in kerio::web::CertificateType type, in kerio::web::ValidPeriod period, in kerio::web::NamedMultiValueList subjectAlternativeNameList);

   /**
    * Detect certificate of given VPN host.
    *
    * @param  certificate - detected properties
    * @param  host - the host certificate of which will be detected
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired.  - "The user is not logged in." \n
    *          1000  Operation failed. - "Unable to detect the remote endpoint's certificate." \n
    *          1004  Access denied.    - "Insufficient rights to perform the requested operation."
    */
   void detect(out kerio::web::Certificate certificate, in string host);

   /**
    * write changes cached in manager to configuration
    * @param  errors - list of errors \n
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired. - "The user is not logged in." \n
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation." \n
    *          8001  Invalid params.  - "Unable to add/modify certificate %1, wrong parameters." \n
    *          8002  Database error.  - "Unable to add/modify certificate %1." \n
    *          8002  Database error.  - "Unable to delete certificate."
    */
   void apply(out kerio::web::ErrorList errors);

   /**
    * discard changes cached in manager
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired. - "The user is not logged in." \n
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void reset();

   /**
    * Import certificate in PKCS #12 format
    *
    * @param  id - ID of generated certificate
    * @param  fileId - id of uploaded file
    * @param  name - name of the new certificate
    * @param  type - type of certificate to be imported, valid input is one of: InactiveCertificate/LocalAuthority
    * @param  password - password needed to decode certificate
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired. - "The user is not logged in." \n
    *          1000    OperationFailed  - "Unable to import certificate, password is not valid." \n
    *          1002  No such entity.  - "Uploaded file does not exist." \n
    *          1002  No such entity.  - "Unable to import certificate, it doesn't match imported private key!" \n
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation." \n
    *                Invalid params.  - "Unable to import certificate, the content is invalid!"
    */
   void importCertificateP12(out kerio::web::KId id, in string fileId, in string name, in kerio::web::CertificateType type, in string password);

   /**
    * Export certificate in PKCS #12 format
    *
    * @param  fileDownload - description of the output file
    * @param  id - ID of the certificate or certificate request
    * @param  password - password, which will be used to encrypt output certificate
    * @param  includeCa - if true, engine will include whole certificate chain up to highest CA (only if all parents are present)
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired. - "The user is not logged in." \n
    *          1002  No such entity.  - "Certificate not found." \n
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void exportCertificateP12(out kerio::web::Download fileDownload, in kerio::web::KId id, in string password, in boolean includeCa);
   
   /**
    * Import certificate from url
    *
    * @param  url - url, where will be certificate downloaded from 
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired. - "The user is not logged in." \n
    *          1000     OperationFailed  - "Unable to download certificate." \n
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation." \n
    *                Invalid params.  - "Unable to import certificate, the content is invalid!"
    */   

   void importCertificateUrl(in string url);
   
   /**
    * Distrust list of certificate records
    *
    * @param errors - error message list
    * @param ids - list of identifiers of deleted user templates
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1002  No such entity.  - "Certificate not found."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void setDistrusted(out kerio::web::ErrorList errors, in kerio::web::KIdList ids);
};

}; //webadmin