Certificates.idl

Go to the documentation of this file.

/**
 * @file   Certificates.idl
 * @brief  %Certificates settings
 *
 * @author Dusan Juhas, Martin Kuchar, Tomas Chmelar
 *
 * @copyright Copyright © 2017 Kerio Technologies s.r.o.
 */
#import <kerio/web/idl/SharedStructures.idl>
#import <kerio/web/idl/TimeRanges.idl>

module kerio {
module web {

/**
 * Certificate Time properties info
 */
enum ValidType {
   Valid,
   NotValidYet,
   ExpireSoon,
   Expired
};

/**
 * Certificate Time properties
 */
struct ValidPeriod {
   Date validFromDate;      ///< @see SharedStructures.idl shared in lib
   Time validFromTime;      ///< @see SharedStructures.idl shared in lib
   Date validToDate;        ///< @see SharedStructures.idl shared in lib
   Time validToTime;        ///< @see SharedStructures.idl shared in lib

   ValidType validType;
};

enum CertificateType {
   ActiveCertificate,
   InactiveCertificate,
   CertificateRequest,
   Authority,
   LocalAuthority,
   BuiltInAuthority,
   ServerCertificate
};

/**
 * Certificate properties
 *  issuer & subject valid names:
 *   hostname;                ///< max 127 bytes
 *   organizationName;        ///< max 127 bytes
 *   organizationalUnitName;  ///< max 127 bytes
 *   city;                    ///< max 127 bytes
 *   state;                   ///< max 127 bytes
 *   country;                 ///< ISO 3166 code
 *   emailAddress;            ///< max 255 bytes
 */
struct Certificate {
   KId            id;
   StoreStatus     status;
   string         name;
   NamedValueList issuer;
   NamedValueList subject;
   NamedMultiValueList  subjectAlternativeNameList;
   string         fingerprint;       ///< 128-bit MD5, i.e. 16 hexa values separated by colons
   string         fingerprintSha1;  ///< 160-bit SHA1, i.e. 20 hexa values separated by colons
   string         fingerprintSha256;   ///< 512-bit SHA256, i.e. 64 hexa values separated by colons
   ValidPeriod    validPeriod;
   boolean        valid;            ///< exists and valid content
   CertificateType type;
   boolean        isUntrusted;
   string         verificationMessage;
   StringList     chainInfo;
   boolean        isSelfSigned;
};

typedef sequence<Certificate> CertificateList;

/**
 * Manager of Certificates
 */
interface Certificates {

   /**
    * Obtain a list of certificates
    *
    * @param certificates - current list of certificates
    * @param  totalItems - count of all services on server (before the start/limit applied)
    * @param  query - conditions and limits. Included from weblib.
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void get(out CertificateList certificates, out long totalItems, in SearchQuery query);

   /**
    * Renames certificate
    *
    * @param  id - ID of certificate to rename
    * @param name - new name of the certificate
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1002  No such entity.  - "Unable to find certificate."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void setName(in KId id, in string name);

   /**
    * Remove list of certificate records
    *
    * @param errors - error message list
    * @param ids - list of identifiers of deleted user templates
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1002  No such entity.  - "Certificate not found."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void remove(out ErrorList errors, in KIdList ids);

   /**
    * Generate certificate.
    *
    * @see Control team has generateEx(), which supports subjectAltNames (unity).
    *
    * @param  id - ID of generated certificate
    * @param  subject - properties specified by user
    * @param  name - name of the new certificate
    * @param  type - type of certificate to be generated, valid input is one of: InactiveCertificate/CertificateRequest/LocalAuthority
    * @param  period - time properties specified by user, not relevant for CertificateRequest
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    *                Invalid params.  - "Unable to generate certificate, expiration date has already passed."
    *                Invalid params.  - "Unable to generate certificate, properties are invalid."
    */
   void generate(out KId id, in NamedValueList subject, in string name, in CertificateType type, in ValidPeriod period);

   /**
    * Get a list of countries.
    *
    * @param  countries - list of countries (name and ISO 3166 code)
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired.  - "The user is not logged in."
    *          1004  Access denied.    - "Insufficient rights to perform the requested operation."
    */
   void getCountryList(out NamedValueList countries);

   /**
    * Import certificate in PEM format
    *
    * @param  id - ID of generated certificate
    * @param  keyId - ID assigned to imported private key, @see importPrivateKey
    * @param  fileId - id of uploaded file
    * @param  name - name of the new certificate
    * @param  type - type of certificate to be imported, valid input is one of: InactiveCertificate/Authority/LocalAuthority
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1000  OperationFailed. - "Unable to import certificate, certificate already imported."
    *          1000  OperationFailed. - "Unable to import certificate, key is not valid for imported certificate."
    *          1000  OperationFailed. - "Unable to import certificate, it's not a Certificate Authority."
    *          1002  No such entity.  - "Unable to import certificate, key not found."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    *                Invalid params.  - "Unable to import certificate, the content is invalid."
    */
   void importCertificate(out KId id, in KId keyId, in string fileId, in string name, in CertificateType type);

   /**
    * Import private key. It generates ID, so it can be linked to Certificate content imported later, @see importCertificate
    *
    * @param  keyId - generated ID for new key
    * @param  needPassword - true if private key is encrypted with password
    * @param  fileId - id of uploaded file
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1002  No such entity.  - "Uploaded file does not exist."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    *                Invalid params.  - "Unable to import private key, content is invalid."
    */
   void importPrivateKey(out KId keyId, out boolean needPassword, in string fileId);

   /**
    * Try to parse imported private key. Need to be called, when @importPrivateKey returns needPassword == true.
    *
    * @param  keyId - ID assigned to imported private key, @see importPrivateKey
    * @param  password - certificate password
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1000  OperationFailed. - "Unable to import certificate, key already decrypted."
    *          1000  OperationFailed. - "Unable to import certificate, password is not valid."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    *                Invalid params.  - "Unable to parse private key with given password!"
    */
   void unlockPrivateKey(in KId keyId, in string password);

   /**
    * Export of certificate or certificate request
    * Note: "export" is a keyword in C++, so name of the method must be changed: exportCertificate
    *
    * @param fileDownload - description of the output file
    * @param id - ID of the certificate or certificate request
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1000  OperationFailed. - "Unable to export certificate."
    *          1002  No such entity.  - "Unable to find certificate."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void exportCertificate(out Download fileDownload, in KId id);

   /**
    * Export of certificate or request privatekey
    * Note: "export" is a keyword in C++, so the name of the method must be changed: exportPrivateKey
    *
    * @param fileDownload - description of the output file
    * @param id - ID of the certificate or certificate request
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1000  OperationFailed. - "Unable to export certificate."
    *          1002  No such entity.  - "Unable to find certificate."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void exportPrivateKey(out Download fileDownload, in KId id);

   /**
    * Obtain source (plain-text representation) of the certificate
    *
    * @param source - certificate in plain text
    * @param id - global identifier
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1002  No such entity.  - "Unable to find certificate."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void toSource(out string source, in KId id);
   
};

}; // module web
}; // module kerio