1586 lines
51 KiB
JSON
1586 lines
51 KiB
JSON
{
|
|
"openapi": "3.0.0",
|
|
"info": {
|
|
"title": "REST4i - Security Services",
|
|
"description": "Security Services provide APIs relating to security, such as the management of digital certificates and the retrieval of TLS system information. All the digital certificate management APIs require the Digital Certificate Manager, option 34 of the IBM i licensed program (5761-SS1), be installed. In addition, the authenticated user must have the *ALLOBJ and *SECADM special authorities.",
|
|
"version": "1.0.7-rest4i",
|
|
"contact": {
|
|
"name": "API Support",
|
|
"url": "https://github.com/rest4i"
|
|
},
|
|
"license": {
|
|
"name": "Apache 2.0",
|
|
"url": "https://www.apache.org/licenses/LICENSE-2.0.html"
|
|
}
|
|
},
|
|
"servers": [
|
|
{
|
|
"url": "/rest4i/api"
|
|
}
|
|
],
|
|
"tags": [
|
|
{
|
|
"name": "Security Services",
|
|
"description": "Security Services provide APIs relating to security, such as the management of digital certificates and the retrieval of TLS system information."
|
|
}
|
|
],
|
|
"paths": {
|
|
"/v1/security/dcm/cert/delete": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Delete a digital certificate.",
|
|
"description": "Delete a digital certificate.",
|
|
"operationId": "securityDCMDeleteCertificate",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to delete a digital certificate.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertRequest"
|
|
},
|
|
"example": {
|
|
"certStoreType": "CMS",
|
|
"certStorePath": "*SYSTEM",
|
|
"certStorePassword": "passw0rd",
|
|
"certAlias": "mylabel"
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"204": {
|
|
"description": "Request successful, no content."
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/tls": {
|
|
"get": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Retrieve system transport layer security (TLS) attributes.",
|
|
"description": "The API retrieves TLS attributes for the system. The system level settings are based on TLS System Values and System Service Tools (SST) Advanced Analysis command TLSCONFIG that allows viewing or altering of system-wide system TLS default properties.",
|
|
"operationId": "securityTLSGetAttributes",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"responses": {
|
|
"200": {
|
|
"description": "Successful request.",
|
|
"content": {
|
|
"application/json": {
|
|
"example": {
|
|
"supportedProtocols": ["TLSv1.3", "TLSv1.2"],
|
|
"eligibleDefaultProtocols": ["TLSv1.3", "TLSv1.2"],
|
|
"defaultProtocols": ["TLSv1.3", "TLSv1.2"],
|
|
"supportedCipherSuites": ["AES_128_GCM_SHA256", "AES_256_GCM_SHA384"],
|
|
"defaultMinimumRSAKeySize": 0,
|
|
"handshakeConnectionCounts": false,
|
|
"secureSessionCaching": true,
|
|
"auditSecureTelnetHandshakes": false
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/cert/export": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Export a digital certificate.",
|
|
"description": "Export a digital certificate. Only server/client and CA certificates can be exported. Certificates can be exported in the DER, PEM, or PKCS12 formats.",
|
|
"operationId": "securityDCMExportCertificate",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to export a digital certificate.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertExportRequest"
|
|
},
|
|
"example": {
|
|
"certStoreType": "CMS",
|
|
"certStorePath": "*SYSTEM",
|
|
"certStorePassword": "passw0rd",
|
|
"certFormat": "PKCS12",
|
|
"certAlias": "mylabel",
|
|
"certDataPassword": "myPassw0rd"
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"200": {
|
|
"description": "Successful request.",
|
|
"content": {
|
|
"application/json": {
|
|
"example": {
|
|
"certFormat": "PKCS12",
|
|
"certData": "BASE64-BLOB"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/cert/info": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Get detailed certificate information.",
|
|
"description": "Get detailed certificate information, such as subject, issuer, subject alternative names, and serial number.",
|
|
"operationId": "securityDCMGetCertificate",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to get detailed information about a digital certificate.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertRequest"
|
|
},
|
|
"example": {
|
|
"certStoreType": "CMS",
|
|
"certStorePath": "*SYSTEM",
|
|
"certStorePassword": "passw0rd",
|
|
"certAlias": "mylabel"
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"200": {
|
|
"description": "Successful request.",
|
|
"content": {
|
|
"application/json": {
|
|
"example": {
|
|
"alias": "UNIQUE-SAN",
|
|
"trusted": true,
|
|
"subject": "C=US,SP=Minnesota,O=IBM,CN=UniQue",
|
|
"issuer": "C=US,SP=Any,O=IBM Web Administration for i,CN=mysystem_CERTIFICATE_AUTHORITY",
|
|
"keyAlgorithm": "ECDSA",
|
|
"keySize": 256,
|
|
"hasPrivateKey": true,
|
|
"signatureAlgorithm": "RSA_SHA256",
|
|
"keyStorageLocation": "SOFTWARE",
|
|
"serialNumber": "6526CFBC0601B8",
|
|
"effectiveDate": "10/10/23 11:39:24",
|
|
"expirationDate": "10/10/24 11:39:24"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/appdef/associate": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Associate digital certificates to an application definition.",
|
|
"description": "Associate digital certificates to an application definition. A maximum of 4 certificates can be specified.",
|
|
"operationId": "securityDCMAppDefAssociateCertificate",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to assign digital certificates to an application definition.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertAppDefAssociateRequest"
|
|
},
|
|
"example": {
|
|
"appDefinitionID": "myappdef",
|
|
"certAliases": ["mylabel1", "mylabel2"]
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"204": {
|
|
"description": "Request successful, no content."
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/appdef/list": {
|
|
"get": {
|
|
"tags": ["Security Services"],
|
|
"summary": "List application definitions.",
|
|
"description": "Retrieve a list of application definitions. You can filter what is returned by application definition ID and application type.",
|
|
"operationId": "securityDCMAppidList",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
{
|
|
"name": "idFilter",
|
|
"in": "query",
|
|
"description": "Application definition ID filter.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
{
|
|
"name": "typeFilter",
|
|
"in": "query",
|
|
"description": "Application type filter. Possible values: SERVER, CLIENT, SERVER_CLIENT, OBJECT_SIGNING.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"responses": {
|
|
"200": {
|
|
"description": "Successful request.",
|
|
"content": {
|
|
"application/json": {
|
|
"example": {
|
|
"appDefinitions": [
|
|
{
|
|
"appDefinitionID": "QIBM_OS400_QRW_SVR_DDM_DRDA",
|
|
"appType": "SERVER",
|
|
"description": "IBM i DDM/DRDA Server - TCP/IP",
|
|
"certAliases": []
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/appdef/untrust": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Remove a certificate authority (CA) digital certificate from the application definition CA trust list.",
|
|
"description": "Remove a certificate authority (CA) digital certificate from the application definition CA trust list.",
|
|
"operationId": "securityDCMAppDefUntrustCertificate",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to remove a CA digital certificate from an application definition CA trust list.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertAppDefTrustRequest"
|
|
},
|
|
"example": {
|
|
"appDefinitionID": "myappdef",
|
|
"certAlias": "mylabel1"
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"204": {
|
|
"description": "Request successful, no content."
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/appdef/disassociate": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Disassociate digital certificates from an application definition.",
|
|
"description": "Disassociate digital certificates from an application definition. All certificates associated with the application definition will be disassociated.",
|
|
"operationId": "securityDCMAppDefDisassociateCertificate",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to disassociate digital certificates from an application definition.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertAppDefDisassociateRequest"
|
|
},
|
|
"example": {
|
|
"appDefinitionID": "myappdef"
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"204": {
|
|
"description": "Request successful, no content."
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/cert/list": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Retrieve a list of certificates in a certificate store.",
|
|
"description": "Retrieve a list of certificates in a certificate store. You can filter what is returned by alias, certificate type, days until expiration, and whether to include expired certificates.",
|
|
"operationId": "securityDCMListCertificates",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to list certificates in a certificate store.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertListRequest"
|
|
},
|
|
"example": {
|
|
"certStoreType": "CMS",
|
|
"certStorePath": "*SYSTEM",
|
|
"certStorePassword": "passw0rd",
|
|
"filters": {
|
|
"certAlias": "*",
|
|
"certTypes": ["SERVER_CLIENT", "CA", "CSR"],
|
|
"daysUntilExpiration": 5000,
|
|
"excludeExpired": false
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"200": {
|
|
"description": "Successful request.",
|
|
"content": {
|
|
"application/json": {
|
|
"example": {
|
|
"certificates": [
|
|
{
|
|
"certAlias": "GLOBAL-MULTISAN",
|
|
"commonName": "myserver.ibm.com",
|
|
"type": "SERVER_CLIENT",
|
|
"daysBeforeExpiration": 1831,
|
|
"keyAlgorithm": "ECDSA",
|
|
"keySize": 256,
|
|
"keyStorageLocation": "SOFTWARE",
|
|
"signatureAlgorithm": "ECDSA_SHA256"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/certstore/changepassword": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Change digital certificate store password.",
|
|
"description": "Change digital certificate store password. For system certificate stores of type CMS, if the current password is omitted, the system stash file will be used.",
|
|
"operationId": "securityDCMChangeCertificateStorePassword",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to change a digital certificate store password.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertStoreChangePasswordRequest"
|
|
},
|
|
"example": {
|
|
"certStoreType": "CMS",
|
|
"certStorePath": "*SYSTEM",
|
|
"certStorePassword": null,
|
|
"certStorePasswordNew": "myNewPassw0rd",
|
|
"daysToExpiration": 0
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"204": {
|
|
"description": "Request successful, no content."
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/appdef/trust": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Add certificate authority (CA) digital certificate to the application definition CA trust list.",
|
|
"description": "Add a CA certificate to the application definition CA trust list.",
|
|
"operationId": "securityDCMAppDefTrustCertificate",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to add an CA to the application definition CA trust list.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertAppDefTrustRequest"
|
|
},
|
|
"example": {
|
|
"appDefinitionID": "myappdef",
|
|
"certAlias": "mylabel1"
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"204": {
|
|
"description": "Request successful, no content."
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/dcm/cert/import": {
|
|
"post": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Import a digital certificate.",
|
|
"description": "Import a digital certificate. Only server/client or CA certificates can be imported. A certificate can be imported in the following formats: PKCS12, DER, or PEM.",
|
|
"operationId": "securityDCMImportCertificate",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"requestBody": {
|
|
"description": "The API properties required to import a digital certificate.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/rest4i_DCMCertImportRequest"
|
|
},
|
|
"example": {
|
|
"certStoreType": "CMS",
|
|
"certStorePath": "*SYSTEM",
|
|
"certStorePassword": "passw0rd",
|
|
"certType": "SERVER_CLIENT",
|
|
"certFormat": "PKCS12",
|
|
"certAlias": "mylabel",
|
|
"certData": "BASE64-BLOB",
|
|
"certDataPassword": "myPassw0rd"
|
|
}
|
|
}
|
|
},
|
|
"required": true
|
|
},
|
|
"responses": {
|
|
"204": {
|
|
"description": "Request successful, no content."
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/v1/security/tls/stats": {
|
|
"get": {
|
|
"tags": ["Security Services"],
|
|
"summary": "Retrieve system transport layer security (TLS) statistics.",
|
|
"description": "The API retrieves TLS statistics. The information returned includes TLS handshake connection counts by protocol type and cipher suite on the system since the last reset for the system.",
|
|
"operationId": "securityTLSGetStatistics",
|
|
"parameters": [
|
|
{
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "The authorization HTTP header.",
|
|
"schema": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
],
|
|
"responses": {
|
|
"200": {
|
|
"description": "Successful request.",
|
|
"content": {
|
|
"application/json": {
|
|
"example": {
|
|
"protocolCounters": {
|
|
"TLSv13": 5,
|
|
"TLSv12": 10,
|
|
"TLSv11": 0,
|
|
"TLSv10": 0,
|
|
"SSLv3": 0
|
|
},
|
|
"cipherSuiteCounters": {
|
|
"AES_128_GCM_SHA256": 0,
|
|
"AES_256_GCM_SHA384": 0,
|
|
"RSA_AES_128_GCM_SHA256": 15
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"400": {
|
|
"description": "Bad request.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"401": {
|
|
"description": "Unauthorized request was made.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"403": {
|
|
"description": "The request is forbidden.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"404": {
|
|
"description": "The specified resource was not found.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"500": {
|
|
"description": "Unable to process the request due to an internal server error.",
|
|
"content": {
|
|
"application/json": {
|
|
"schema": {
|
|
"$ref": "#/components/schemas/Problem"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"security": [
|
|
{
|
|
"bearerHttpAuthentication": []
|
|
},
|
|
{
|
|
"basicHttpAuthentication": []
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"components": {
|
|
"schemas": {
|
|
"rest4i_DCMCertRequest": {
|
|
"required": ["certAlias", "certStorePassword", "certStorePath", "certStoreType"],
|
|
"type": "object",
|
|
"properties": {
|
|
"certStoreType": {
|
|
"type": "string",
|
|
"description": "The type of the certificate store. Valid values: CMS."
|
|
},
|
|
"certStorePath": {
|
|
"type": "string",
|
|
"description": "Path to certificate store or one of the following special values: *SYSTEM, *LOCALCA, *OBJECTSIGNING, or *SIGNATUREVERIFICATION."
|
|
},
|
|
"certStorePassword": {
|
|
"type": "string",
|
|
"description": "The certificate store password."
|
|
},
|
|
"certAlias": {
|
|
"type": "string",
|
|
"description": "The certificate label."
|
|
}
|
|
},
|
|
"description": "Certificate request."
|
|
},
|
|
"rest4i_DCMCertExportRequest": {
|
|
"required": ["certAlias", "certFormat", "certStorePassword", "certStorePath", "certStoreType"],
|
|
"type": "object",
|
|
"properties": {
|
|
"certStoreType": {
|
|
"type": "string",
|
|
"description": "The type of the certificate store. Valid values: CMS."
|
|
},
|
|
"certStorePath": {
|
|
"type": "string",
|
|
"description": "Path to certificate store or one of the following special values: *SYSTEM, *LOCALCA, *OBJECTSIGNING, or SIGNATUREVERIFICATION."
|
|
},
|
|
"certStorePassword": {
|
|
"type": "string",
|
|
"description": "The certificate store password."
|
|
},
|
|
"certFormat": {
|
|
"type": "string",
|
|
"description": "The format of the certificate. Possible values: PKCS12, DER, or PEM."
|
|
},
|
|
"certAlias": {
|
|
"type": "string",
|
|
"description": "The certificate label."
|
|
},
|
|
"certDataPassword": {
|
|
"type": "string",
|
|
"description": "The password to access the certificate data that is returned."
|
|
}
|
|
},
|
|
"description": "Export certificate request."
|
|
},
|
|
"rest4i_DCMCertImportRequest": {
|
|
"required": ["certData", "certFormat", "certStorePassword", "certStorePath", "certStoreType", "certType"],
|
|
"type": "object",
|
|
"properties": {
|
|
"certStoreType": {
|
|
"type": "string",
|
|
"description": "The type of the certificate store. Valid values: CMS."
|
|
},
|
|
"certStorePath": {
|
|
"type": "string",
|
|
"description": "Path to certificate store or one of the following special values: *SYSTEM, *LOCALCA, *OBJECTSIGNING, or SIGNATUREVERIFICATION."
|
|
},
|
|
"certStorePassword": {
|
|
"type": "string",
|
|
"description": "The certificate store password."
|
|
},
|
|
"certType": {
|
|
"type": "string",
|
|
"description": "The certificate type. Possible values: CA, or SERVER_CLIENT"
|
|
},
|
|
"certFormat": {
|
|
"type": "string",
|
|
"description": "The format of the certificate. Possible values: PKCS12, DER, or PEM."
|
|
},
|
|
"certAlias": {
|
|
"type": "string",
|
|
"description": "The certificate label."
|
|
},
|
|
"certData": {
|
|
"type": "string",
|
|
"description": "Base64-encoded binary data object representing the certificate to be imported."
|
|
},
|
|
"certDataPassword": {
|
|
"type": "string",
|
|
"description": "The password to access the certificate data."
|
|
}
|
|
},
|
|
"description": "Import certificate request."
|
|
},
|
|
"rest4i_DCMCertListRequest": {
|
|
"required": ["certStorePassword", "certStorePath", "certStoreType"],
|
|
"type": "object",
|
|
"properties": {
|
|
"certStoreType": {
|
|
"type": "string",
|
|
"description": "The type of the certificate store. Valid values: CMS."
|
|
},
|
|
"certStorePath": {
|
|
"type": "string",
|
|
"description": "Path to certificate store or one of the following special values: *SYSTEM, *LOCALCA, *OBJECTSIGNING, or SIGNATUREVERIFICATION."
|
|
},
|
|
"certStorePassword": {
|
|
"type": "string",
|
|
"description": "The certificate store password."
|
|
},
|
|
"filters": {
|
|
"type": "object",
|
|
"properties": {
|
|
"certAlias": {
|
|
"type": "string",
|
|
"description": "Alias name filter. A simple generic name can be specified."
|
|
},
|
|
"certTypes": {
|
|
"type": "array",
|
|
"description": "Certificate types filter. Valid values: CA, SERVER_CLIENT.",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"daysUntilExpiration": {
|
|
"type": "integer",
|
|
"description": "Days until expiration filter."
|
|
},
|
|
"excludeExpired": {
|
|
"type": "boolean",
|
|
"description": "Whether to exclude expired certificates."
|
|
}
|
|
},
|
|
"description": "One or more combination of filters."
|
|
}
|
|
},
|
|
"description": "List certificate request."
|
|
},
|
|
"rest4i_DCMCertAppDefAssociateRequest": {
|
|
"required": ["appDefinitionID", "certAliases"],
|
|
"type": "object",
|
|
"properties": {
|
|
"appDefinitionID": {
|
|
"type": "string",
|
|
"description": "The application definition identifier."
|
|
},
|
|
"certAliases": {
|
|
"type": "array",
|
|
"description": "The certificate label. Maximum of 4.",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
},
|
|
"description": "Associate certificate(s) to an application definition."
|
|
},
|
|
"rest4i_DCMCertAppDefDisassociateRequest": {
|
|
"required": ["appDefinitionID"],
|
|
"type": "object",
|
|
"properties": {
|
|
"appDefinitionID": {
|
|
"type": "string",
|
|
"description": "The application definition identifier."
|
|
}
|
|
},
|
|
"description": "Disassociate certificates from an application definition."
|
|
},
|
|
"rest4i_DCMCertAppDefTrustRequest": {
|
|
"required": ["appDefinitionID", "certAlias"],
|
|
"type": "object",
|
|
"properties": {
|
|
"appDefinitionID": {
|
|
"type": "string",
|
|
"description": "The application definition identifier."
|
|
},
|
|
"certAlias": {
|
|
"type": "string",
|
|
"description": "The certificate label."
|
|
}
|
|
},
|
|
"description": "Add/remove a CA certificate to/from an application definition list of trusted CA certificates."
|
|
},
|
|
"rest4i_DCMCertStoreChangePasswordRequest": {
|
|
"required": ["certStorePassword", "certStorePasswordNew", "certStorePath", "certStoreType"],
|
|
"type": "object",
|
|
"properties": {
|
|
"certStoreType": {
|
|
"type": "string",
|
|
"description": "The type of the certificate store. Valid values: CMS."
|
|
},
|
|
"certStorePath": {
|
|
"type": "string",
|
|
"description": "Path to certificate store or one of the following special values: *SYSTEM, *LOCALCA, *OBJECTSIGNING, or SIGNATUREVERIFICATION."
|
|
},
|
|
"certStorePassword": {
|
|
"type": "string",
|
|
"description": "The certificate store password. If field omitted or set to null, the system stash will be used."
|
|
},
|
|
"certStorePasswordNew": {
|
|
"type": "string",
|
|
"description": "The new certificate store password."
|
|
},
|
|
"daysToExpiration": {
|
|
"type": "integer",
|
|
"description": "Number of days before password expires.",
|
|
"default": 0
|
|
}
|
|
},
|
|
"description": "Change certificate store password request."
|
|
},
|
|
"Problem": {
|
|
"type": "object",
|
|
"properties": {
|
|
"error": {
|
|
"type": "string"
|
|
},
|
|
"message": {
|
|
"type": "string"
|
|
},
|
|
"code": {
|
|
"type": "integer",
|
|
"format": "int32"
|
|
},
|
|
"details": {
|
|
"type": "object"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"securitySchemes": {
|
|
"bearerHttpAuthentication": {
|
|
"type": "http",
|
|
"description": "Bearer token authentication.",
|
|
"scheme": "bearer",
|
|
"bearerFormat": "Bearer [token]"
|
|
},
|
|
"basicHttpAuthentication": {
|
|
"type": "http",
|
|
"description": "Basic authentication.",
|
|
"scheme": "basic"
|
|
}
|
|
}
|
|
}
|
|
}
|