#3473 Switch to using RESTful interface in dogtag CA interface
Opened 11 years ago by rcritten. Modified 8 months ago

We currently do xml-like/javascript-ish requests and parsing to dogtag. dogtag 10 introduced a new RESTful API that should use instead. This provides a much cleaner interface and will require a lot less post-request processing on our side.

The pki tool can be used to model the capabilities.

From an end-user perspective nothing should change, this is all internal API work.

Documentation: ​http://pki.fedoraproject.org/wiki/REST#Current_Implementation


Duplicate ticket: #4004. We should rescope this change.

Starting to shape next release

Discussed with Fraser, this may be just natural part of the subCA work (#4559).

This work can wait - 4.2 is almost out of the door, no time for refactoring.

When switching, jcholast realized we should also move certmonger dogtag backend to REST interface. This will make it require Dogtag 10+, but I do not think there is many Dogtag 9 servers out there (except RHEL-6/CentOS-6 based ones).

This ticket is out of scope of 4.4.0 release. Moving to 4.4.1. Note that 4.4.1 needs to be triaged, therefore not everything will be implemented.

ipa-4-4:

  • faa9888 Allow Dogtag RestClient to perform requests without logging in
  • d812675 Add HTTPRequestError class
  • dd5ed21 Use Dogtag REST API for certificate requests

master:

  • 2a42a7e Allow Dogtag RestClient to perform requests without logging in
  • c5cbc8d Add HTTPRequestError class
  • 4c35afc Use Dogtag REST API for certificate requests

Aforementioned commits only address this ticket in part.
There are several more functions to be migrated to Dogtag REST API.

Reopening ticket.

Moving to next major version. Fixing this bug is not critical in stabilization release.

For cert retrieval to move to REST API, we depend on upstream
change: https://fedorahosted.org/pki/ticket/2601

Metadata Update from @rcritten:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.5

7 years ago

master:

  • 49f87f3 dogtag: remove redundant property definition

master:

  • 49f87f3 dogtag: remove redundant property definition

master:

  • 3ba0375 rabase.get_certificate: make serial number arg mandatory

Metadata Update from @mbasti:
- Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)

7 years ago

Some ground work landed in 4.4 and 4.5 milestones, but the whole task is not finished. Moving to 4.7 - next major.

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5.1)

7 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)

5 years ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

master:

  • d7f3a0b ra.get_certificate: use REST API

Metadata Update from @rcritten:
- Issue assigned to rcritten (was: ftweedal)
- Issue set to the milestone: None (was: FreeIPA 4.7.1)

8 months ago

Login to comment on this ticket.

Metadata