diff --git a/applications/tools/p2p-test/app-simulator/scripts/onBoardCluster.sh b/applications/tools/p2p-test/app-simulator/scripts/onBoardCluster.sh index cef2e2555c1..7c7de5e865b 100755 --- a/applications/tools/p2p-test/app-simulator/scripts/onBoardCluster.sh +++ b/applications/tools/p2p-test/app-simulator/scripts/onBoardCluster.sh @@ -16,7 +16,7 @@ echo '{ } config_gateway() { - config_version=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v1/config/corda.p2p.gateway/ | jq -r '.version') + config_version=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v5_3/config/corda.p2p.gateway/ | jq -r '.version') if [[ $MTLS == "Y" ]]; then tls_type="MUTUAL" else @@ -24,7 +24,7 @@ config_gateway() { fi raw_config=$(jq -n --arg tls_type "$tls_type" '.sslConfig.revocationCheck.mode="OFF" | .sslConfig.tlsType=$tls_type') body=$(jq -n --arg raw_config "$raw_config" --arg version $config_version '.section="corda.p2p.gateway" | .config=$raw_config |.schemaVersion.major=1 | .schemaVersion.minor=0| .version=$version') - curl --fail-with-body -s -S --insecure -u admin:admin -X PUT -d "$body" https://$1/api/v1/config + curl --fail-with-body -s -S --insecure -u admin:admin -X PUT -d "$body" https://$1/api/v5_3/config } build_cli_tool() { @@ -47,23 +47,23 @@ build_cpi() { } trust_cpi_keys() { - curl --insecure -u admin:admin -X PUT -F alias="gradle-plugin-default-key" -F certificate=@"$SCRIPT_DIR/gradle-plugin-default-key.pem" https://$1/api/v5_1/certificate/cluster/code-signer + curl --insecure -u admin:admin -X PUT -F alias="gradle-plugin-default-key" -F certificate=@"$SCRIPT_DIR/gradle-plugin-default-key.pem" https://$1/api/v5_3/certificate/cluster/code-signer keytool -exportcert -rfc -alias "signing key 1" -keystore "$WORKING_DIR"/signingkeys.pfx -storepass "keystore password" -file "$WORKING_DIR"/signingkey1.pem - curl --insecure -u admin:admin -X PUT -F alias="signingkey1-2022" -F certificate=@"$WORKING_DIR"/signingkey1.pem https://$1/api/v5_1/certificate/cluster/code-signer + curl --insecure -u admin:admin -X PUT -F alias="signingkey1-2022" -F certificate=@"$WORKING_DIR"/signingkey1.pem https://$1/api/v5_3/certificate/cluster/code-signer } allow_client_certificate() { - curl --fail-with-body --insecure -u admin:admin -X PUT https://$1/api/v1/mgm/$3/mutual-tls/allowed-client-certificate-subjects/"$2" + curl --fail-with-body --insecure -u admin:admin -X PUT https://$1/api/v5_3/mgm/$3/mutual-tls/allowed-client-certificate-subjects/"$2" } upload_cpi() { - local CPI_ID=$(curl --fail-with-body -s -S --insecure -u admin:admin -F upload=@$2 https://$1/api/v1/cpi/ | jq -M '.["id"]' | tr -d '"') + local CPI_ID=$(curl --fail-with-body -s -S --insecure -u admin:admin -F upload=@$2 https://$1/api/v5_3/cpi/ | jq -M '.["id"]' | tr -d '"') echo $CPI_ID } wait_for_cpi() { n=0 until [ "$n" -ge 25 ]; do - cpi_status=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v1/cpi/status/$2 | jq -r .status) + cpi_status=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v5_3/cpi/status/$2 | jq -r .status) if [[ "$cpi_status" == "OK" ]]; then break else @@ -75,14 +75,14 @@ wait_for_cpi() { } cpi_checksum() { - local CPI_CHECKSUM=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v1/cpi/status/$2 | jq -M '.["cpiFileChecksum"]' | tr -d '"') + local CPI_CHECKSUM=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v5_3/cpi/status/$2 | jq -M '.["cpiFileChecksum"]' | tr -d '"') echo $CPI_CHECKSUM } wait_for_vnode() { n=0 until [ "$n" -ge 25 ]; do - cpi_status=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v1/virtualnode/$2 | jq -r '.flowP2pOperationalStatus') + cpi_status=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v5_3/virtualnode/$2 | jq -r '.flowP2pOperationalStatus') if [[ $cpi_status == 'ACTIVE' ]]; then break else @@ -93,37 +93,37 @@ wait_for_vnode() { done } create_vnode() { - local HOLDING_ID_SHORT_HASH=$(curl --fail-with-body -s -S --insecure -u admin:admin -d '{ "request": { "cpiFileChecksum": "'$2'", "x500Name": "'$3'" } }' https://$1/api/v1/virtualnode | jq -M '.requestId' | tr -d '"') + local HOLDING_ID_SHORT_HASH=$(curl --fail-with-body -s -S --insecure -u admin:admin -d '{ "request": { "cpiFileChecksum": "'$2'", "x500Name": "'$3'" } }' https://$1/api/v5_3/virtualnode | jq -M '.requestId' | tr -d '"') wait_for_vnode $1 $HOLDING_ID_SHORT_HASH echo $HOLDING_ID_SHORT_HASH } assign_hsm_and_generate_session_key_pair() { - curl --fail-with-body -s -S --insecure -u admin:admin -X POST https://$1/api/v1/hsm/soft/$2/SESSION_INIT &> /dev/null - local MGM_SESSION_KEY_ID=$(curl --fail-with-body -s -S --insecure -u admin:admin -X POST https://$1/api/v5_1/key/$2/alias/$2-session/category/SESSION_INIT/scheme/CORDA.ECDSA.SECP256R1 | jq -M '.["id"]' | tr -d '"') + curl --fail-with-body -s -S --insecure -u admin:admin -X POST https://$1/api/v5_3/hsm/soft/$2/SESSION_INIT &> /dev/null + local MGM_SESSION_KEY_ID=$(curl --fail-with-body -s -S --insecure -u admin:admin -X POST https://$1/api/v5_3/key/$2/alias/$2-session/category/SESSION_INIT/scheme/CORDA.ECDSA.SECP256R1 | jq -M '.["id"]' | tr -d '"') echo $MGM_SESSION_KEY_ID } assign_hsm_and_generate_tls_key_pair() { - curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v1/hsm/soft/p2p/TLS &> /dev/null - MGM_TLS_KEY_ID=$(curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v5_1/key/p2p/alias/cluster-tls/category/TLS/scheme/CORDA.RSA | jq -M '.["id"]' | tr -d '"') + curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v5_3/hsm/soft/p2p/TLS &> /dev/null + MGM_TLS_KEY_ID=$(curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v5_3/key/p2p/alias/cluster-tls/category/TLS/scheme/CORDA.RSA | jq -M '.["id"]' | tr -d '"') echo $MGM_TLS_KEY_ID } assign_hsm_and_generate_edch_key_pair() { - curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v1/hsm/soft/$2/PRE_AUTH &> /dev/null - MGM_EDCH_KEY_ID=$(curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v5_1/key/$2/alias/$2-auth/category/PRE_AUTH/scheme/CORDA.ECDSA.SECP256R1 | jq -M '.["id"]' | tr -d '"') + curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v5_3/hsm/soft/$2/PRE_AUTH &> /dev/null + MGM_EDCH_KEY_ID=$(curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v5_3/key/$2/alias/$2-auth/category/PRE_AUTH/scheme/CORDA.ECDSA.SECP256R1 | jq -M '.["id"]' | tr -d '"') echo $MGM_EDCH_KEY_ID } assign_hsm_and_generate_ledger_key_pair() { - curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v1/hsm/soft/$2/LEDGER &> /dev/null - LEDGER_KEY_ID=$(curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v5_1/key/$2/alias/$2-ledger/category/LEDGER/scheme/CORDA.ECDSA.SECP256R1 | jq -M '.["id"]' | tr -d '"') + curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v5_3/hsm/soft/$2/LEDGER &> /dev/null + LEDGER_KEY_ID=$(curl --fail-with-body -s -S -k -u admin:admin -X POST https://$1/api/v5_3/key/$2/alias/$2-ledger/category/LEDGER/scheme/CORDA.ECDSA.SECP256R1 | jq -M '.["id"]' | tr -d '"') echo $LEDGER_KEY_ID } get_csr() { - curl --fail-with-body -s -S -k -u admin:admin -X POST -H "Content-Type: application/json" -d '{"x500Name": "'$2'", "subjectAlternativeNames": [ "'$3'" ]}' "https://$1/api/v5_1/certificate/p2p/$4" > "$WORKING_DIR"/$5.csr + curl --fail-with-body -s -S -k -u admin:admin -X POST -H "Content-Type: application/json" -d '{"x500Name": "'$2'", "subjectAlternativeNames": [ "'$3'" ]}' "https://$1/api/v5_3/certificate/p2p/$4" > "$WORKING_DIR"/$5.csr } sign_certificate() { @@ -131,7 +131,7 @@ sign_certificate() { } upload_certificate() { - curl --fail-with-body -s -S -k -u admin:admin -X PUT -F certificate=@$2 -F alias=cluster-tls "https://$1/api/v5_1/certificate/cluster/p2p-tls" + curl --fail-with-body -s -S -k -u admin:admin -X PUT -F certificate=@$2 -F alias=cluster-tls "https://$1/api/v5_3/certificate/cluster/p2p-tls" } register_node() { @@ -177,18 +177,18 @@ register_mgm() { wait_for_approve() { n=0 until [ "$n" -ge 25 ]; do - registrationStatus=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v1/membership/$2/$3 | jq -r .registrationStatus) + registrationStatus=$(curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v5_3/membership/$2/$3 | jq -r .registrationStatus) if [[ "$registrationStatus" == "APPROVED" ]]; then - curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v1/membership/$2/$3 | jq + curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v5_3/membership/$2/$3 | jq break elif [[ "$registrationStatus" == "DECLINED" ]]; then - curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v1/membership/$2/$3 | jq + curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v5_3/membership/$2/$3 | jq exit -1 elif [[ "$registrationStatus" == "FAILED" ]]; then - curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v1/membership/$2/$3 | jq + curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v5_3/membership/$2/$3 | jq exit -1 elif [[ "$registrationStatus" == "INVALID" ]]; then - curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v1/membership/$2/$3 | jq + curl --fail-with-body -s -S --insecure -u admin:admin https://$1/api/v5_3/membership/$2/$3 | jq exit -1 else echo "Registration status is $registrationStatus, waiting a bit" @@ -205,7 +205,7 @@ register() { echo $COMMAND | jq # Register - registrationId=$(curl --fail-with-body -s -S --insecure -u admin:admin -d " $COMMAND " https://$1/api/v1/membership/$2 | jq -r .registrationId) + registrationId=$(curl --fail-with-body -s -S --insecure -u admin:admin -d " $COMMAND " https://$1/api/v5_3/membership/$2 | jq -r .registrationId) echo "Registration Id $registrationId for $2" @@ -214,11 +214,11 @@ register() { } complete_network_setup() { - curl --fail-with-body -s -S -k -u admin:admin -X PUT -d '{"p2pTlsCertificateChainAlias": "cluster-tls", "sessionKeysAndCertificates": [{"sessionKeyId": "'$3'", "preferred": true}]}' "https://$1/api/v1/network/setup/$2" + curl --fail-with-body -s -S -k -u admin:admin -X PUT -d '{"p2pTlsCertificateChainAlias": "cluster-tls", "sessionKeysAndCertificates": [{"sessionKeyId": "'$3'", "preferred": true}]}' "https://$1/api/v5_3/network/setup/$2" } extract_group_policy() { - curl --fail-with-body -s -S --insecure -u admin:admin -X GET "https://$1/api/v1/mgm/$2/info" > "$WORKING_DIR"/GroupPolicy-out.json + curl --fail-with-body -s -S --insecure -u admin:admin -X GET "https://$1/api/v5_3/mgm/$2/info" > "$WORKING_DIR"/GroupPolicy-out.json } on_board_mgm() { diff --git a/applications/tools/p2p-test/app-simulator/scripts/runReceiver.sh b/applications/tools/p2p-test/app-simulator/scripts/runReceiver.sh index f898f318417..d232bf94a06 100755 --- a/applications/tools/p2p-test/app-simulator/scripts/runReceiver.sh +++ b/applications/tools/p2p-test/app-simulator/scripts/runReceiver.sh @@ -36,7 +36,7 @@ deploy_receiver() { } MGM_HOLDING_ID_SHORT_HASH=$(cat $MGM_HOLDING_ID_FILE) -GROUP_ID=$(curl --fail-with-body -s -S --insecure -u admin:admin -X GET https://$MGM_RPC/api/v1/members/$MGM_HOLDING_ID_SHORT_HASH | jq '.members[0].memberContext."corda.groupId"' | tr -d '"') +GROUP_ID=$(curl --fail-with-body -s -S --insecure -u admin:admin -X GET https://$MGM_RPC/api/v5_3/members/$MGM_HOLDING_ID_SHORT_HASH | jq '.members[0].memberContext."corda.groupId"' | tr -d '"') if kubectl get ns metrics-server > /dev/null 2>/dev/null ; then metrics_args=" -f \"$SCRIPT_DIR/app-simulator-eks.metrics.yaml\"" diff --git a/applications/tools/p2p-test/app-simulator/scripts/runSender.sh b/applications/tools/p2p-test/app-simulator/scripts/runSender.sh index dbc3294ab4c..e78b0964e27 100755 --- a/applications/tools/p2p-test/app-simulator/scripts/runSender.sh +++ b/applications/tools/p2p-test/app-simulator/scripts/runSender.sh @@ -42,7 +42,7 @@ deploy_sender() { echo "Starting Sender in $1 mode" MGM_HOLDING_ID_SHORT_HASH=$(cat $MGM_HOLDING_ID_FILE) -GROUP_ID=$(curl --fail-with-body -s -S --insecure -u admin:admin -X GET https://$MGM_RPC/api/v1/members/$MGM_HOLDING_ID_SHORT_HASH | jq '.members[0].memberContext."corda.groupId"' | tr -d '"') +GROUP_ID=$(curl --fail-with-body -s -S --insecure -u admin:admin -X GET https://$MGM_RPC/api/v5_3/members/$MGM_HOLDING_ID_SHORT_HASH | jq '.members[0].memberContext."corda.groupId"' | tr -d '"') HELM_A_X500_NAME=$(echo $A_X500_NAME | sed 's/,/\\,/g') HELM_B_X500_NAME=$(echo $B_X500_NAME | sed 's/,/\\,/g') diff --git a/applications/workers/release/combined-worker/README.md b/applications/workers/release/combined-worker/README.md index 2fafdc76285..dabe856db8f 100644 --- a/applications/workers/release/combined-worker/README.md +++ b/applications/workers/release/combined-worker/README.md @@ -136,7 +136,7 @@ Use one of the following run configuratons: ## Interact with the worker -The worker will expose the HTTP API on port 8888: https://localhost:8888/api/v1/swagger +The worker will expose the HTTP API on port 8888: https://localhost:8888/api/v5_3/swagger The status endpoint is also exposed: http://localhost:7000/status ## Smoketests diff --git a/applications/workers/release/flow-worker/README.md b/applications/workers/release/flow-worker/README.md index 9dbe31552ec..2288e8860b3 100644 --- a/applications/workers/release/flow-worker/README.md +++ b/applications/workers/release/flow-worker/README.md @@ -78,7 +78,7 @@ instructions below are for using curl. the CBP file.) ```shell -curl --insecure -u admin:admin -s -F upload=@./test-cordapp-5.0.0.0-SNAPSHOT-package.cpb https://localhost:8888/api/v1/cpi/ +curl --insecure -u admin:admin -s -F upload=@./test-cordapp-5.0.0.0-SNAPSHOT-package.cpb https://localhost:8888/api/v5_3/cpi/ ``` @@ -93,7 +93,7 @@ This should yield a result similar to this: 2) Get the status of the file upload and the cpi file checksum value ```shell -curl --insecure -u admin:admin https://localhost:8888/api/v1/cpi/status/[ID] +curl --insecure -u admin:admin https://localhost:8888/api/v5_3/cpi/status/[ID] ``` where ID is the UUID output from step 1 @@ -109,8 +109,8 @@ This should yield are result similar to this 3) Create a virtual node using the checksum returned from the step above ```shell -curl --insecure -u admin:admin -d '{ "cpiFileChecksum": "B669663F74EA", "x500Name": "C=GB, L=London, O=Alice" }' https://localhost:8888/api/v1/virtualnode -curl --insecure -u admin:admin -d '{ "cpiFileChecksum": "B669663F74EA", "x500Name": "C=GB, L=London, O=Bob" }' https://localhost:8888/api/v1/virtualnode +curl --insecure -u admin:admin -d '{ "cpiFileChecksum": "B669663F74EA", "x500Name": "C=GB, L=London, O=Alice" }' https://localhost:8888/api/v5_3/virtualnode +curl --insecure -u admin:admin -d '{ "cpiFileChecksum": "B669663F74EA", "x500Name": "C=GB, L=London, O=Bob" }' https://localhost:8888/api/v5_3/virtualnode ``` This should yield a result similar to this for first request: @@ -136,8 +136,8 @@ This should yield a result similar to this for first request: 4) Register the members to the network ```shell -curl --insecure -u admin:admin -d '{ "context": { "corda.key.scheme" : "CORDA.ECDSA.SECP256R1" } }' https://localhost:8888/api/v1/membership/3B8DECDDD6E2 -curl --insecure -u admin:admin -d '{ "context": { "corda.key.scheme" : "CORDA.ECDSA.SECP256R1" } }' https://localhost:8888/api/v1/membership/44D0F817B592 +curl --insecure -u admin:admin -d '{ "context": { "corda.key.scheme" : "CORDA.ECDSA.SECP256R1" } }' https://localhost:8888/api/v5_3/membership/3B8DECDDD6E2 +curl --insecure -u admin:admin -d '{ "context": { "corda.key.scheme" : "CORDA.ECDSA.SECP256R1" } }' https://localhost:8888/api/v5_3/membership/44D0F817B592 ``` ### Calling the flow and testing for a result @@ -146,7 +146,7 @@ curl --insecure -u admin:admin -d '{ "context": { "corda.key.scheme" : "CORDA.EC ```shell curl --insecure -u admin:admin -X 'POST' \ - 'https://localhost:8888/api/v1/flow/3B8DECDDD6E2' \ + 'https://localhost:8888/api/v5_3/flow/3B8DECDDD6E2' \ -d '{ "clientRequestId": "request1", "flowClassName": "com.r3.corda.testing.testflows.MessagingFlow", @@ -159,5 +159,5 @@ The holding ID is taken from the output of the 'create virtual node' step 2) Check on the progress of the flow: ```shell -curl --insecure -u admin:admin https://localhost:8888/api/v1/flow/[HOLDING_ID_HASH]/request1 +curl --insecure -u admin:admin https://localhost:8888/api/v5_3/flow/[HOLDING_ID_HASH]/request1 ``` diff --git a/charts/corda/templates/NOTES.txt b/charts/corda/templates/NOTES.txt index e73fdbb27be..2093fdb726d 100644 --- a/charts/corda/templates/NOTES.txt +++ b/charts/corda/templates/NOTES.txt @@ -10,14 +10,14 @@ kubectl get secret {{ include "corda.restApiAdminPasswordSecretName" . }} --name 2. The API endpoint definition can then be accessed via: {{- range .Values.workers.rest.ingress.hosts }} -https://{{ . }}/api/v1/swagger +https://{{ . }}/api/v5_3/swagger {{- end }} {{- else }} 2. Expose the API endpoint on localhost by running this command: kubectl port-forward --namespace {{ .Release.Namespace }} deployment/{{ include "corda.fullname" . }}-rest-worker 8888 & -3. The API endpoint definition can then be accessed via: https://localhost:8888/api/v1/swagger +3. The API endpoint definition can then be accessed via: https://localhost:8888/api/v5_3/swagger {{- end }} diff --git a/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/MGMRestResourceImpl.kt b/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/MGMRestResourceImpl.kt index 6837d59a77b..2b6fb11d62d 100644 --- a/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/MGMRestResourceImpl.kt +++ b/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/MGMRestResourceImpl.kt @@ -285,17 +285,9 @@ class MGMRestResourceImpl internal constructor( reason: ManualDeclinationReason ) = impl.declineRegistrationRequest(holdingIdentityShortHash, requestId, reason) - @Deprecated("Deprecated in favour of suspendMember") - override fun deprecatedSuspendMember(holdingIdentityShortHash: String, suspensionParams: SuspensionActivationParameters) = - impl.suspendMember(holdingIdentityShortHash, suspensionParams) - override fun suspendMember(holdingIdentityShortHash: String, suspensionParams: SuspensionActivationParameters) = impl.suspendMember(holdingIdentityShortHash, suspensionParams.throwBadRequestIfNoSerialNumber()) - @Deprecated("Deprecated in favour of activateMember") - override fun deprecatedActivateMember(holdingIdentityShortHash: String, activationParams: SuspensionActivationParameters) = - impl.activateMember(holdingIdentityShortHash, activationParams) - override fun activateMember(holdingIdentityShortHash: String, activationParams: SuspensionActivationParameters) = impl.activateMember(holdingIdentityShortHash, activationParams.throwBadRequestIfNoSerialNumber()) diff --git a/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/MemberLookupRestResourceImpl.kt b/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/MemberLookupRestResourceImpl.kt index d3cd5ec9052..d0de45f5968 100644 --- a/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/MemberLookupRestResourceImpl.kt +++ b/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/MemberLookupRestResourceImpl.kt @@ -91,29 +91,7 @@ class MemberLookupRestResourceImpl @Activate constructor( coordinator.stop() } - @Deprecated("Deprecated in favour of lookupV51") override fun lookup( - holdingIdentityShortHash: String, - commonName: String?, - organization: String?, - organizationUnit: String?, - locality: String?, - state: String?, - country: String?, - statuses: List, - ) = impl.lookup( - ShortHash.parseOrThrow(holdingIdentityShortHash), - commonName, - organization, - organizationUnit, - locality, - state, - country, - statuses.toSet(), - false - ) - - override fun lookupV51( holdingIdentityShortHash: String, commonName: String?, organization: String?, diff --git a/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/deprecated/CertificatesRestResourceImpl.kt b/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/deprecated/CertificatesRestResourceImpl.kt deleted file mode 100644 index 13ff46660b2..00000000000 --- a/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/deprecated/CertificatesRestResourceImpl.kt +++ /dev/null @@ -1,483 +0,0 @@ -@file:Suppress("DEPRECATION") - -package net.corda.membership.impl.rest.v1.deprecated - -import net.corda.crypto.cipher.suite.KeyEncodingService -import net.corda.crypto.cipher.suite.SignatureSpecImpl -import net.corda.crypto.cipher.suite.SignatureSpecs -import net.corda.crypto.cipher.suite.schemes.EDDSA_ED25519_TEMPLATE -import net.corda.crypto.cipher.suite.schemes.GOST3410_GOST3411_TEMPLATE -import net.corda.crypto.client.CryptoOpsClient -import net.corda.crypto.core.CryptoConsts -import net.corda.crypto.core.CryptoTenants -import net.corda.crypto.core.CryptoTenants.allClusterTenants -import net.corda.crypto.core.DefaultSignatureOIDMap -import net.corda.crypto.core.ShortHash -import net.corda.crypto.core.ShortHashException -import net.corda.data.certificates.CertificateUsage -import net.corda.data.crypto.wire.CryptoSigningKey -import net.corda.libs.platform.PlatformInfoProvider -import net.corda.lifecycle.Lifecycle -import net.corda.lifecycle.LifecycleCoordinatorFactory -import net.corda.lifecycle.LifecycleCoordinatorName -import net.corda.lifecycle.LifecycleStatus -import net.corda.membership.certificate.client.CertificatesClient -import net.corda.membership.certificates.CertificateUsageUtils.publicName -import net.corda.membership.impl.rest.v1.lifecycle.RestResourceLifecycleHandler -import net.corda.membership.rest.v1.CertificatesRestResource -import net.corda.membership.rest.v1.CertificatesRestResource.Companion.SIGNATURE_SPEC -import net.corda.rest.HttpFileUpload -import net.corda.rest.PluggableRestResource -import net.corda.rest.exception.InvalidInputDataException -import net.corda.rest.exception.ResourceNotFoundException -import net.corda.rest.messagebus.MessageBusUtils.tryWithExceptionHandling -import net.corda.v5.base.types.MemberX500Name -import net.corda.v5.crypto.KeySchemeCodes.ECDSA_SECP256K1_CODE_NAME -import net.corda.v5.crypto.KeySchemeCodes.ECDSA_SECP256R1_CODE_NAME -import net.corda.v5.crypto.KeySchemeCodes.RSA_CODE_NAME -import net.corda.v5.crypto.KeySchemeCodes.SM2_CODE_NAME -import net.corda.v5.crypto.KeySchemeCodes.SPHINCS256_CODE_NAME -import net.corda.v5.crypto.SignatureSpec -import net.corda.virtualnode.read.VirtualNodeInfoReadService -import net.corda.virtualnode.read.rest.extensions.createKeyIdOrHttpThrow -import net.corda.virtualnode.read.rest.extensions.getByHoldingIdentityShortHashOrThrow -import net.corda.virtualnode.read.rest.extensions.ofOrThrow -import net.corda.virtualnode.read.rest.extensions.parseOrThrow -import org.apache.commons.validator.routines.InetAddressValidator -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.pkcs_9_at_extensionRequest -import org.bouncycastle.asn1.x509.AlgorithmIdentifier -import org.bouncycastle.asn1.x509.Extension -import org.bouncycastle.asn1.x509.Extension.subjectAlternativeName -import org.bouncycastle.asn1.x509.ExtensionsGenerator -import org.bouncycastle.asn1.x509.GeneralName -import org.bouncycastle.asn1.x509.GeneralName.dNSName -import org.bouncycastle.asn1.x509.GeneralName.iPAddress -import org.bouncycastle.asn1.x509.GeneralNames -import org.bouncycastle.asn1.x509.KeyUsage -import org.bouncycastle.jce.X509KeyUsage.digitalSignature -import org.bouncycastle.openssl.jcajce.JcaPEMWriter -import org.bouncycastle.operator.ContentSigner -import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder -import org.osgi.service.component.annotations.Activate -import org.osgi.service.component.annotations.Component -import org.osgi.service.component.annotations.Reference -import org.slf4j.LoggerFactory -import java.io.ByteArrayOutputStream -import java.io.StringWriter -import java.net.URI -import java.net.URISyntaxException -import java.security.PublicKey -import java.security.cert.CertificateFactory -import java.security.cert.X509Certificate -import javax.security.auth.x500.X500Principal - -/* - * Deprecated: - * This version of CertificatesRestResourceImpl supports endpoints located at v1/certificates/ * only - * From v5_1 upwards, /certificate/ * is used. Any changes do these resources should be made at [CertificateRestResourceImpl]. - */ -@Deprecated("Deprecated in favour of CertificateRestResourceImpl") -@SuppressWarnings("LongParameterList") -@Component(service = [PluggableRestResource::class]) -class CertificatesRestResourceImpl @Activate constructor( - @Reference(service = CryptoOpsClient::class) - private val cryptoOpsClient: CryptoOpsClient, - @Reference(service = KeyEncodingService::class) - private val keyEncodingService: KeyEncodingService, - @Reference(service = LifecycleCoordinatorFactory::class) - private val lifecycleCoordinatorFactory: LifecycleCoordinatorFactory, - @Reference(service = CertificatesClient::class) - private val certificatesClient: CertificatesClient, - @Reference(service = VirtualNodeInfoReadService::class) - private val virtualNodeInfoReadService: VirtualNodeInfoReadService, - @Reference(service = PlatformInfoProvider::class) - private val platformInfoProvider: PlatformInfoProvider, -) : CertificatesRestResource, PluggableRestResource, Lifecycle { - - private companion object { - private val logger = LoggerFactory.getLogger(this::class.java.enclosingClass) - - private val defaultCodeNameToSpec = mapOf( - ECDSA_SECP256K1_CODE_NAME to SignatureSpecs.ECDSA_SHA256, - ECDSA_SECP256R1_CODE_NAME to SignatureSpecs.ECDSA_SHA256, - EDDSA_ED25519_TEMPLATE to SignatureSpecs.EDDSA_ED25519, - GOST3410_GOST3411_TEMPLATE to SignatureSpecs.GOST3410_GOST3411, - RSA_CODE_NAME to SignatureSpecs.RSA_SHA512, - SM2_CODE_NAME to SignatureSpecs.SM2_SM3, - SPHINCS256_CODE_NAME to SignatureSpecs.SPHINCS256_SHA512, - ) - - fun getSignatureSpec( - key: CryptoSigningKey, - defaultSpec: String? - ): SignatureSpec { - if (defaultSpec != null) { - return SignatureSpecImpl(defaultSpec) - } - - return defaultCodeNameToSpec[key.schemeCodeName] - ?: throw ResourceNotFoundException("Can not find any spec for ${key.schemeCodeName}. Use signatureSpec explicitly") - } - } - - override fun generateCsr( - tenantId: String, - keyId: String, - x500Name: String, - subjectAlternativeNames: List?, - contextMap: Map?, - ): String { - logger.warn("Deprecated, please use next version at /certificate/{tenantId}/{keyId}") - - validateTenantId(tenantId) - - val key = tryWithExceptionHandling(logger, "find key with ID $keyId for $tenantId") { - cryptoOpsClient.lookupKeysByIds( - tenantId = tenantId, - keyIds = listOf(createKeyIdOrHttpThrow(keyId)) - ) - }.firstOrNull() ?: throw ResourceNotFoundException("Can not find any key with ID $keyId for $tenantId") - val principal = when (key.category) { - CryptoConsts.Categories.SESSION_INIT -> validateSessionCertificateSubject( - tenantId, - x500Name, - ) - CryptoConsts.Categories.TLS -> { - validateNodeSessionCertificateSubject(x500Name).x500Principal - } - else -> { - validateX500Name(x500Name) - } - } - val publicKey = keyEncodingService.decodePublicKey(key.publicKey.array()) - - val extensionsGenerator = ExtensionsGenerator() - extensionsGenerator.addExtension( - Extension.keyUsage, - true, - KeyUsage(digitalSignature) - ) - subjectAlternativeNames?.forEach { name -> - if (InetAddressValidator.getInstance().isValid(name)) { - val altName = GeneralName(iPAddress, name) - val subjectAltName = GeneralNames(altName) - extensionsGenerator.addExtension(subjectAlternativeName, true, subjectAltName) - } else if (validateHostname(name)) { - val altName = GeneralName(dNSName, name) - val subjectAltName = GeneralNames(altName) - extensionsGenerator.addExtension(subjectAlternativeName, true, subjectAltName) - } else { - val message = "$name is not a valid domain name or IP address" - throw InvalidInputDataException( - title = message, - details = mapOf("subjectAlternativeNames" to message), - ) - } - } - val signatureSpec = contextMap?.get(SIGNATURE_SPEC) - - val spec = getSignatureSpec(key, signatureSpec) - - val signer = CsrContentSigner(spec, publicKey, tenantId) - - val p10Builder = JcaPKCS10CertificationRequestBuilder( - principal, - publicKey - ) - - p10Builder - .addAttribute(pkcs_9_at_extensionRequest, extensionsGenerator.generate()) - - val csr = p10Builder.build(signer) - - return StringWriter().use { - JcaPEMWriter(it).use { jcaPEMWriter -> - jcaPEMWriter.writeObject(csr) - } - it.toString() - } - } - - override fun importCertificateChain( - usage: String, - holdingIdentityId: String?, - alias: String, - certificates: List, - ) { - logger.warn("Deprecated, please use next version at /certificate/cluster/{usage}") - - if (alias.isBlank()) { - throw InvalidInputDataException( - details = mapOf("alias" to "Empty alias") - ) - } - // validate certificate - if (certificates.isEmpty()) { - throw InvalidInputDataException( - details = mapOf("certificate" to "No certificates") - ) - } - val holdingIdentityShortHash = if (holdingIdentityId != null) { - ShortHash.ofOrThrow(holdingIdentityId) - } else { - null - } - val usageType = CertificateUsage.values().firstOrNull { - it.publicName.equals(usage.trim(), ignoreCase = true) - } ?: throw InvalidInputDataException( - details = mapOf("usage" to "Unknown usage: $usage") - ) - val rawCertificates = certificates.map { - it.content.reader().readText() - } - val x509Certificates = try { - rawCertificates.flatMap { rawCertificate -> - CertificateFactory - .getInstance("X.509") - .generateCertificates(rawCertificate.byteInputStream()) - } - } catch (e: Exception) { - logger.warn("Invalid certificate", e) - throw InvalidInputDataException( - details = mapOf("certificate" to "Not a valid certificate: ${e.message}") - ) - }.filterIsInstance() - - if (x509Certificates.isEmpty()) { - throw InvalidInputDataException( - "No certificates in PEM" - ) - } - if (usageType == CertificateUsage.P2P_SESSION) { - if (holdingIdentityShortHash == null) { - throw InvalidInputDataException( - details = mapOf( - "holdingIdentityId" to - "P2P Session certificate can only be imported to holding identity." - ) - ) - } - val node = - virtualNodeInfoReadService.getByHoldingIdentityShortHash(holdingIdentityShortHash) - ?: throw InvalidInputDataException( - details = mapOf( - "holdingIdentityId" to - "Can not find virtual node $holdingIdentityShortHash." - ) - ) - - val firstCertificate = x509Certificates.first() - val subject = try { - MemberX500Name.build(firstCertificate.subjectX500Principal) - } catch (e: IllegalArgumentException) { - throw InvalidInputDataException( - details = mapOf( - "certificate" to - "The X500 name of the certificate is not a valid Corda X500 name: ${e.message}." - ) - ) - } - if (subject != node.holdingIdentity.x500Name) { - throw InvalidInputDataException( - details = mapOf( - "certificate" to - "The session certificate subject must be the same as the member name." - ) - ) - } - } - - tryWithExceptionHandling(logger, "import certificate") { - certificatesClient.importCertificates( - usageType, - holdingIdentityShortHash, - alias, - rawCertificates.joinToString(separator = "\n"), - ) - } - } - - override fun getCertificateAliases(usage: String, holdingIdentityId: String?): List { - logger.warn("Deprecated, please use next version at /certificate/cluster/{usage}") - - val holdingIdentityShortHash = if (holdingIdentityId != null) { - ShortHash.ofOrThrow(holdingIdentityId) - } else { - null - } - val usageType = CertificateUsage.values().firstOrNull { - it.publicName.equals(usage.trim(), ignoreCase = true) - } ?: throw InvalidInputDataException( - details = mapOf("usage" to "Unknown usage: $usage") - ) - - return tryWithExceptionHandling(logger, "get certificate aliases") { - certificatesClient.getCertificateAliases( - usageType, - holdingIdentityShortHash, - ) - }.toList() - } - - override fun getCertificateChain(usage: String, holdingIdentityId: String?, alias: String): String { - logger.warn("Deprecated, please use next version at /certificate/cluster/{usage}/{alias}") - if (alias.isBlank()) { - throw InvalidInputDataException( - details = mapOf("alias" to "Empty alias") - ) - } - val holdingIdentityShortHash = if (holdingIdentityId != null) { - ShortHash.ofOrThrow(holdingIdentityId) - } else { - null - } - val usageType = CertificateUsage.values().firstOrNull { - it.publicName.equals(usage.trim(), ignoreCase = true) - } ?: throw InvalidInputDataException( - details = mapOf("usage" to "Unknown usage: $usage") - ) - - return tryWithExceptionHandling(logger, "get certificate chain") { - certificatesClient.retrieveCertificates( - holdingIdentityShortHash, - usageType, - alias - ) - } ?: throw ResourceNotFoundException(alias, "alias") - } - - override val targetInterface = CertificatesRestResource::class.java - - override val protocolVersion get() = platformInfoProvider.localWorkerPlatformVersion - - private val coordinatorName = LifecycleCoordinatorName.forComponent( - protocolVersion.toString() - ) - private fun updateStatus(status: LifecycleStatus, reason: String) { - coordinator.updateStatus(status, reason) - } - - private fun activate(reason: String) { - updateStatus(LifecycleStatus.UP, reason) - } - - private fun deactivate(reason: String) { - updateStatus(LifecycleStatus.DOWN, reason) - } - - private val lifecycleHandler = RestResourceLifecycleHandler( - ::activate, - ::deactivate, - setOf( - LifecycleCoordinatorName.forComponent(), - LifecycleCoordinatorName.forComponent(), - ) - ) - private val coordinator = lifecycleCoordinatorFactory.createCoordinator(coordinatorName, lifecycleHandler) - - override val isRunning - get() = coordinator.status == LifecycleStatus.UP - - override fun start() { - coordinator.start() - } - - override fun stop() { - coordinator.stop() - } - - private inner class CsrContentSigner( - private val signatureSpec: SignatureSpec, - private val publicKey: PublicKey, - private val tenantId: String, - ) : ContentSigner { - private val outputStream = ByteArrayOutputStream() - - override fun getAlgorithmIdentifier(): AlgorithmIdentifier { - return DefaultSignatureOIDMap.inferSignatureOID(publicKey, signatureSpec) - ?: throw ResourceNotFoundException("Can not find algorithm identifier for ${signatureSpec.signatureName}") - } - - override fun getOutputStream() = outputStream - - override fun getSignature(): ByteArray { - return cryptoOpsClient.sign( - tenantId = tenantId, - publicKey = publicKey, - signatureSpec = signatureSpec, - outputStream.toByteArray(), - ).bytes - } - } - - private fun validateX500Name(x500Name: String): X500Principal { - return try { - X500Principal(x500Name) - } catch (e: IllegalArgumentException) { - throw InvalidInputDataException( - "The X500 name of the certificate is invalid: ${e.message}.", - mapOf("x500Name" to x500Name) - ) - } - } - private fun validateNodeSessionCertificateSubject(x500Name: String): MemberX500Name { - return try { - MemberX500Name.parse(x500Name) - } catch (e: IllegalArgumentException) { - throw InvalidInputDataException( - "The X500 name of the certificate is not a valid Corda X500 name: ${e.message}.", - mapOf("x500Name" to x500Name) - ) - } - } - - private fun validateSessionCertificateSubject( - tenantId: String, - x500Name: String, - ): X500Principal { - val name = validateNodeSessionCertificateSubject(x500Name) - if (tenantId == CryptoTenants.P2P) { - val exists = virtualNodeInfoReadService.getAll().any { - it.holdingIdentity.x500Name == name - } - if (!exists) { - throw InvalidInputDataException( - "Can not generate cluster session certificate with subject $name. No virtual node with that name.", - mapOf("x500Name" to x500Name) - ) - } - } else { - val nodeId = ShortHash.parseOrThrow(tenantId) - val node = virtualNodeInfoReadService.getByHoldingIdentityShortHashOrThrow(nodeId) - if (node.holdingIdentity.x500Name != name) { - throw InvalidInputDataException( - "Can not generate session certificate for ${node.holdingIdentity.x500Name} with subject $name.", - mapOf("x500Name" to x500Name) - ) - } - } - return name.x500Principal - } - - private fun validateTenantId(tenantId: String) { - if (tenantId in allClusterTenants) return - - try { - ShortHash.parse(tenantId) - } catch (e: ShortHashException) { - throw InvalidInputDataException("Provided tenantId $tenantId is not a valid holding identity ID.") - } - - // Check if a virtual node exists for given tenantId, if not, it throws ResourceNotFoundException - virtualNodeInfoReadService.getByHoldingIdentityShortHashOrThrow(tenantId) - } - - private fun validateHostname(hostname: String): Boolean { - return try { - // Using URI parsing instead of DomainValidator because DomainValidator will fail for k8s type host names - URI("https://$hostname:4994/nop").host == hostname - } catch (e: URISyntaxException) { - false - } - } -} diff --git a/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/deprecated/KeysRestResourceImpl.kt b/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/deprecated/KeysRestResourceImpl.kt deleted file mode 100644 index 13e3dfca276..00000000000 --- a/components/membership/membership-rest-impl/src/main/kotlin/net/corda/membership/impl/rest/v1/deprecated/KeysRestResourceImpl.kt +++ /dev/null @@ -1,283 +0,0 @@ -@file:Suppress("DEPRECATION") - -package net.corda.membership.impl.rest.v1.deprecated - -import net.corda.crypto.cipher.suite.KeyEncodingService -import net.corda.crypto.cipher.suite.publicKeyId -import net.corda.crypto.client.CryptoOpsClient -import net.corda.crypto.core.CryptoConsts.Categories.SESSION_INIT -import net.corda.crypto.core.CryptoConsts.SigningKeyFilters.ALIAS_FILTER -import net.corda.crypto.core.CryptoConsts.SigningKeyFilters.CATEGORY_FILTER -import net.corda.crypto.core.CryptoConsts.SigningKeyFilters.CREATED_AFTER_FILTER -import net.corda.crypto.core.CryptoConsts.SigningKeyFilters.CREATED_BEFORE_FILTER -import net.corda.crypto.core.CryptoConsts.SigningKeyFilters.MASTER_KEY_ALIAS_FILTER -import net.corda.crypto.core.CryptoConsts.SigningKeyFilters.SCHEME_CODE_NAME_FILTER -import net.corda.crypto.core.InvalidParamsException -import net.corda.crypto.core.KeyAlreadyExistsException -import net.corda.crypto.core.ShortHash -import net.corda.crypto.core.ShortHashException -import net.corda.data.crypto.wire.CryptoSigningKey -import net.corda.data.crypto.wire.ops.rpc.queries.CryptoKeyOrderBy -import net.corda.libs.platform.PlatformInfoProvider -import net.corda.lifecycle.Lifecycle -import net.corda.lifecycle.LifecycleCoordinatorFactory -import net.corda.lifecycle.LifecycleCoordinatorName -import net.corda.lifecycle.LifecycleStatus -import net.corda.membership.impl.rest.v1.lifecycle.RestResourceLifecycleHandler -import net.corda.membership.rest.v1.KeysRestResource -import net.corda.membership.rest.v1.types.response.KeyMetaData -import net.corda.membership.rest.v1.types.response.KeyPairIdentifier -import net.corda.rest.PluggableRestResource -import net.corda.rest.exception.InvalidInputDataException -import net.corda.rest.exception.ResourceAlreadyExistsException -import net.corda.rest.exception.ResourceNotFoundException -import net.corda.rest.messagebus.MessageBusUtils.tryWithExceptionHandling -import net.corda.virtualnode.read.rest.extensions.createKeyIdOrHttpThrow -import org.osgi.service.component.annotations.Activate -import org.osgi.service.component.annotations.Component -import org.osgi.service.component.annotations.Reference -import org.slf4j.LoggerFactory -import java.time.Instant -import java.time.format.DateTimeParseException - -/* - * Deprecated: - * This version of KeysRestResourceImpl supports endpoints located at v1/keys/ * only. - * From v5_1 upwards, /key/ * is used. Any changes do these resources should be made at [KeyRestResource]. - */ -@Deprecated("Deprecated in favour of KeyRestResourceImpl") -@Component(service = [PluggableRestResource::class]) -class KeysRestResourceImpl @Activate constructor( - @Reference(service = CryptoOpsClient::class) - private val cryptoOpsClient: CryptoOpsClient, - @Reference(service = KeyEncodingService::class) - private val keyEncodingService: KeyEncodingService, - @Reference(service = LifecycleCoordinatorFactory::class) - private val lifecycleCoordinatorFactory: LifecycleCoordinatorFactory, - @Reference(service = PlatformInfoProvider::class) - private val platformInfoProvider: PlatformInfoProvider, -) : KeysRestResource, PluggableRestResource, Lifecycle { - private companion object { - private val logger = LoggerFactory.getLogger(this::class.java.enclosingClass) - - fun CryptoSigningKey.toMetaData() = KeyMetaData( - keyId = this.id, - alias = this.alias, - hsmCategory = this.category.uppercase(), - scheme = this.schemeCodeName, - masterKeyAlias = this.masterKeyAlias, - created = this.created - ) - } - - override fun listSchemes( - tenantId: String, - hsmCategory: String, - ): Collection { - logger.warn("Deprecated, please use next version at /key/{tenantId}/schemes/{hsmCategory}") - - return tryWithExceptionHandling(logger, "list supported schemes for tenant $tenantId") { - cryptoOpsClient.getSupportedSchemes( - tenantId = tenantId, - category = hsmCategory.uppercase() - ) - } - } - - @Suppress("ComplexMethod") - override fun listKeys( - tenantId: String, - skip: Int, - take: Int, - orderBy: String, - category: String?, - schemeCodeName: String?, - alias: String?, - masterKeyAlias: String?, - createdAfter: String?, - createdBefore: String?, - ids: List?, - ): Map { - logger.warn("Deprecated, please use next version at /key/{tenantId}") - - if (ids?.isNotEmpty() == true) { - return tryWithExceptionHandling(logger, "lookup keys for tenant $tenantId") { - cryptoOpsClient.lookupKeysByIds( - tenantId = tenantId, - keyIds = ids.map { createKeyIdOrHttpThrow(it) } - ) - }.associate { it.id to it.toMetaData() } - } - val realOrderBy = try { - CryptoKeyOrderBy.valueOf(orderBy.uppercase()) - } catch (e: IllegalArgumentException) { - throw ResourceNotFoundException( - "Invalid order by: $orderBy, must be one of: ${ - CryptoKeyOrderBy.values().joinToString() - }" - ) - } - val filterMap = emptyMap().let { - if (category != null) { - it + mapOf(CATEGORY_FILTER to category.uppercase()) - } else { - it - } - }.let { - if (schemeCodeName != null) { - it + mapOf(SCHEME_CODE_NAME_FILTER to schemeCodeName) - } else { - it - } - }.let { - if (alias != null) { - it + mapOf(ALIAS_FILTER to alias) - } else { - it - } - }.let { - if (masterKeyAlias != null) { - it + mapOf(MASTER_KEY_ALIAS_FILTER to masterKeyAlias) - } else { - it - } - }.let { - if (createdBefore != null) { - try { - Instant.parse(createdBefore) - } catch (e: DateTimeParseException) { - throw ResourceNotFoundException("Invalid created before time ($createdBefore)") - } - it + mapOf(CREATED_BEFORE_FILTER to createdBefore.toString()) - } else { - it - } - }.let { - if (createdAfter != null) { - try { - Instant.parse(createdAfter) - } catch (e: DateTimeParseException) { - throw ResourceNotFoundException("Invalid created after time ($createdAfter)") - } - it + mapOf(CREATED_AFTER_FILTER to createdAfter.toString()) - } else { - it - } - } - - return tryWithExceptionHandling(logger, "lookup keys for tenant $tenantId") { - cryptoOpsClient.lookup( - tenantId, - skip, - take, - realOrderBy, - filterMap, - ) - }.associate { it.id to it.toMetaData() } - } - - override fun generateKeyPair( - tenantId: String, - alias: String, - hsmCategory: String, - scheme: String - ): KeyPairIdentifier { - logger.warn("Deprecated, please use next version at /key/{tenantId}/alias/{alias}/category/{hsmCategory}/scheme/{scheme}") - - if (alias.isBlank()) { - throw InvalidInputDataException( - details = mapOf("alias" to "Empty alias") - ) - } - if (hsmCategory == SESSION_INIT) { - try { - ShortHash.parse(tenantId) - } catch (e: ShortHashException) { - throw InvalidInputDataException( - "Could not create a session init key with a cluster tenant ID.", - details = mapOf("tenantId" to "Invalid tenantId"), - ) - } - } - return try { - KeyPairIdentifier( - tryWithExceptionHandling( - logger, - "generate key pair for tenant $tenantId", - untranslatedExceptions = setOf( - KeyAlreadyExistsException::class.java, - InvalidParamsException::class.java - ) - ) { - cryptoOpsClient.generateKeyPair( - tenantId = tenantId, - category = hsmCategory.uppercase(), - alias = alias, - scheme = scheme, - ) - }.publicKeyId() - ) - } catch (e: KeyAlreadyExistsException) { - throw ResourceAlreadyExistsException(e.message!!) - } catch (e: InvalidParamsException) { - throw InvalidInputDataException(e.message!!) - } - } - - override fun generateKeyPem( - tenantId: String, - keyId: String, - ): String { - logger.warn("Deprecated, please use next version at /key/{tenantId}/{keyId}") - - val key = tryWithExceptionHandling(logger, "lookup keys for tenant $tenantId") { - cryptoOpsClient.lookupKeysByIds( - tenantId = tenantId, - keyIds = listOf(createKeyIdOrHttpThrow(keyId)) - ) - }.firstOrNull() ?: throw ResourceNotFoundException("Can not find any key with ID $keyId for $tenantId") - - val publicKey = keyEncodingService.decodePublicKey(key.publicKey.array()) - return keyEncodingService.encodeAsString(publicKey) - } - - override val targetInterface = KeysRestResource::class.java - - override val protocolVersion get() = platformInfoProvider.localWorkerPlatformVersion - - private val coordinatorName = LifecycleCoordinatorName.forComponent( - protocolVersion.toString() - ) - - private fun updateStatus(status: LifecycleStatus, reason: String) { - coordinator.updateStatus(status, reason) - } - - private fun activate(reason: String) { - updateStatus(LifecycleStatus.UP, reason) - } - - private fun deactivate(reason: String) { - updateStatus(LifecycleStatus.DOWN, reason) - } - - private val lifecycleHandler = RestResourceLifecycleHandler( - ::activate, - ::deactivate, - setOf( - LifecycleCoordinatorName.forComponent(), - ) - ) - private val coordinator = lifecycleCoordinatorFactory.createCoordinator(coordinatorName, lifecycleHandler) - - override val isRunning - get() = coordinator.status == LifecycleStatus.UP - - override fun start() { - coordinator.start() - } - - override fun stop() { - coordinator.stop() - } -} diff --git a/components/membership/membership-rest-impl/src/test/kotlin/net/corda/membership/impl/rest/v1/MGMRestResourceTest.kt b/components/membership/membership-rest-impl/src/test/kotlin/net/corda/membership/impl/rest/v1/MGMRestResourceTest.kt index c3897824230..0ee78411bf3 100644 --- a/components/membership/membership-rest-impl/src/test/kotlin/net/corda/membership/impl/rest/v1/MGMRestResourceTest.kt +++ b/components/membership/membership-rest-impl/src/test/kotlin/net/corda/membership/impl/rest/v1/MGMRestResourceTest.kt @@ -52,7 +52,6 @@ import org.junit.jupiter.api.Assertions.assertTrue import org.junit.jupiter.api.BeforeEach import org.junit.jupiter.api.Nested import org.junit.jupiter.api.Test -import org.junit.jupiter.api.assertDoesNotThrow import org.junit.jupiter.api.assertThrows import org.mockito.kotlin.any import org.mockito.kotlin.anyOrNull @@ -119,8 +118,6 @@ class MGMRestResourceTest { private val initialTime = Instant.parse("2007-12-03T00:00:00.00Z") private val manualDeclinationReason = REASON private val suspensionActivationParameters = SuspensionActivationParameters(subject, 1, REASON) - private val deprecatedSuspensionActivationParameters = - SuspensionActivationParameters(subject, 1, REASON) private val deserializer = mock>() private val cordaAvroSerializationFactory = mock { on { createAvroDeserializer(any(), eq(KeyValuePairList::class.java)) } doReturn deserializer @@ -1322,19 +1319,6 @@ class MGMRestResourceTest { ) } - @Test - fun `deprecated suspendMember delegates correctly to mgm resource client`() { - @Suppress("deprecation") - mgmRestResource.suspendMember(HOLDING_IDENTITY_ID, deprecatedSuspensionActivationParameters) - - verify(mgmResourceClient).suspendMember( - (ShortHash.of(HOLDING_IDENTITY_ID)), - MemberX500Name.parse(subject), - SERIAL, - REASON - ) - } - @Test fun `suspendMember throws resource not found for invalid member`() { whenever( @@ -1466,14 +1450,6 @@ class MGMRestResourceTest { mgmRestResource.suspendMember(HOLDING_IDENTITY_ID, SuspensionActivationParameters(subject)) } } - - @Test - fun `deprecatedSuspendMember does not throw when serial number is null`() { - assertDoesNotThrow { - @Suppress("DEPRECATION") - mgmRestResource.deprecatedSuspendMember(HOLDING_IDENTITY_ID, SuspensionActivationParameters(subject)) - } - } } @Nested @@ -1496,19 +1472,6 @@ class MGMRestResourceTest { ) } - @Test - fun `deprecated activateMember delegates correctly to mgm resource client`() { - @Suppress("deprecation") - mgmRestResource.activateMember(HOLDING_IDENTITY_ID, deprecatedSuspensionActivationParameters) - - verify(mgmResourceClient).activateMember( - (ShortHash.of(HOLDING_IDENTITY_ID)), - MemberX500Name.parse(subject), - SERIAL, - REASON - ) - } - @Test fun `activateMember throws resource not found for invalid member`() { whenever( @@ -1640,14 +1603,6 @@ class MGMRestResourceTest { mgmRestResource.activateMember(HOLDING_IDENTITY_ID, SuspensionActivationParameters(subject)) } } - - @Test - fun `deprecatedActivateMember does not throw when serial number is null`() { - assertDoesNotThrow { - @Suppress("DEPRECATION") - mgmRestResource.deprecatedActivateMember(HOLDING_IDENTITY_ID, SuspensionActivationParameters(subject)) - } - } } @Nested diff --git a/components/membership/membership-rest-impl/src/test/kotlin/net/corda/membership/impl/rest/v1/MemberLookupRestResourceTest.kt b/components/membership/membership-rest-impl/src/test/kotlin/net/corda/membership/impl/rest/v1/MemberLookupRestResourceTest.kt index 2256204cf15..aa390559c6b 100644 --- a/components/membership/membership-rest-impl/src/test/kotlin/net/corda/membership/impl/rest/v1/MemberLookupRestResourceTest.kt +++ b/components/membership/membership-rest-impl/src/test/kotlin/net/corda/membership/impl/rest/v1/MemberLookupRestResourceTest.kt @@ -38,7 +38,6 @@ import net.corda.membership.read.MembershipGroupReaderProvider import net.corda.membership.rest.v1.types.response.RestMemberInfo import net.corda.rest.exception.BadRequestException import net.corda.rest.exception.ResourceNotFoundException -import net.corda.rest.exception.ServiceUnavailableException import net.corda.test.util.identity.createTestHoldingIdentity import net.corda.test.util.time.TestClock import net.corda.v5.membership.MemberInfo @@ -59,7 +58,6 @@ import java.security.PublicKey import java.time.Instant import java.util.UUID -@Suppress("deprecation") // supressing in order to be able to unit test deprecated methods class MemberLookupRestResourceTest { private companion object { const val KNOWN_KEY = "12345" @@ -256,13 +254,6 @@ class MemberLookupRestResourceTest { assertThat(memberLookupRestResource.isRunning).isFalse } - @Test - fun `exception should be thrown when service is not running`() { - val ex = - assertThrows { memberLookupRestResource.lookup(BAD_HOLDING_IDENTITY.value) } - assertThat(ex).hasMessageContaining("MemberLookupRestResourceImpl") - } - @Nested inner class LookupTests { @@ -443,7 +434,7 @@ class MemberLookupRestResourceTest { } @Test - fun `lookup does not return same member when it's suspended`() { + fun `lookup returns same member even when it's suspended`() { whenever(virtualNodeInfoReadService.getByHoldingIdentityShortHash(ShortHash.of(HOLDING_IDENTITY_STRING))) .thenReturn( VirtualNodeInfo( @@ -461,7 +452,7 @@ class MemberLookupRestResourceTest { val result1 = memberLookupRestResource.lookup(HOLDING_IDENTITY_STRING, statuses = listOf(MEMBER_STATUS_SUSPENDED)) - assertThat(result1.members).isEmpty() + assertThat(result1.members).containsExactlyInAnyOrder(charlieResult) } @Test @@ -483,226 +474,6 @@ class MemberLookupRestResourceTest { } } - @Nested - inner class Lookupv5_1Tests { - - @BeforeEach - fun setUp() = startService() - - @AfterEach - fun tearDown() = stopService() - - @Test - fun `unfiltered lookupv5_1 returns a list of all active members and their contexts`() { - val result = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING).members - - assertThat(result).containsExactlyInAnyOrder(aliceResult, bobResult) - - whenever(groupReader.lookup(MembershipStatusFilter.ACTIVE_OR_SUSPENDED)) - .doReturn(listOf(mgm, alice, bob, charlie)) - - val result2 = memberLookupRestResource.lookupV51( - MGM_HOLDING_IDENTITY_STRING, - ).members - - assertThat(result2).containsExactlyInAnyOrder(aliceResult, bobResult, mgmResult) - } - - @Test - fun `lookupv5_1 filtered by common name (CN) is case-insensitive and returns a list of members and their contexts`() { - val result1 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, commonName = "bob") - - assertThat(result1.members).containsExactlyInAnyOrder(bobResult) - - val result2 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, commonName = "BOB") - - assertThat(result2.members).containsExactlyInAnyOrder(bobResult) - } - - @Test - fun `lookupv5_1 filtered by organization (O) is case-insensitive and returns a list of members and their contexts`() { - val result1 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, organization = "ALICE") - - assertThat(result1.members).containsExactlyInAnyOrder(aliceResult) - - val result2 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, organization = "alice") - - assertThat(result2.members).containsExactlyInAnyOrder(aliceResult) - } - - @Test - fun `lookupv5_1 filtered by organization unit (OU) is case-insensitive and returns a list of members and their contexts`() { - val result1 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, organizationUnit = "unit2") - - assertThat(result1.members).containsExactlyInAnyOrder(bobResult) - - val result2 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, organizationUnit = "UNIT2") - - assertThat(result2.members).containsExactlyInAnyOrder(bobResult) - } - - @Test - fun `lookupv5_1 filtered by locality (L) is case-insensitive and returns a list of members and their contexts`() { - val result1 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, locality = "london") - - assertThat(result1.members).containsExactlyInAnyOrder(aliceResult) - - val result2 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, locality = "LONDON") - - assertThat(result2.members).containsExactlyInAnyOrder(aliceResult) - } - - @Test - fun `lookupv5_1 filtered by state (ST) is case-insensitive and returns a list of members and their contexts`() { - val result1 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, state = "state2") - - assertThat(result1.members).containsExactlyInAnyOrder(bobResult) - - val result2 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, state = "state2") - - assertThat(result2.members).containsExactlyInAnyOrder(bobResult) - } - - @Test - fun `lookupv5_1 filtered by country (C) is case-insensitive and returns a list of members and their contexts`() { - val result1 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, country = "gb") - - assertThat(result1.members).containsExactlyInAnyOrder(aliceResult) - - val result2 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, country = "GB") - - assertThat(result2.members).containsExactlyInAnyOrder(aliceResult) - } - - @Test - fun `lookupv5_1 filtered by all attributes is case-insensitive and returns a list of members and their contexts`() { - val result1 = memberLookupRestResource.lookupV51( - HOLDING_IDENTITY_STRING, - "bob", - "bob", - "unit2", - "dublin", - "state2", - "ie" - ) - - assertThat(result1.members).containsExactlyInAnyOrder(bobResult) - - val result2 = memberLookupRestResource.lookupV51( - HOLDING_IDENTITY_STRING, - "BOB", - "BOB", - "UNIT2", - "DUBLIN", - "STATE2", - "IE" - ) - - assertThat(result2.members).containsExactlyInAnyOrder(bobResult) - } - - @Test - fun `lookupv5_1 by member filtered by statuses returns active members but not suspended members`() { - val result1 = memberLookupRestResource.lookupV51( - HOLDING_IDENTITY_STRING, - statuses = listOf(MEMBER_STATUS_ACTIVE) - ) - - assertThat(result1.members).containsExactlyInAnyOrder(aliceResult, bobResult) - - val result2 = memberLookupRestResource.lookupV51( - HOLDING_IDENTITY_STRING, - statuses = listOf(MEMBER_STATUS_SUSPENDED) - ) - - assertThat(result2.members).isEmpty() - - val result3 = memberLookupRestResource.lookupV51( - HOLDING_IDENTITY_STRING, - statuses = listOf(MEMBER_STATUS_ACTIVE, MEMBER_STATUS_SUSPENDED) - ) - - assertThat(result3.members).containsExactlyInAnyOrder(aliceResult, bobResult) - } - - @Test - fun `lookupv5_1 by MGM filtered by statuses returns a list of members and their contexts`() { - whenever(groupReader.lookup(MembershipStatusFilter.ACTIVE_OR_SUSPENDED)) - .doReturn(setOf(mgm, alice, bob, charlie)) - - val result1 = memberLookupRestResource.lookupV51( - MGM_HOLDING_IDENTITY_STRING, - statuses = listOf(MEMBER_STATUS_ACTIVE) - ) - - assertThat(result1.members).containsExactlyInAnyOrder(aliceResult, bobResult, mgmResult) - - val result2 = memberLookupRestResource.lookupV51( - MGM_HOLDING_IDENTITY_STRING, - statuses = listOf(MEMBER_STATUS_SUSPENDED) - ) - - assertThat(result2.members).containsExactlyInAnyOrder(charlieResult) - - val result3 = memberLookupRestResource.lookupV51( - MGM_HOLDING_IDENTITY_STRING, - statuses = listOf(MEMBER_STATUS_ACTIVE, MEMBER_STATUS_SUSPENDED) - ) - - assertThat(result3.members).containsExactlyInAnyOrder(aliceResult, bobResult, charlieResult, mgmResult) - } - - @Test - fun `lookupv5_1 filtered by statuses is case-insensitive`() { - val result1 = memberLookupRestResource.lookupV51( - HOLDING_IDENTITY_STRING, - statuses = listOf(MEMBER_STATUS_ACTIVE.lowercase()) - ) - - assertThat(result1.members).containsExactlyInAnyOrder(aliceResult, bobResult) - } - - @Test - fun `lookupv5_1 returns same member even when it's suspended`() { - whenever(virtualNodeInfoReadService.getByHoldingIdentityShortHash(ShortHash.of(HOLDING_IDENTITY_STRING))) - .thenReturn( - VirtualNodeInfo( - createTestHoldingIdentity(charlie.name.toString(), "DEFAULT_MEMBER_GROUP_ID"), - CpiIdentifier("test", "test", SecureHashImpl("algorithm", "1234".toByteArray())), - null, - UUID.randomUUID(), - null, - UUID.randomUUID(), - null, - UUID.randomUUID(), - timestamp = Instant.now() - ) - ) - - val result1 = memberLookupRestResource.lookupV51(HOLDING_IDENTITY_STRING, statuses = listOf(MEMBER_STATUS_SUSPENDED)) - - assertThat(result1.members).containsExactlyInAnyOrder(charlieResult) - } - - @Test - fun `lookupv5_1 should fail when invalid statuses are used`() { - val exception = assertThrows { - memberLookupRestResource.lookupV51( - HOLDING_IDENTITY_STRING, - statuses = listOf("invalid-status") - ) - } - assertThat(exception).hasMessageContaining("Invalid status") - } - - @Test - fun `lookupv5_1 should fail when non-existent holding identity is used`() { - val ex = - assertThrows { memberLookupRestResource.lookupV51(BAD_HOLDING_IDENTITY.value) } - assertThat(ex).hasMessageContaining("Could not find holding identity") - } - } - @Nested inner class ViewGroupParametersTests { diff --git a/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/CertificatesRestResource.kt b/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/CertificatesRestResource.kt deleted file mode 100644 index a5cdf414f13..00000000000 --- a/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/CertificatesRestResource.kt +++ /dev/null @@ -1,316 +0,0 @@ -package net.corda.membership.rest.v1 - -import net.corda.rest.HttpFileUpload -import net.corda.rest.RestResource -import net.corda.rest.annotations.ClientRequestBodyParameter -import net.corda.rest.annotations.HttpGET -import net.corda.rest.annotations.HttpPOST -import net.corda.rest.annotations.HttpPUT -import net.corda.rest.annotations.HttpRestResource -import net.corda.rest.annotations.RestApiVersion -import net.corda.rest.annotations.RestPathParameter - -/** - * Deprecated: - * This version of CertificatesRestResource supports endpoints located at v1/certificates/ * only - * From v5_1 upwards, /certificate/ * is used. Any changes do these resources should be made at [CertificateRestResource]. - * - * The Certificates API consists of endpoints used to work with certificates and related operations. The API allows you - * to import a certificate chain, and generate a certificate signing request (CSR) to be submitted to a certificate - * authority (CA). - */ -@Deprecated("Deprecated in favour of CertificateRestResource") -@HttpRestResource( - name = "Certificates", - description = "The Certificates API consists of endpoints used to work with certificates and related operations. " + - "The API allows you to import a certificate chain, and generate a certificate signing request (CSR) to be" + - " submitted to a certificate authority (CA).", - path = "certificates", - minVersion = RestApiVersion.C5_0, - maxVersion = RestApiVersion.C5_0 -) -interface CertificatesRestResource : RestResource { - companion object { - const val SIGNATURE_SPEC = "signatureSpec" - } - - /** - * The [importCertificateChain] method enables you to import a cluster level certificate chain. A certificate chain - * can be obtained from a certificate authority by submitting a certificate signing request (see [generateCsr] - * method). This method does not return anything if the import is successful. - * - * Example usage: - * ``` - * certificatesOps.importCertificateChain(usage = "p2p-tls", alias = "cert58B6030FABDD", - * certificates = "-----BEGIN CERTIFICATE-----\n{truncated for readability}\n-----END CERTIFICATE-----") - * ``` - * - * @param usage The certificate usage. Can be: - * * 'p2p-tls' for a TLS certificate to be used in P2P communication. - * * 'p2p-session' for a session certificate to be used in P2P communication. - * * 'rest-tls' for a TLS certificate to be used in REST communication. - * * 'code-signer' for a certificate of the code signing service - * @param alias The unique alias under which the certificate chain will be stored. - * @param certificates A valid certificate chain in PEM format obtained from a certificate authority. - */ - @HttpPUT( - path = "cluster/{usage}", - description = "This method imports a certificate chain for a cluster." - ) - fun importCertificateChain( - @RestPathParameter( - description = "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, " + - "'p2p-session' for a session certificate to be used in P2P communication, " + - "'rest-tls' for a TLS certificate to be used in REST communication, " + - "or 'code-signer' for a certificate of the code signing service." - ) - usage: String, - @ClientRequestBodyParameter( - description = "The unique alias under which the certificate chain will be stored", - required = true, - ) - alias: String, - @ClientRequestBodyParameter( - description = "A valid certificate chain in PEM format obtained from a certificate authority", - required = true, - name = "certificate" - ) - certificates: List, - ) = importCertificateChain( - usage = usage, - alias = alias, - holdingIdentityId = null, - certificates = certificates, - ) - - /** - * The [importCertificateChain] method enables you to import a certificate chain for a virtual node. A certificate chain - * can be obtained from a certificate authority by submitting a certificate signing request (see [generateCsr] - * method). This method does not return anything if the import is successful. - * - * Example usage: - * ``` - * certificatesOps.importCertificateChain(usage = "rest-tls", alias = "cert58B6030FABDD", - * holdingIdentityId = "58B6030FABDD", - * certificates = "-----BEGIN CERTIFICATE-----\n{truncated for readability}\n-----END CERTIFICATE-----") - * ``` - * - * @param usage The certificate usage. Can be: - * * 'p2p-tls' for a TLS certificate to be used in P2P communication. - * * 'p2p-session' for a session certificate to be used in P2P communication. - * * 'rest-tls' for a TLS certificate to be used in REST communication. - * * 'code-signer' for a certificate of the code signing service - * @param holdingIdentityId The holding identity of the virtual node that own the certificate. - * @param alias The unique alias under which the certificate chain will be stored. - * @param certificates A valid certificate chain in PEM format obtained from a certificate authority. - */ - @HttpPUT( - path = "vnode/{holdingIdentityId}/{usage}", - description = "This method imports a certificate chain for a virtual node." - ) - fun importCertificateChain( - @RestPathParameter( - description = "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, " + - "'p2p-session' for a session certificate to be used in P2P communication, " + - "'rest-tls' for a TLS certificate to be used in REST communication, " + - "or 'code-signer' for a certificate of the code signing service." - ) - usage: String, - @RestPathParameter( - description = "The certificate holding identity ID", - ) - holdingIdentityId: String?, - @ClientRequestBodyParameter( - description = "The unique alias under which the certificate chain will be stored", - required = true, - ) - alias: String, - @ClientRequestBodyParameter( - description = "A valid certificate chain in PEM format obtained from a certificate authority", - required = true, - name = "certificate" - ) - certificates: List, - ) - - /** - * The [getCertificateAliases] method enables you to get the aliases of all the cluster level certificate chains. - * - * @param usage The certificate usage. Can be: - * * 'p2p-tls' for a TLS certificate to be used in P2P communication. - * * 'p2p-session' for a session certificate to be used in P2P communication. - * * 'rest-tls' for a TLS certificate to be used in REST communication. - * * 'code-signer' for a certificate of the code signing service - * @return A list of the cluster level certificates aliases in the usage. - */ - @HttpGET( - path = "cluster/{usage}", - description = "This method gets the certificate chain aliases for a cluster.", - responseDescription = "The cluster level certificates aliases in the usage.", - ) - fun getCertificateAliases( - @RestPathParameter( - description = "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, " + - "'p2p-session' for a session certificate to be used in P2P communication, " + - "'rest-tls' for a TLS certificate to be used in REST communication, " + - "or 'code-signer' for a certificate of the code signing service." - ) - usage: String, - ): List = getCertificateAliases( - usage = usage, - holdingIdentityId = null, - ) - - /** - * The [getCertificateAliases] method enables you to get the virtual node certificate aliases. - * - * @param usage The certificate usage. Can be: - * * 'p2p-tls' for a TLS certificate to be used in P2P communication. - * * 'p2p-session' for a session certificate to be used in P2P communication. - * * 'rest-tls' for a TLS certificate to be used in REST communication. - * * 'code-signer' for a certificate of the code signing service - * @param holdingIdentityId The holding identity of the virtual node that owns the certificate. - * @return A list of the virtual node certificates aliases in the usage. - */ - @HttpGET( - path = "vnode/{holdingIdentityId}/{usage}", - description = "This method gets the certificate chain aliases for a virtual node.", - responseDescription = "The virtual node certificates aliases in the usage.", - ) - fun getCertificateAliases( - @RestPathParameter( - description = "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, " + - "'p2p-session' for a session certificate to be used in P2P communication, " + - "'rest-tls' for a TLS certificate to be used in REST communication, " + - "or 'code-signer' for a certificate of the code signing service." - ) - usage: String, - @RestPathParameter( - description = "Holding identity ID of the virtual node that owns the certificate.", - ) - holdingIdentityId: String?, - ): List - - /** - * The [getCertificateChain] method enables you to get a specific certificate chain by alias in PEM format. - * - * @param usage The certificate usage. Can be: - * * 'p2p-tls' for a TLS certificate to be used in P2P communication. - * * 'p2p-session' for a session certificate to be used in P2P communication. - * * 'rest-tls' for a TLS certificate to be used in REST communication. - * * 'code-signer' for a certificate of the code signing service - * @param alias The unique certificate chain alias - * @return The certificate in PEM format. - */ - @HttpGET( - path = "cluster/{usage}/{alias}", - description = "This method gets the certificate chain in PEM format for a cluster.", - responseDescription = "The certificate in PEM format.", - ) - fun getCertificateChain( - @RestPathParameter( - description = "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, " + - "'p2p-session' for a session certificate to be used in P2P communication, " + - "'rest-tls' for a TLS certificate to be used in REST communication, " + - "or 'code-signer' for a certificate of the code signing service." - ) - usage: String, - @RestPathParameter( - description = "The certificate chain unique alias." - ) - alias: String, - ): String = getCertificateChain( - usage = usage, - alias = alias, - holdingIdentityId = null, - ) - - /** - * The [getCertificateAliases] method enables you to get the virtual node certificate chain in PEM format. - * - * @param usage The certificate usage. Can be: - * * 'p2p-tls' for a TLS certificate to be used in P2P communication. - * * 'p2p-session' for a session certificate to be used in P2P communication. - * * 'rest-tls' for a TLS certificate to be used in REST communication. - * * 'code-signer' for a certificate of the code signing service - * @param alias The unique certificate chain alias - * @param holdingIdentityId The holding identity of the virtual node that own the certificate. - * @return The certificate in PEM format. - */ - @HttpGET( - path = "vnode/{holdingIdentityId}/{usage}/{alias}", - description = "This method gets the certificate chain in PEM format for a virtual node.", - responseDescription = "The certificate in PEM format.", - ) - fun getCertificateChain( - @RestPathParameter( - description = "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, " + - "'p2p-session' for a session certificate to be used in P2P communication, " + - "'rest-tls' for a TLS certificate to be used in REST communication, " + - "or 'code-signer' for a certificate of the code signing service." - ) - usage: String, - @RestPathParameter( - description = "The certificate holding identity ID", - ) - holdingIdentityId: String?, - @RestPathParameter( - description = "The certificate chain unique alias." - ) - alias: String, - ): String - - /** - * The [generateCsr] method enables you to generate a certificate signing request (CSR) for a tenant. The resulting - * CSR is typically submitted to a certificate authority to acquire a signed certificate. If successful, this method - * returns the generated CSR in PEM format. - * - * Example usage: - * ``` - * certificatesOps.generateCsr(tenantId = "58B6030FABDD", keyId = "3B9A266F96E2", x500Name = "C=GB, L=London, O=MGM", - * subjectAlternativeNames = ["localhost"], contextMap = {"signatureSpec": "SHA256withECDSA"}) - * - * certificatesOps.generateCsr(tenantId = "p2p", keyId = "3B9A266F96E2", x500Name = "C=GB, L=London, O=MGM", - * subjectAlternativeNames = ["localhost"], contextMap = {"signatureSpec": "SHA256withECDSA"}) - * ``` - * - * @param tenantId Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P - * services. - * @param keyId Identifier of the public key that will be included in the certificate. - * @param x500Name The X.500 name that will be the subject associated with the request. - * @param subjectAlternativeNames Optional. Used to specify additional subject names. - * @param contextMap Optional. Used to add additional attributes to the CSR; for example, signature spec. - * - * @return The CSR in PEM format. - */ - @Suppress("LongParameterList") - @HttpPOST( - path = "{tenantId}/{keyId}", - description = "This method enables you to generate a certificate signing request (CSR) for a tenant.", - responseDescription = "The CSR in PEM format.", - ) - fun generateCsr( - @RestPathParameter( - description = "Can either be a holding identity ID or the value 'p2p' for a cluster-level" + - " tenant of the P2P services" - ) - tenantId: String, - @RestPathParameter(description = "Identifier of the public key that will be included in the certificate") - keyId: String, - @ClientRequestBodyParameter( - description = "The X.500 name that will be the subject associated with the request", - required = true, - ) - x500Name: String, - @ClientRequestBodyParameter( - description = "Used to specify additional subject names", - required = false, - ) - subjectAlternativeNames: List?, - @ClientRequestBodyParameter( - description = "Used to add additional attributes to the CSR; for example, signature spec", - required = false, - ) - contextMap: Map?, - ): String -} diff --git a/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/KeysRestResource.kt b/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/KeysRestResource.kt deleted file mode 100644 index e7be89dbfda..00000000000 --- a/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/KeysRestResource.kt +++ /dev/null @@ -1,271 +0,0 @@ -package net.corda.membership.rest.v1 - -import net.corda.membership.rest.v1.types.response.KeyMetaData -import net.corda.membership.rest.v1.types.response.KeyPairIdentifier -import net.corda.rest.RestResource -import net.corda.rest.annotations.HttpGET -import net.corda.rest.annotations.HttpPOST -import net.corda.rest.annotations.HttpRestResource -import net.corda.rest.annotations.RestApiVersion -import net.corda.rest.annotations.RestPathParameter -import net.corda.rest.annotations.RestQueryParameter - -/** - * Deprecated: - * This version of KeysRestResource supports endpoints located at v1/keys/ * only. - * From v5_1 upwards, /key/ * is used. Any changes do these resources should be made at [KeyRestResource]. - * - * The Keys Management API consists of endpoints used to manage public and private key pairs. The API - * allows you to list scheme codes which are supported by the associated HSM integration, retrieve information about - * key pairs owned by a tenant, generate a key pair for a tenant, and retrieve a tenant's public key in PEM format. - */ -@Deprecated("Deprecated in favour of KeyRestResource") -@HttpRestResource( - name = "Keys Management", - description = "The Keys Management API consists of endpoints used to manage public and private key pairs. The API" + - " allows you to list scheme codes which are supported by the associated HSM integration, retrieve" + - " information about key pairs owned by a tenant, generate a key pair for a tenant, and retrieve a tenant's" + - " public key in PEM format.", - path = "keys", - minVersion = RestApiVersion.C5_0, - maxVersion = RestApiVersion.C5_0 -) -interface KeysRestResource : RestResource { - /** - * The [listSchemes] method enables you to retrieve a list of supported key schemes for a specified tenant and HSM - * category. Some examples of schemes are 'CORDA.RSA', 'CORDA.ECDSA.SECP256K1', 'CORDA.ECDSA.SECP256R1', 'CORDA.EDDSA.ED25519', - * 'CORDA.SPHINCS-256'. - * - * Example usage: - * ``` - * keysOps.listSchemes(tenantId = "58B6030FABDD", hsmCategory = "SESSION_INIT") - * - * keysOps.listSchemes(tenantId = "p2p", hsmCategory = "SESSION_INIT") - * ``` - * - * @param tenantId Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P - * services. - * @param hsmCategory Can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', or 'JWT_KEY'. - * - * @return The list of scheme codes which are supported by the associated HSM integration. - */ - @HttpGET( - path = "{tenantId}/schemes/{hsmCategory}", - description = "This method retrieves a list of supported key schemes for a specified tenant and HSM category.", - responseDescription = "The list of scheme codes which are supported by the associated HSM integration" - ) - fun listSchemes( - @RestPathParameter( - description = "Can either be a holding identity ID or the value 'p2p' for a cluster-level" + - " tenant of the P2P services" - ) - tenantId: String, - @RestPathParameter( - description = "The category of the HSM. Can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY'," + - " 'SESSION_INIT', 'TLS', or 'JWT_KEY'" - ) - hsmCategory: String, - ): Collection - - /** - * The [listKeys] method enables you to retrieve information about a list of key pairs belonging to a tenant. - * The returned list may be filtered and/or ordered as required by passing a list of key IDs, or specifying one or - * more of the optional parameters. - * - * Example usage: - * - * 1. Retrieve information about key pairs belonging to the tenant with holding identity ID '58B6030FABDD'. - * Only return information about key pairs under the 'CI' HSM category, skip the first 4 key pair records and - * return up to 400 key pair records, ordered according to their aliases. - * ``` - * keysOps.listKeys(tenantId = "58B6030FABDD", skip = 4, take = 400, orderBy = "ALIAS", category = CI, alias = null, - * masterKeyAlias = null, createdAfter = null, createdBefore = null, schemeCodeName = null, ids = emptyList()) - * ``` - * 2. Retrieve information about key pairs belonging to the 'p2p' tenant associated with the key IDs - * '3B9A266F96E2' and '4A9A266F96E2'. - * ``` - * keysOps.listKeys(tenantId = "p2p", skip = null, take = null, orderBy = null, category = null, - * alias = null, masterKeyAlias = null, createdAfter = null, createdBefore = null, schemeCodeName = null, - * ids = ["3B9A266F96E2", "4A9A266F96E2"]) - * ``` - * - * @param tenantId Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P - * services. - * @param skip Optional. The response paging information, number of records to skip. - * @param take Optional. The response paging information, that is, the number of records to return. The actual - * number returned may be less than requested. - * @param orderBy Optional. Specifies how to order the results. Can be one of 'NONE', 'TIMESTAMP', 'CATEGORY', 'SCHEME_CODE_NAME', - * 'ALIAS', 'MASTER_KEY_ALIAS', 'EXTERNAL_ID', 'ID', 'TIMESTAMP_DESC', 'CATEGORY_DESC', 'SCHEME_CODE_NAME_DESC', 'ALIAS_DESC', - * 'MASTER_KEY_ALIAS_DESC', 'EXTERNAL_ID_DESC', 'ID_DESC'. - * @param category Optional. Category of the HSM which handles the key pairs. Can be one of 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', - * 'SESSION_INIT', 'TLS', 'JWT_KEY'. - * @param schemeCodeName Optional. The key pairs' signature scheme name. For example, 'CORDA.RSA', 'CORDA.ECDSA.SECP256K1', - * 'CORDA.ECDSA.SECP256R1', 'CORDA.EDDSA.ED25519', 'CORDA.SPHINCS-256'. - * @param alias Optional. The alias under which the key pair is stored. - * @param masterKeyAlias Optional. The alias of the wrapping key. - * @param createdAfter Optional. Only include key pairs which were created on or after the specified time. Must be a - * valid instant in UTC, such as 2022-12-03T10:15:30.00Z. - * @param createdBefore Optional. Only include key pairs which were created on or before the specified time. Must be a - * valid instant in UTC, such as 2022-12-03T10:15:30.00Z. - * @param ids Optional. Only include key pairs associated with the specified list of key IDs. If specified, other filter - * parameters will be ignored. - * - * @return A map of key IDs to the respective key pair information ([KeyMetaData]). - */ - @HttpGET( - path = "{tenantId}", - description = "This method retrieves information about a list of key pairs belonging to a tenant.", - responseDescription = "A map of key IDs to the respective key pair information" - ) - @Suppress("LongParameterList") - fun listKeys( - @RestPathParameter( - description = "Can either be a holding identity ID or the value 'p2p' for a cluster-level" + - " tenant of the P2P services" - ) - tenantId: String, - @RestQueryParameter( - description = "The response paging information, number of records to skip", - default = "0", - required = false, - ) - skip: Int, - @RestQueryParameter( - description = "The response paging information, that is, the number of records to return. The actual number" + - " returned may be less than requested.", - default = "20", - required = false, - ) - take: Int, - @RestQueryParameter( - description = "Specifies how to order the results. Can be one of 'NONE', 'TIMESTAMP', 'CATEGORY'," + - " 'SCHEME_CODE_NAME', 'ALIAS', 'MASTER_KEY_ALIAS', 'EXTERNAL_ID', 'ID', 'TIMESTAMP_DESC'," + - " 'CATEGORY_DESC', 'SCHEME_CODE_NAME_DESC', 'ALIAS_DESC', 'MASTER_KEY_ALIAS_DESC', 'EXTERNAL_ID_DESC'," + - " 'ID_DESC'.", - default = "none", - required = false, - ) - orderBy: String, - @RestQueryParameter( - description = "Category of the HSM which handles the key pairs. Can be one of 'ACCOUNTS', 'CI', 'LEDGER'," + - " 'NOTARY', 'SESSION_INIT', 'TLS', 'JWT_KEY'.", - required = false, - ) - category: String?, - @RestQueryParameter( - description = "The key pairs' signature scheme name. For example, 'CORDA.RSA', 'CORDA.ECDSA.SECP256K1'," + - " 'CORDA.ECDSA.SECP256R1', 'CORDA.EDDSA.ED25519', 'CORDA.SPHINCS-256'.", - required = false, - ) - schemeCodeName: String?, - @RestQueryParameter( - description = "The alias under which the key pair is stored", - required = false, - ) - alias: String?, - @RestQueryParameter( - description = "The alias of the wrapping key", - required = false, - ) - masterKeyAlias: String?, - @RestQueryParameter( - description = "Only include key pairs which were created on or after the specified time. Must be a valid instant" + - " in UTC, such as 2022-12-03T10:15:30.00Z.", - required = false, - ) - createdAfter: String?, - @RestQueryParameter( - description = "Only include key pairs which were created on or before the specified time. Must be a valid instant" + - " in UTC, such as 2022-12-03T10:15:30.00Z.", - required = false, - ) - createdBefore: String?, - @RestQueryParameter( - description = "Only include key pairs associated with the specified list of key IDs. If specified, other filter" + - " parameters will be ignored.", - required = false, - name = "id", - ) - ids: List?, - ): Map - - /** - * The [generateKeyPair] method enables you to generate a new key pair for a tenant. The key pair is generated for - * the specified HSM category under the given alias. The type of the new key pair is determined by the [scheme] value. - * - * Example usage: - * ``` - * keysOps.generateKeyPair(tenantId = "58B6030FABDD", alias = "alias", hsmCategory = "TLS", scheme = "CORDA.RSA") - * - * keysOps.generateKeyPair(tenantId = "p2p", alias = "alias", hsmCategory = "TLS", scheme = "CORDA.RSA") - * ``` - * - * @param tenantId Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P - * services. - * @param alias The alias under which the new key pair will be stored. - * @param hsmCategory Category of the HSM which handles the key pairs. Can be one of 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', - * 'SESSION_INIT', 'TLS', 'JWT_KEY'. - * @param scheme The key's scheme describing which type of the key pair to generate. For example, 'CORDA.RSA', - * 'CORDA.ECDSA.SECP256K1', 'CORDA.ECDSA.SECP256R1', 'CORDA.EDDSA.ED25519', 'CORDA.SPHINCS-256'. - * - * @return The ID of the newly generated key pair in the form of [KeyPairIdentifier]. - */ - @HttpPOST( - path = "{tenantId}/alias/{alias}/category/{hsmCategory}/scheme/{scheme}", - description = "This method generates a new key pair for a tenant.", - responseDescription = "The ID of the newly generated key pair" - ) - fun generateKeyPair( - @RestPathParameter( - description = "Can either be a holding identity ID or the value 'p2p' for a cluster-level" + - " tenant of the P2P services" - ) - tenantId: String, - @RestPathParameter( - description = "The alias under which the new key pair will be stored" - ) - alias: String, - @RestPathParameter( - description = "Category of the HSM which handles the key pairs. Can be one of 'ACCOUNTS', 'CI', 'LEDGER'," + - " 'NOTARY', 'SESSION_INIT', 'TLS', 'JWT_KEY'." - ) - hsmCategory: String, - @RestPathParameter( - description = "The key's scheme describing which type of the key pair to generate. For example, 'CORDA.RSA'," + - " 'CORDA.ECDSA.SECP256K1', 'CORDA.ECDSA.SECP256R1', 'CORDA.EDDSA.ED25519', 'CORDA.SPHINCS-256'." - ) - scheme: String - ): KeyPairIdentifier - - /** - * The [generateKeyPem] method enables you to retrieve a tenant's public key in PEM format. This method assumes that - * a key pair associated with the specified [keyId] already exists. - * - * Example usage: - * ``` - * keysOps.generateKeyPem(tenantId = "58B6030FABDD", keyId = "3B9A266F96E2") - * - * keysOps.generateKeyPem(tenantId = "p2p", keyId = "3B9A266F96E2") - * ``` - * - * @param tenantId Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P - * services. - * @param keyId Identifier of the public key to be retrieved. - * - * @return The public key in PEM format. - */ - @HttpGET( - path = "{tenantId}/{keyId}", - description = "This method retrieves a tenant's public key in PEM format.", - responseDescription = "The public key in PEM format" - ) - fun generateKeyPem( - @RestPathParameter( - description = "Can either be a holding identity ID or the value 'p2p' for a cluster-level" + - " tenant of the P2P services" - ) - tenantId: String, - @RestPathParameter(description = "Identifier of the public key to be retrieved") - keyId: String, - ): String -} diff --git a/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/MGMRestResource.kt b/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/MGMRestResource.kt index 368d71ae54e..effd6361c70 100644 --- a/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/MGMRestResource.kt +++ b/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/MGMRestResource.kt @@ -426,37 +426,6 @@ interface MGMRestResource : RestResource { reason: ManualDeclinationReason ) - /** - * The [suspendMember] method enables you to suspend a member. A suspended member is blocked from communicating - * with other members of the group, and will not see any updates related to the group or the other members. - * - * Example usage: - * ``` - * mgmOps.suspendMember("58B6030FABDD", SuspendMemberParameters("O=Alice, L=London, C=GB")) - * ``` - * - * @param holdingIdentityShortHash The holding identity ID of the MGM of the membership group. - * @param suspensionParams Parameters for suspending a member. See [DeprecatedSuspensionActivationParameters] for more details. - */ - @Deprecated("Deprecated in favour of suspendMember") - @HttpPOST( - path = "{holdingIdentityShortHash}/suspend", - minVersion = RestApiVersion.C5_0, - maxVersion = RestApiVersion.C5_0, - description = "The suspend endpoint enables you to suspend a member. The v1 version of this endpoint is deprecated in favour of " + - "later versions. Later versions mandate that the serial number is specified in the request body." - ) - fun deprecatedSuspendMember( - @RestPathParameter( - description = "The holding identity ID of the MGM of the membership group" - ) - holdingIdentityShortHash: String, - @ClientRequestBodyParameter( - description = "Parameters for suspending a member." - ) - suspensionParams: SuspensionActivationParameters - ) - /** * The [suspendMember] method enables you to suspend a member. A suspended member is blocked from communicating * with other members of the group, and will not see any updates related to the group or the other members. @@ -485,40 +454,6 @@ interface MGMRestResource : RestResource { suspensionParams: SuspensionActivationParameters ) - /** - * The [deprecatedActivateMember] method enables you to activate a previously suspended member. An activated member is - * allowed to communicate with other members of the group again, and is able to receive updates related to the - * group or the other members. - * - * Example usage: - * ``` - * mgmOps.activateMember("58B6030FABDD", SuspendMemberParameters("O=Alice, L=London, C=GB")) - * ``` - * - * @param holdingIdentityShortHash The holding identity ID of the MGM of the membership group. - * @param activationParams Parameters for activating a member. See [SuspensionActivationParameters] for more details. - */ - @HttpPOST( - path = "{holdingIdentityShortHash}/activate", - minVersion = RestApiVersion.C5_0, - maxVersion = RestApiVersion.C5_0, - description = "This endpoint enables you to activate a previously suspended member. The v1 version of this " + - "endpoint is deprecated in favour of later versions. Later versions mandate that the serial number " + - "is specified in the request body." - ) - @Deprecated("Deprecated in favour of activateMember") - fun deprecatedActivateMember( - @RestPathParameter( - description = "The holding identity ID of the MGM of the membership group" - ) - holdingIdentityShortHash: String, - - @ClientRequestBodyParameter( - description = "Parameters for suspending or activating a member." - ) - activationParams: SuspensionActivationParameters - ) - /** * The [activateMember] method enables you to activate a previously suspended member. An activated member is * allowed to communicate with other members of the group again, and is able to receive updates related to the diff --git a/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/MemberLookupRestResource.kt b/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/MemberLookupRestResource.kt index affb0096ea3..95dc71306a8 100644 --- a/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/MemberLookupRestResource.kt +++ b/components/membership/membership-rest/src/main/kotlin/net/corda/membership/rest/v1/MemberLookupRestResource.kt @@ -20,92 +20,6 @@ import net.corda.rest.annotations.RestQueryParameter path = "members" ) interface MemberLookupRestResource : RestResource { - /** - * The [lookup] method enables you to retrieve a list of all members in the membership group that - * are visible to the member represented by [holdingIdentityShortHash]. The list can be optionally filtered by - * X.500 name attributes or member statuses. This method returns an empty list if no members matching the criteria - * are found. - * - * Example usage: - * ``` - * memberLookupOps.lookup(holdingIdentityShortHash = "58B6030FABDD") - * - * memberLookupOps.lookup(holdingIdentityShortHash = "58B6030FABDD", commonName = "Alice", country = "GB") - * ``` - * - * @param holdingIdentityShortHash Holding identity ID of the requesting member, which uniquely identifies the member - * and its group. The result only contains members that are visible to this member. - * @param commonName Optional. Common Name (CN) attribute of the X.500 name to filter members by. - * @param organization Optional. Organization (O) attribute of the X.500 name to filter members by. - * @param organizationUnit Optional. Organization Unit (OU) attribute of the X.500 name to filter members by. - * @param locality Optional. Locality (L) attribute of the X.500 name to filter members by. - * @param state Optional. State (ST) attribute of the X.500 name to filter members by. - * @param country Optional. Country (C) attribute of the X.500 name to filter members by. - * @param statuses Optional. List of statuses ("ACTIVE", "SUSPENDED") to filter members by. - * By default, only ACTIVE members are filtered. Only an MGM can view suspended members. - * The v5_1 version of the API allows members to view themselves regardless of their status (e.g. even if they are suspended). - * - * @return List of active and pending members matching the criteria as [RestMemberInfoList]. - */ - @HttpGET( - path = "{holdingIdentityShortHash}", - description = "This method retrieves a list of all active and pending members in the membership group.", - maxVersion = RestApiVersion.C5_0 - ) - @Suppress("LongParameterList") - @Deprecated("Deprecated in favour of lookupV51") - fun lookup( - @RestPathParameter( - description = "Holding identity ID of the requesting member. The result only contains" + - " members that are visible to this member" - ) - holdingIdentityShortHash: String, - @RestQueryParameter( - name = "cn", - description = "Common Name (CN) attribute of the X.500 name to filter members by", - required = false - ) - commonName: String? = null, - @RestQueryParameter( - name = "o", - description = "Organization (O) attribute of the X.500 name to filter members by", - required = false - ) - organization: String? = null, - @RestQueryParameter( - name = "ou", - description = "Organization Unit (OU) attribute of the X.500 name to filter members by", - required = false - ) - organizationUnit: String? = null, - @RestQueryParameter( - name = "l", - description = "Locality (L) attribute of the X.500 name to filter members by", - required = false - ) - locality: String? = null, - @RestQueryParameter( - name = "st", - description = "State (ST) attribute of the X.500 name to filter members by", - required = false - ) - state: String? = null, - @RestQueryParameter( - name = "c", - description = "Country (C) attribute of the X.500 name to filter members by", - required = false - ) - country: String? = null, - @RestQueryParameter( - description = "List of statuses (\"ACTIVE\", \"SUSPENDED\") to filter members by. " + - "By default, only ACTIVE members are filtered. Only an MGM can view suspended members. " + - "The v5_1 version of the API allows members to view themselves regardless of their status " + - "(e.g. even if they are suspended).", - required = false, - ) - statuses: List = listOf(MemberInfoExtension.MEMBER_STATUS_ACTIVE), - ): RestMemberInfoList - /** * The [lookup] method enables you to retrieve a list of all members in the membership group that * are visible to the member represented by [holdingIdentityShortHash]. The list can be optionally filtered by @@ -139,7 +53,7 @@ interface MemberLookupRestResource : RestResource { minVersion = RestApiVersion.C5_1 ) @Suppress("LongParameterList") - fun lookupV51( + fun lookup( @RestPathParameter( description = "Holding identity ID of the requesting member. The result only contains" + " members that are visible to this member" diff --git a/components/permissions/permission-rest-resource-impl/src/main/kotlin/net/corda/libs/permissions/endpoints/v1/user/impl/UserEndpointImpl.kt b/components/permissions/permission-rest-resource-impl/src/main/kotlin/net/corda/libs/permissions/endpoints/v1/user/impl/UserEndpointImpl.kt index 627ecdbef45..c4f1e302237 100644 --- a/components/permissions/permission-rest-resource-impl/src/main/kotlin/net/corda/libs/permissions/endpoints/v1/user/impl/UserEndpointImpl.kt +++ b/components/permissions/permission-rest-resource-impl/src/main/kotlin/net/corda/libs/permissions/endpoints/v1/user/impl/UserEndpointImpl.kt @@ -126,14 +126,6 @@ class UserEndpointImpl @Activate constructor( return ResponseEntity.created(createUserResult.convertToEndpointType()) } - @Deprecated("Deprecated in favour of `getUserPath()`") - override fun getUserQuery(loginName: String): ResponseEntity { - "Deprecated, please use next version where loginName is passed as a path parameter.".let { msg -> - logger.warn(msg) - return ResponseEntity.okButDeprecated(doGetUser(loginName), msg) - } - } - override fun getUserPath(loginName: String): UserResponseType { return doGetUser(loginName) } diff --git a/components/virtual-node/virtual-node-rest-service-impl/src/main/kotlin/net/corda/virtualnode/rest/impl/v1/VirtualNodeRestResourceImpl.kt b/components/virtual-node/virtual-node-rest-service-impl/src/main/kotlin/net/corda/virtualnode/rest/impl/v1/VirtualNodeRestResourceImpl.kt index a0684b4640d..3212b076302 100644 --- a/components/virtual-node/virtual-node-rest-service-impl/src/main/kotlin/net/corda/virtualnode/rest/impl/v1/VirtualNodeRestResourceImpl.kt +++ b/components/virtual-node/virtual-node-rest-service-impl/src/main/kotlin/net/corda/virtualnode/rest/impl/v1/VirtualNodeRestResourceImpl.kt @@ -256,17 +256,6 @@ internal class VirtualNodeRestResourceImpl( return messageConverter.convert(virtualNode) } - @Deprecated("Deprecated in favour of upgradeVirtualNode") - override fun upgradeVirtualNodeDeprecated( - virtualNodeShortId: String, - targetCpiFileChecksum: String - ): ResponseEntity { - "Deprecated, please use next version where forceUpgrade is passed as a query parameter.".let { msg -> - logger.warn(msg) - return ResponseEntity.acceptedButDeprecated(doUpgradeVirtualNode(virtualNodeShortId, targetCpiFileChecksum, false), msg) - } - } - override fun upgradeVirtualNode( virtualNodeShortId: String, targetCpiFileChecksum: String, diff --git a/libs/corda-sdk/src/main/kotlin/net/corda/sdk/bootstrap/rbac/Permissions.kt b/libs/corda-sdk/src/main/kotlin/net/corda/sdk/bootstrap/rbac/Permissions.kt index e0e71fea792..f16b4bad293 100644 --- a/libs/corda-sdk/src/main/kotlin/net/corda/sdk/bootstrap/rbac/Permissions.kt +++ b/libs/corda-sdk/src/main/kotlin/net/corda/sdk/bootstrap/rbac/Permissions.kt @@ -61,7 +61,6 @@ object Permissions { val userAdmin: Map = listOf( // User manipulation permissions "CreateUsers" to "POST:/api/$VERSION_PATH_REGEX/user", - "GetUsersV1" to "GET:/api/v1/user\\?loginName=${RbacKeys.USER_URL_REGEX}", "GetUsers" to "GET:/api/$VERSION_PATH_REGEX/user/${RbacKeys.USER_URL_REGEX}", "ChangeOtherUserPassword" to "POST:/api/$VERSION_PATH_REGEX/user/otheruserpassword", "AddRoleToUser" to "PUT:/api/$VERSION_PATH_REGEX/user/${RbacKeys.USER_URL_REGEX}/role/$UUID_REGEX", diff --git a/libs/permissions/permission-endpoint/src/main/kotlin/net/corda/libs/permissions/endpoints/v1/user/UserEndpoint.kt b/libs/permissions/permission-endpoint/src/main/kotlin/net/corda/libs/permissions/endpoints/v1/user/UserEndpoint.kt index c17b938b9f6..45ce7e62b41 100644 --- a/libs/permissions/permission-endpoint/src/main/kotlin/net/corda/libs/permissions/endpoints/v1/user/UserEndpoint.kt +++ b/libs/permissions/permission-endpoint/src/main/kotlin/net/corda/libs/permissions/endpoints/v1/user/UserEndpoint.kt @@ -13,7 +13,6 @@ import net.corda.rest.annotations.HttpPUT import net.corda.rest.annotations.HttpRestResource import net.corda.rest.annotations.RestApiVersion import net.corda.rest.annotations.RestPathParameter -import net.corda.rest.annotations.RestQueryParameter import net.corda.rest.response.ResponseEntity /** @@ -68,35 +67,6 @@ interface UserEndpoint : RestResource { createUserType: CreateUserType ): ResponseEntity - /** - * Get a user by loginName in the RBAC permission system. - */ - @HttpGET( - description = "This method returns a user based on the specified login name.", - responseDescription = """ - A newly created user with the following attributes: - id: Unique server generated identifier for the user - version: The version of the user; version 0 is assigned to a newly created user - updateTimestamp: The date and time when the user was last updated - fullName: The full name for the new user - loginName: The login name for the new user - enabled: If true, the user account is enabled; false, the account is disabled - ssoAuth: If true, the user account is enabled for SSO authentication; - false, the account is enabled for password authentication - passwordExpiry: The date and time when the password should expire, specified as an ISO-8601 string; - value of null means that the password does not expire - parentGroup: An optional identifier of the user group for the new user to be included; - value of null means that the user will belong to the root group - properties: An optional set of key/value properties associated with a user account - roleAssociations: A set of roles associated with the user account""", - maxVersion = RestApiVersion.C5_0 - ) - @Deprecated("Deprecated in favour of `getUserPath()`") - fun getUserQuery( - @RestQueryParameter(description = "The login name of the user to be returned") - loginName: String - ): ResponseEntity - @HttpGET( path = "{loginName}", description = "This method returns a user based on the specified login name.", diff --git a/libs/permissions/permission-validation-impl/src/test/kotlin/net/corda/libs/permission/impl/PermissionValidatorImplTest.kt b/libs/permissions/permission-validation-impl/src/test/kotlin/net/corda/libs/permission/impl/PermissionValidatorImplTest.kt index fc25d59cf73..1ed688e3d5f 100644 --- a/libs/permissions/permission-validation-impl/src/test/kotlin/net/corda/libs/permission/impl/PermissionValidatorImplTest.kt +++ b/libs/permissions/permission-validation-impl/src/test/kotlin/net/corda/libs/permission/impl/PermissionValidatorImplTest.kt @@ -14,8 +14,8 @@ import kotlin.test.assertTrue class PermissionValidatorImplTest { - private val cpiUploadRequest = "POST:/api/v1/cpi" - private val certsInstallRequest = "PUT:/api/v5_1/certificate/p2p-tls/cluster" + private val cpiUploadRequest = "POST:/api/v5_3/cpi" + private val certsInstallRequest = "PUT:/api/v5_3/certificate/p2p-tls/cluster" private val userName = "userLoginName" @@ -54,7 +54,7 @@ class PermissionValidatorImplTest { @Test fun `will return false for missing permission`() { - assertFalse(permissionValidator.authorizeUser(userName, "GET:/api/v1/mgm/12345678/info")) + assertFalse(permissionValidator.authorizeUser(userName, "GET:/api/v5_3/mgm/12345678/info")) } @Test diff --git a/libs/platform-info/src/main/kotlin/net/corda/libs/platform/PlatformVersion.kt b/libs/platform-info/src/main/kotlin/net/corda/libs/platform/PlatformVersion.kt index bc9c3d2ba15..dfe2ef03893 100644 --- a/libs/platform-info/src/main/kotlin/net/corda/libs/platform/PlatformVersion.kt +++ b/libs/platform-info/src/main/kotlin/net/corda/libs/platform/PlatformVersion.kt @@ -1,7 +1,6 @@ package net.corda.libs.platform enum class PlatformVersion(val value: Int) { - CORDA_5_0(50000), CORDA_5_1(50100), CORDA_5_2(50200), CORDA_5_2_1(50201), diff --git a/libs/rest/rest-server-impl/src/integrationTest/kotlin/net/corda/rest/server/impl/RestServerApiVersioningTest.kt b/libs/rest/rest-server-impl/src/integrationTest/kotlin/net/corda/rest/server/impl/RestServerApiVersioningTest.kt index 5bf26716d47..e8b214678fb 100644 --- a/libs/rest/rest-server-impl/src/integrationTest/kotlin/net/corda/rest/server/impl/RestServerApiVersioningTest.kt +++ b/libs/rest/rest-server-impl/src/integrationTest/kotlin/net/corda/rest/server/impl/RestServerApiVersioningTest.kt @@ -60,14 +60,14 @@ class RestServerApiVersioningTest : RestServerTestBase() { fun `same endpoint available in multiple versions`() { val response = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_1.versionPath}/testEndpointVersion/1234"), + WebRequest("${RestApiVersion.C5_2.versionPath}/testEndpointVersion/1234"), userName, password ) val response2 = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_2.versionPath}/testEndpointVersion/1234"), + WebRequest("${RestApiVersion.C5_3.versionPath}/testEndpointVersion/1234"), userName, password ) @@ -79,7 +79,7 @@ class RestServerApiVersioningTest : RestServerTestBase() { fun `endpoint added at a particular version`() { val response = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_0.versionPath}/testEndpointVersion/1234"), + WebRequest("${RestApiVersion.C5_1.versionPath}/testEndpointVersion/1234"), userName, password ) @@ -87,7 +87,7 @@ class RestServerApiVersioningTest : RestServerTestBase() { val response2 = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_2.versionPath}/testEndpointVersion/1234"), + WebRequest("${RestApiVersion.C5_3.versionPath}/testEndpointVersion/1234"), userName, password ) @@ -98,7 +98,7 @@ class RestServerApiVersioningTest : RestServerTestBase() { fun `endpoint removed at a particular version`() { val response = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_0.versionPath}/testEndpointVersion?id=1234"), + WebRequest("${RestApiVersion.C5_1.versionPath}/testEndpointVersion?id=1234"), userName, password ) @@ -106,7 +106,7 @@ class RestServerApiVersioningTest : RestServerTestBase() { val response2 = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_1.versionPath}/testEndpointVersion?id=1234"), + WebRequest("${RestApiVersion.C5_2.versionPath}/testEndpointVersion?id=1234"), userName, password ) @@ -117,7 +117,7 @@ class RestServerApiVersioningTest : RestServerTestBase() { fun `request works with resource versions when no version specified at endpoint level`() { val response = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_1.versionPath}/testResourceVersion?id=1234"), + WebRequest("${RestApiVersion.C5_2.versionPath}/testResourceVersion?id=1234"), userName, password ) @@ -128,7 +128,7 @@ class RestServerApiVersioningTest : RestServerTestBase() { fun `when endpoint versions are outside of resource version limit, calling endpoint fails`() { val response = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_0.versionPath}/testResourceVersion/1234"), + WebRequest("${RestApiVersion.C5_1.versionPath}/testResourceVersion/1234"), userName, password ) @@ -139,7 +139,7 @@ class RestServerApiVersioningTest : RestServerTestBase() { fun `endpoint without specified maxVersion supported up to CURRENT Rest Endpoint version`() { val response = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_0.versionPath}/testResourceMaxVersion/1234"), + WebRequest("${RestApiVersion.C5_1.versionPath}/testResourceMaxVersion/1234"), userName, password ) @@ -147,7 +147,7 @@ class RestServerApiVersioningTest : RestServerTestBase() { val response2 = client.call( HttpVerb.GET, - WebRequest("${RestApiVersion.C5_1.versionPath}/testResourceMaxVersion/1234"), + WebRequest("${RestApiVersion.C5_2.versionPath}/testResourceMaxVersion/1234"), userName, password ) diff --git a/libs/rest/rest-server-impl/src/main/kotlin/net/corda/rest/server/impl/context/ClientRequestContext.kt b/libs/rest/rest-server-impl/src/main/kotlin/net/corda/rest/server/impl/context/ClientRequestContext.kt index cbd88b6c825..2283962a36c 100644 --- a/libs/rest/rest-server-impl/src/main/kotlin/net/corda/rest/server/impl/context/ClientRequestContext.kt +++ b/libs/rest/rest-server-impl/src/main/kotlin/net/corda/rest/server/impl/context/ClientRequestContext.kt @@ -90,8 +90,8 @@ interface ClientRequestContext { fun getResourceAccessString(): String { // Examples of strings will look like: - // GET:/api/v1/permission/getpermission?id=c048679a-9654-4359-befc-9d2d22695a43 - // POST:/api/v1/user/createuser + // GET:/api/v5_3/permission/getpermission?id=c048679a-9654-4359-befc-9d2d22695a43 + // POST:/api/v5_3/user/createuser return method + METHOD_SEPARATOR + path.trimEnd('/') + if (!queryString.isNullOrBlank()) "?$queryString" else "" } diff --git a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/RestServerTest.kt b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/RestServerTest.kt index 320af3b3cb3..4fa33f2a3b7 100644 --- a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/RestServerTest.kt +++ b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/RestServerTest.kt @@ -55,7 +55,7 @@ class RestServerTest { OpenApiInfoProvider( APIStructureRetriever(listOf(TestHealthCheckAPIImpl())).structure, configProvider, - RestApiVersion.C5_0 + RestApiVersion.C5_1 ) ), multiPartDir, @@ -88,7 +88,7 @@ class RestServerTest { OpenApiInfoProvider( APIStructureRetriever(listOf(TestHealthCheckAPIImpl())).structure, configProvider, - RestApiVersion.C5_0 + RestApiVersion.C5_1 ) ), multiPartDir, @@ -112,7 +112,7 @@ class RestServerTest { val resources = APIStructureRetriever(listOf(TestHealthCheckAPIImpl())).structure val endpointsCount = resources.sumOf { resource -> resource.endpoints.filterNot { it.method == EndpointMethod.WS }.count() } - val openApiJson = OpenApiInfoProvider(resources, configProvider, RestApiVersion.C5_0).openApiString + val openApiJson = OpenApiInfoProvider(resources, configProvider, RestApiVersion.C5_1).openApiString val openApi = Json.mapper().readValue(openApiJson, OpenAPI::class.java) val totalPathsCount = openApi.paths.count { it.value.get != null } + openApi.paths.count { it.value.post != null } @@ -141,7 +141,7 @@ class RestServerTest { OpenApiInfoProvider( APIStructureRetriever(listOf(TestHealthCheckAPIImpl())).structure, configProvider, - RestApiVersion.C5_0 + RestApiVersion.C5_1 ) ), multiPartDir, diff --git a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/JavalinRouteProviderImplTest.kt b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/JavalinRouteProviderImplTest.kt index 32851fa35f6..ad65d6cd703 100644 --- a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/JavalinRouteProviderImplTest.kt +++ b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/JavalinRouteProviderImplTest.kt @@ -16,7 +16,7 @@ import kotlin.reflect.jvm.javaMethod class JavalinRouteProviderImplTest { private companion object { - val API_VERSIONS = setOf(RestApiVersion.C5_0, RestApiVersion.C5_1) + val API_VERSIONS = setOf(RestApiVersion.C5_1, RestApiVersion.C5_2) } @Test diff --git a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/ResourceToOpenApiSpecMapperTest.kt b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/ResourceToOpenApiSpecMapperTest.kt index 1f76901b914..0cbea9f14ec 100644 --- a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/ResourceToOpenApiSpecMapperTest.kt +++ b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/ResourceToOpenApiSpecMapperTest.kt @@ -175,7 +175,7 @@ class ResourceToOpenApiSpecMapperTest { @Test fun `Can convert resource list to OpenApi object`() { val resource = getHealthCheckApiTestResource() - val openAPI = listOf(resource).toOpenAPI(SchemaModelContextHolder(), RestApiVersion.C5_0) + val openAPI = listOf(resource).toOpenAPI(SchemaModelContextHolder(), RestApiVersion.C5_1) with(openAPI) { val tag = tags.single() assertEquals("HealthCheckAPI", tag.name) @@ -232,7 +232,7 @@ class ResourceToOpenApiSpecMapperTest { ) ), invocationMethod = InvocationMethod(method = TestHealthCheckAPI::plusOne.javaMethod!!, instance = TestHealthCheckAPIImpl()), - apiVersions = setOf(RestApiVersion.C5_0) + apiVersions = setOf(RestApiVersion.C5_1) ) val schemaModelProvider = DefaultSchemaModelProvider(SchemaModelContextHolder()) val openApi = endpoint.toOperation("path", schemaModelProvider) @@ -262,7 +262,7 @@ class ResourceToOpenApiSpecMapperTest { method = TestHealthCheckAPI::voidResponse.javaMethod!!, instance = TestHealthCheckAPIImpl() ), - apiVersions = setOf(RestApiVersion.C5_0) + apiVersions = setOf(RestApiVersion.C5_1) ) val schemaModelProvider = DefaultSchemaModelProvider(SchemaModelContextHolder()) @@ -291,7 +291,7 @@ class ResourceToOpenApiSpecMapperTest { method = TestHealthCheckAPI::voidResponse.javaMethod!!, instance = TestHealthCheckAPIImpl() ), - apiVersions = setOf(RestApiVersion.C5_0) + apiVersions = setOf(RestApiVersion.C5_1) ) val schemaModelProvider = DefaultSchemaModelProvider(SchemaModelContextHolder()) @@ -320,7 +320,7 @@ class ResourceToOpenApiSpecMapperTest { method = TestHealthCheckAPI::voidResponse.javaMethod!!, instance = TestHealthCheckAPIImpl() ), - apiVersions = setOf(RestApiVersion.C5_0) + apiVersions = setOf(RestApiVersion.C5_1) ) val schemaModelProvider = DefaultSchemaModelProvider(SchemaModelContextHolder()) @@ -364,7 +364,7 @@ class ResourceToOpenApiSpecMapperTest { parameterizedTypes = emptyList() ), invocationMethod = InvocationMethod(method = TestFileUploadAPI::upload.javaMethod!!, instance = TestHealthCheckAPIImpl()), - apiVersions = setOf(RestApiVersion.C5_0) + apiVersions = setOf(RestApiVersion.C5_1) ) val schemaModelProvider = DefaultSchemaModelProvider(SchemaModelContextHolder()) val openApi = endpoint.toOperation("path", schemaModelProvider) @@ -426,7 +426,7 @@ class ResourceToOpenApiSpecMapperTest { method = TestFileUploadAPI::uploadWithName.javaMethod!!, instance = TestHealthCheckAPIImpl() ), - apiVersions = setOf(RestApiVersion.C5_0) + apiVersions = setOf(RestApiVersion.C5_1) ) val schemaModelProvider = DefaultSchemaModelProvider(SchemaModelContextHolder()) val openApi = endpoint.toOperation("fileupload", schemaModelProvider) diff --git a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/RouteInfoTest.kt b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/RouteInfoTest.kt index 351c85c85ed..2fcb2e637a7 100644 --- a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/RouteInfoTest.kt +++ b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/apigen/processing/RouteInfoTest.kt @@ -29,9 +29,9 @@ class RouteInfoTest { parameterizedTypes = emptyList() ), title = "Sanity", - apiVersions = setOf(RestApiVersion.C5_0) + apiVersions = setOf(RestApiVersion.C5_1) ) - val route = RouteInfo("sanity", "", RestApiVersion.C5_0, endpoint) + val route = RouteInfo("sanity", "", RestApiVersion.C5_1, endpoint) assertEquals("Sane", route.invokeDelegatedMethod()) } @@ -50,11 +50,11 @@ class RouteInfoTest { parameterizedTypes = emptyList() ), title = "Hello", - apiVersions = setOf(RestApiVersion.C5_0) + apiVersions = setOf(RestApiVersion.C5_1) ) val param1 = "name" val param2 = 1 - val route = RouteInfo("", "", RestApiVersion.C5_0, endpoint) + val route = RouteInfo("", "", RestApiVersion.C5_1, endpoint) assertEquals("Hello 1 : name", route.invokeDelegatedMethod(param1, param2)) } @@ -73,10 +73,10 @@ class RouteInfoTest { parameterizedTypes = emptyList() ), title = "Sanity", - apiVersions = setOf(RestApiVersion.C5_0) + apiVersions = setOf(RestApiVersion.C5_1) ) val params = listOf("1", "2", "3") - val route = RouteInfo("", "", RestApiVersion.C5_0, endpoint) + val route = RouteInfo("", "", RestApiVersion.C5_1, endpoint) assertEquals(listOf(2.0, 3.0, 4.0), route.invokeDelegatedMethod(params)) } } diff --git a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/utils/ResourceTestUtils.kt b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/utils/ResourceTestUtils.kt index 5dbefd604be..fec46d4c3df 100644 --- a/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/utils/ResourceTestUtils.kt +++ b/libs/rest/rest-server-impl/src/test/kotlin/net/corda/rest/server/impl/utils/ResourceTestUtils.kt @@ -15,7 +15,7 @@ import net.corda.rest.test.TestHealthCheckAPIImpl import kotlin.reflect.jvm.javaMethod internal fun getHealthCheckApiTestResource(): Resource { - val apiVersions = setOf(RestApiVersion.C5_0, RestApiVersion.C5_1) + val apiVersions = setOf(RestApiVersion.C5_1, RestApiVersion.C5_2) val endpointVoid = Endpoint( method = EndpointMethod.GET, diff --git a/libs/rest/rest-test-common/src/main/kotlin/net/corda/rest/test/TestVersioningRestResource.kt b/libs/rest/rest-test-common/src/main/kotlin/net/corda/rest/test/TestVersioningRestResource.kt index 09bae2187bd..912ed887736 100644 --- a/libs/rest/rest-test-common/src/main/kotlin/net/corda/rest/test/TestVersioningRestResource.kt +++ b/libs/rest/rest-test-common/src/main/kotlin/net/corda/rest/test/TestVersioningRestResource.kt @@ -11,15 +11,15 @@ import net.corda.rest.annotations.RestQueryParameter name = "TestEndpointVersioning", description = "RESTful operations on Test Entity", path = "testEndpointVersion/", - minVersion = RestApiVersion.C5_0, - maxVersion = RestApiVersion.C5_2 + minVersion = RestApiVersion.C5_1, + maxVersion = RestApiVersion.C5_3 ) interface TestEndpointVersioningRestResource : RestResource { @Deprecated("Deprecated in favour of `getUsingPath()`") - @HttpGET(minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_0) + @HttpGET(minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_1) fun getUsingQuery(@RestQueryParameter id: String): String - @HttpGET(path = "{id}", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_2) + @HttpGET(path = "{id}", minVersion = RestApiVersion.C5_2, maxVersion = RestApiVersion.C5_3) fun getUsingPath(@RestPathParameter id: String): String } @@ -27,15 +27,15 @@ interface TestEndpointVersioningRestResource : RestResource { name = "TestResourceVersioning", description = "RESTful operations on Test Entity", path = "testResourceVersion/", - minVersion = RestApiVersion.C5_1, - maxVersion = RestApiVersion.C5_2 + minVersion = RestApiVersion.C5_2, + maxVersion = RestApiVersion.C5_3 ) interface TestResourceVersioningRestResource : RestResource { @Deprecated("Deprecated in favour of `getUsingPath()`") @HttpGET() fun getUsingQuery(@RestQueryParameter id: String): String - @HttpGET(path = "{id}", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_0) + @HttpGET(path = "{id}", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_1) fun getUsingPath(@RestPathParameter id: String): String } @@ -43,14 +43,14 @@ interface TestResourceVersioningRestResource : RestResource { name = "TestResourceMaxVersion", description = "RESTful operations on Test Entity", path = "testResourceMaxVersion/", - minVersion = RestApiVersion.C5_0, - maxVersion = RestApiVersion.C5_2 + minVersion = RestApiVersion.C5_1, + maxVersion = RestApiVersion.C5_3 ) interface TestResourceMaxVersioningRestResource : RestResource { @Deprecated("Deprecated in favour of `getUsingPath()`") @HttpGET() fun getUsingQuery(@RestQueryParameter id: String): String - @HttpGET(path = "{id}", minVersion = RestApiVersion.C5_0) + @HttpGET(path = "{id}", minVersion = RestApiVersion.C5_1) fun getUsingPath(@RestPathParameter id: String): String } diff --git a/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/EndpointMinMaxVersionValidatorTest.kt b/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/EndpointMinMaxVersionValidatorTest.kt index 509a234cc16..ed55e2bdc57 100644 --- a/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/EndpointMinMaxVersionValidatorTest.kt +++ b/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/EndpointMinMaxVersionValidatorTest.kt @@ -16,7 +16,7 @@ class EndpointMinMaxVersionValidatorTest { @HttpRestResource abstract class TestInterface : RestResource { - @HttpGET(minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_2) + @HttpGET(minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_3) abstract fun test() } diff --git a/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/EndpointNameConflictValidatorTest.kt b/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/EndpointNameConflictValidatorTest.kt index 29935a1cd3e..a087040e49f 100644 --- a/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/EndpointNameConflictValidatorTest.kt +++ b/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/EndpointNameConflictValidatorTest.kt @@ -20,11 +20,11 @@ class EndpointNameConflictValidatorTest { fun `validate withEndpointNameConflictOnSamePathDifferentVersions errorListIsEmpty`() { @HttpRestResource abstract class TestInterface : RestResource { - @HttpGET("/test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_0) + @HttpGET("/test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_1) @Suppress("unused") abstract fun test() - @HttpGET("/test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_2) + @HttpGET("/test", minVersion = RestApiVersion.C5_2, maxVersion = RestApiVersion.C5_3) @Suppress("unused") abstract fun test2() } @@ -57,11 +57,11 @@ class EndpointNameConflictValidatorTest { fun `validate withEndpointNameConflictOnSamePathOverlappingVersions errorListContainsError`() { @HttpRestResource abstract class TestInterface : RestResource { - @HttpGET("/test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_1) + @HttpGET("/test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_2) @Suppress("unused") abstract fun test() - @HttpGET("/test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_2) + @HttpGET("/test", minVersion = RestApiVersion.C5_2, maxVersion = RestApiVersion.C5_3) @Suppress("unused") abstract fun test2() } @@ -76,15 +76,15 @@ class EndpointNameConflictValidatorTest { fun `validate withEndpointNameConflictOnSamePathMultipleConflicts errorListContainsErrors`() { @HttpRestResource abstract class TestInterface : RestResource { - @HttpGET("/test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_0) + @HttpGET("/test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_1) @Suppress("unused") abstract fun test() - @HttpGET("/test", minVersion = RestApiVersion.C5_2, maxVersion = RestApiVersion.C5_2) + @HttpGET("/test", minVersion = RestApiVersion.C5_3, maxVersion = RestApiVersion.C5_3) @Suppress("unused") abstract fun test2() - @HttpGET("/test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_2) + @HttpGET("/test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_3) @Suppress("unused") abstract fun test3() } @@ -102,11 +102,11 @@ class EndpointNameConflictValidatorTest { fun `validate withEndpointNameConflictOnSamePathContainedVersions errorListContainsError`() { @HttpRestResource abstract class TestInterface : RestResource { - @HttpGET("/test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_2) + @HttpGET("/test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_3) @Suppress("unused") abstract fun test() - @HttpGET("/test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_1) + @HttpGET("/test", minVersion = RestApiVersion.C5_2, maxVersion = RestApiVersion.C5_2) @Suppress("unused") abstract fun test2() } diff --git a/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/ResourceMinMaxVersionValidatorTest.kt b/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/ResourceMinMaxVersionValidatorTest.kt index c743747d201..05081f5d131 100644 --- a/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/ResourceMinMaxVersionValidatorTest.kt +++ b/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/ResourceMinMaxVersionValidatorTest.kt @@ -10,7 +10,7 @@ class ResourceMinMaxVersionValidatorTest { @Test fun `check valid versions`() { - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_2) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_3) abstract class TestInterface : RestResource val result = ResourceMinMaxVersionValidator( diff --git a/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/ResourceNameConflictValidatorTest.kt b/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/ResourceNameConflictValidatorTest.kt index b38fc568894..44c70fcec48 100644 --- a/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/ResourceNameConflictValidatorTest.kt +++ b/libs/rest/rest-tools/src/test/kotlin/net/corda/rest/tools/annotations/validation/ResourceNameConflictValidatorTest.kt @@ -35,13 +35,13 @@ class ResourceNameConflictValidatorTest { @Test fun `validate withResourceDuplicateNamesDifferentVersions errorListIsEmpty`() { - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_1) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_2) class TestInterface : RestResource { override val protocolVersion: Int get() = 1 } - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_2, maxVersion = RestApiVersion.C5_2) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_3, maxVersion = RestApiVersion.C5_3) class TestInterface2 : RestResource { override val protocolVersion: Int get() = 1 @@ -59,13 +59,13 @@ class ResourceNameConflictValidatorTest { @Test fun `validate withResourceDuplicateNamesOverlappingVersions errorListContainsMessage`() { - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_1) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_2) class TestInterface : RestResource { override val protocolVersion: Int get() = 1 } - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_2) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_2, maxVersion = RestApiVersion.C5_3) class TestInterface2 : RestResource { override val protocolVersion: Int get() = 1 @@ -84,13 +84,13 @@ class ResourceNameConflictValidatorTest { @Test fun `validate withResourceDuplicateNamesContainedVersions errorListContainsMessage`() { - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_2) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_3) class TestInterface : RestResource { override val protocolVersion: Int get() = 1 } - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_1) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_2, maxVersion = RestApiVersion.C5_2) class TestInterface2 : RestResource { override val protocolVersion: Int get() = 1 @@ -109,19 +109,19 @@ class ResourceNameConflictValidatorTest { @Test fun `validate withResourceDuplicateNamesMultipleConflicts errorListContainsMessages`() { - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_0) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_1) class TestInterface : RestResource { override val protocolVersion: Int get() = 1 } - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_2, maxVersion = RestApiVersion.C5_2) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_3, maxVersion = RestApiVersion.C5_3) class TestInterface2 : RestResource { override val protocolVersion: Int get() = 1 } - @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_0, maxVersion = RestApiVersion.C5_2) + @HttpRestResource(path = "test", minVersion = RestApiVersion.C5_1, maxVersion = RestApiVersion.C5_3) class TestInterface3 : RestResource { override val protocolVersion: Int get() = 1 diff --git a/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/HttpRestResource.kt b/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/HttpRestResource.kt index aec963a3645..333f48e17c9 100644 --- a/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/HttpRestResource.kt +++ b/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/HttpRestResource.kt @@ -1,6 +1,6 @@ package net.corda.rest.annotations -import net.corda.rest.annotations.RestApiVersion.C5_0 as MIN_SUPPORTED +import net.corda.rest.annotations.RestApiVersion.C5_1 as MIN_SUPPORTED import net.corda.rest.annotations.RestApiVersion.C5_3 as CURRENT /** diff --git a/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/RestApiVersion.kt b/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/RestApiVersion.kt index 9832046fed3..62431bada7d 100644 --- a/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/RestApiVersion.kt +++ b/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/RestApiVersion.kt @@ -8,8 +8,7 @@ import java.util.EnumSet */ enum class RestApiVersion(val versionPath: String, val parentVersion: RestApiVersion?) { - C5_0("v1", null), - C5_1("v5_1", C5_0), + C5_1("v5_1", null), C5_2("v5_2", C5_1), C5_3("v5_3", C5_2), C5_4("v5_4", C5_3), diff --git a/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/RestEndpoint.kt b/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/RestEndpoint.kt index ecd7a5fa6dd..4ce66d6bd83 100644 --- a/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/RestEndpoint.kt +++ b/libs/rest/rest/src/main/kotlin/net/corda/rest/annotations/RestEndpoint.kt @@ -4,7 +4,7 @@ import net.corda.rest.ResponseCode import net.corda.rest.SC_OK import net.corda.rest.exception.ResourceNotFoundException import net.corda.rest.response.ResponseEntity -import net.corda.rest.annotations.RestApiVersion.C5_0 as MIN_SUPPORTED +import net.corda.rest.annotations.RestApiVersion.C5_1 as MIN_SUPPORTED import net.corda.rest.annotations.RestApiVersion.C5_3 as CURRENT /** diff --git a/libs/tracing/README.md b/libs/tracing/README.md index c3fc163c519..d199501c9e6 100644 --- a/libs/tracing/README.md +++ b/libs/tracing/README.md @@ -30,7 +30,7 @@ Both headers must be provided otherwise the system will treat the ID as missing ```shell TRACE_ID=`openssl rand -hex 16` # 16 bytes, 128 bits SPAN_ID=`openssl rand -hex 8` # 8 bytes, 64 bits -curl --insecure -u admin:admin --header "X-B3-TraceId: $TRACE_ID" --header "X-B3-SpanId: $SPAN_ID" https://localhost:8888/api/v1/flow/$HOLDING_ID/r1 +curl --insecure -u admin:admin --header "X-B3-TraceId: $TRACE_ID" --header "X-B3-SpanId: $SPAN_ID" https://localhost:8888/api/v5_3/flow/$HOLDING_ID/r1 ``` ## How to use diff --git a/libs/virtual-node/virtual-node-endpoints/src/main/kotlin/net/corda/libs/virtualnode/endpoints/v1/VirtualNodeRestResource.kt b/libs/virtual-node/virtual-node-endpoints/src/main/kotlin/net/corda/libs/virtualnode/endpoints/v1/VirtualNodeRestResource.kt index c6ee855a51f..4067a0d6fa9 100644 --- a/libs/virtual-node/virtual-node-endpoints/src/main/kotlin/net/corda/libs/virtualnode/endpoints/v1/VirtualNodeRestResource.kt +++ b/libs/virtual-node/virtual-node-endpoints/src/main/kotlin/net/corda/libs/virtualnode/endpoints/v1/VirtualNodeRestResource.kt @@ -189,25 +189,6 @@ interface VirtualNodeRestResource : RestResource { newCpiChecksum: String ): String - /** - * Asynchronous endpoint to upgrade a virtual node's CPI. - */ - @Deprecated("Deprecated in favour of upgradeVirtualNode") - @HttpPUT( - path = "{virtualNodeShortId}/cpi/{targetCpiFileChecksum}", - title = "Upgrade a virtual node's CPI.", - description = "This method upgrades a virtual node's CPI.", - responseDescription = "Identifier for the request.", - minVersion = RestApiVersion.C5_0, - maxVersion = RestApiVersion.C5_0 - ) - fun upgradeVirtualNodeDeprecated( - @RestPathParameter(description = "Short ID of the virtual node instance to update") - virtualNodeShortId: String, - @RestPathParameter(description = "The file checksum of the CPI to upgrade to.") - targetCpiFileChecksum: String - ): ResponseEntity - /** * Asynchronous endpoint to upgrade a virtual node's CPI. */ diff --git a/processors/rest-processor/src/integrationTest/kotlin/net/corda/processors/rest/OpenApiCompatibilityTest.kt b/processors/rest-processor/src/integrationTest/kotlin/net/corda/processors/rest/OpenApiCompatibilityTest.kt index ce12d76d5d8..ca2ec7b9a80 100644 --- a/processors/rest-processor/src/integrationTest/kotlin/net/corda/processors/rest/OpenApiCompatibilityTest.kt +++ b/processors/rest-processor/src/integrationTest/kotlin/net/corda/processors/rest/OpenApiCompatibilityTest.kt @@ -1,5 +1,3 @@ -@file:Suppress("DEPRECATION") - package net.corda.processors.rest import io.swagger.v3.core.util.Json @@ -15,10 +13,8 @@ import net.corda.libs.permissions.endpoints.v1.user.UserEndpoint import net.corda.libs.virtualnode.endpoints.v1.VirtualNodeRestResource import net.corda.libs.virtualnode.maintenance.endpoints.v1.VirtualNodeMaintenanceRestResource import net.corda.membership.rest.v1.CertificateRestResource -import net.corda.membership.rest.v1.CertificatesRestResource import net.corda.membership.rest.v1.HsmRestResource import net.corda.membership.rest.v1.KeyRestResource -import net.corda.membership.rest.v1.KeysRestResource import net.corda.membership.rest.v1.MGMAdminRestResource import net.corda.membership.rest.v1.MGMRestResource import net.corda.membership.rest.v1.MemberLookupRestResource @@ -52,10 +48,8 @@ class OpenApiCompatibilityTest { private val logger = LoggerFactory.getLogger(this::class.java.enclosingClass) private val importantRestResources = setOf( - CertificatesRestResource::class.java, // P2P - Deprecated but supporting RestApiVersion.C5.0 CertificateRestResource::class.java, // P2P HsmRestResource::class.java, // P2P - KeysRestResource::class.java, // P2P - Deprecated but supporting RestApiVersion.C5.0 KeyRestResource::class.java, // P2P ConfigRestResource::class.java, // Flow FlowRestResource::class.java, // Flow @@ -161,7 +155,7 @@ class OpenApiCompatibilityTest { return server.use { // It may be handy to leave the HTTP Server running for a little while such that when developers - // experimenting with new endpoints locally could access URL: http://localhost:port/api/v1/swagger to see + // experimenting with new endpoints locally could access URL: http://localhost:port/api/v5_3/swagger to see // how their newly introduced OpenAPI is looking in SwaggerUI. // Thread.sleep(1_000_000) diff --git a/processors/rest-processor/src/integrationTest/resources/readme.md b/processors/rest-processor/src/integrationTest/resources/readme.md index ef5fc45d68e..abb5da09fe0 100644 --- a/processors/rest-processor/src/integrationTest/resources/readme.md +++ b/processors/rest-processor/src/integrationTest/resources/readme.md @@ -1,6 +1,6 @@ ## Open API compatibility testing -File [swaggerBaseline-$version.json](./swaggerBaseline-v1.json) represents a snapshot of Open API which REST Worker currently +File [swaggerBaseline-$version.json](./swaggerBaseline-v5_3.json) represents a snapshot of Open API which REST Worker currently provides. There is also an integration test [OpenApiCompatibilityTest](../kotlin/net/corda/processors/rest/OpenApiCompatibilityTest.kt) diff --git a/processors/rest-processor/src/integrationTest/resources/swaggerBaseline-v1.json b/processors/rest-processor/src/integrationTest/resources/swaggerBaseline-v1.json deleted file mode 100644 index 20df41e72df..00000000000 --- a/processors/rest-processor/src/integrationTest/resources/swaggerBaseline-v1.json +++ /dev/null @@ -1,5483 +0,0 @@ -{ - "openapi" : "3.0.1", - "info" : { - "title" : "Corda REST API", - "description" : "All the endpoints for publicly visible Open API calls", - "version" : "v1" - }, - "servers" : [ { - "url" : "/api/v1" - } ], - "security" : [ { - "basicAuth" : [ ] - } ], - "tags" : [ { - "name" : "CPI", - "description" : "The CPI API consists of a number of endpoints used to manage Corda Package Installer (CPI) files in the Corda cluster." - }, { - "name" : "Certificates", - "description" : "The Certificates API consists of endpoints used to work with certificates and related operations. The API allows you to import a certificate chain, and generate a certificate signing request (CSR) to be submitted to a certificate authority (CA)." - }, { - "name" : "Configuration", - "description" : "The Configuration API consists of a number of endpoints used to manage the configuration of Corda clusters." - }, { - "name" : "Flow Info", - "description" : "The Flow Info API consists of a number of endpoints used to find out which flows can be invoked using the Flow Management API for a given identity." - }, { - "name" : "Flow Management", - "description" : "The Flow Management API consists of a number of endpoints used to interact with flows." - }, { - "name" : "HSM", - "description" : "The HSM API consists of endpoints used to work with Hardware Security Modules (HSM) for securely storing keys." - }, { - "name" : "Hello Rest", - "description" : "The Hello Rest API is used to test interactions via the Rest API. It verifies that a call to Rest can be made, and that the identity of the user making the call can be recognized. RBAC permissions are checked and the call is successfully processed by the HTTP-Rest worker." - }, { - "name" : "Keys Management", - "description" : "The Keys Management API consists of endpoints used to manage public and private key pairs. The API allows you to list scheme codes which are supported by the associated HSM integration, retrieve information about key pairs owned by a tenant, generate a key pair for a tenant, and retrieve a tenant's public key in PEM format." - }, { - "name" : "MGM", - "description" : "The MGM API consists of a number of endpoints used to manage membership groups. A membership group is a logical grouping of a number of Corda Identities to communicate and transact with one another with a specific set of CorDapps. The API allows you to generate the group policy for a membership group, required for new members to join the group." - }, { - "name" : "MGM Admin", - "description" : "The MGM Admin API consists of endpoints used to carry out administrative tasks on membership groups. A membership group is a logical grouping of a number of Corda Identities to communicate and transact with one another with a specific set of CorDapps. The API allows the MGM to perform actions such as force decline registration requests which may be displaying unexpected behaviour. This API should only be used by the MGM under exceptional circumstances." - }, { - "name" : "Member Lookup", - "description" : "The Member Lookup API consists of endpoints used to look up information related to membership groups." - }, { - "name" : "Member Registration", - "description" : "The Member Registration API consists of a number of endpoints which manage holding identities' participation in membership groups. To participate in a membership group, the holding identity is required to make a registration request that needs to be approved by the MGM for that group. This API allows you to start the registration process for a holding identity, and check the status of a previously created registration request." - }, { - "name" : "Network", - "description" : "The Network API consists of endpoints which manage the setup of holding identities in P2P networks." - }, { - "name" : "RBAC Permission", - "description" : "The RBAC Permission API consists of a number of endpoints enabling permissions management in the RBAC (role-based access control) permission system. You can get details of specified permissions and create new permissions." - }, { - "name" : "RBAC Role", - "description" : "The RBAC Role API consists of a number of endpoints enabling role management in the RBAC (role-based access control) permission system. You can get all roles in the system, create new roles and add and delete permissions from roles." - }, { - "name" : "RBAC User", - "description" : "The RBAC User API consists of a number of endpoints enabling user management in the RBAC (role-based access control) permission system. You can get details of specified users, create new users, assign roles to users and remove roles from users." - }, { - "name" : "Virtual Node", - "description" : "The Virtual Nodes API consists of a number of endpoints to manage virtual nodes." - }, { - "name" : "Virtual Node Maintenance", - "description" : "The Virtual Node Maintenance API consists of a series of endpoints used for virtual node management.Warning: Using these endpoints could be highly disruptive, so great care should be taken when using them." - } ], - "paths" : { - "/certificates/cluster/{usage}" : { - "get" : { - "tags" : [ "Certificates" ], - "description" : "This method gets the certificate chain aliases for a cluster.", - "operationId" : "get_certificates_cluster__usage_", - "parameters" : [ { - "name" : "usage", - "in" : "path", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The cluster level certificates aliases in the usage.", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "put" : { - "tags" : [ "Certificates" ], - "description" : "This method imports a certificate chain for a cluster.", - "operationId" : "put_certificates_cluster__usage_", - "parameters" : [ { - "name" : "usage", - "in" : "path", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "multipart/form-data" : { - "schema" : { - "type" : "object", - "properties" : { - "alias" : { - "type" : "string", - "description" : "The unique alias under which the certificate chain will be stored", - "nullable" : false, - "example" : "string" - }, - "certificate" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "description" : "A content of the file to upload.", - "format" : "binary", - "example" : "No example available for this type" - } - } - } - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/certificates/cluster/{usage}/{alias}" : { - "get" : { - "tags" : [ "Certificates" ], - "description" : "This method gets the certificate chain in PEM format for a cluster.", - "operationId" : "get_certificates_cluster__usage___alias_", - "parameters" : [ { - "name" : "usage", - "in" : "path", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "alias", - "in" : "path", - "description" : "The certificate chain unique alias.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate chain unique alias.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The certificate in PEM format.", - "content" : { - "application/json" : { - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/certificates/getprotocolversion" : { - "get" : { - "tags" : [ "Certificates" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_certificates_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/certificates/vnode/{holdingidentityid}/{usage}" : { - "get" : { - "tags" : [ "Certificates" ], - "description" : "This method gets the certificate chain aliases for a virtual node.", - "operationId" : "get_certificates_vnode__holdingidentityid___usage_", - "parameters" : [ { - "name" : "usage", - "in" : "path", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "holdingidentityid", - "in" : "path", - "description" : "Holding identity ID of the virtual node that owns the certificate.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Holding identity ID of the virtual node that owns the certificate.", - "nullable" : true, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The virtual node certificates aliases in the usage.", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "put" : { - "tags" : [ "Certificates" ], - "description" : "This method imports a certificate chain for a virtual node.", - "operationId" : "put_certificates_vnode__holdingidentityid___usage_", - "parameters" : [ { - "name" : "usage", - "in" : "path", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "holdingidentityid", - "in" : "path", - "description" : "The certificate holding identity ID", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate holding identity ID", - "nullable" : true, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "multipart/form-data" : { - "schema" : { - "type" : "object", - "properties" : { - "alias" : { - "type" : "string", - "description" : "The unique alias under which the certificate chain will be stored", - "nullable" : false, - "example" : "string" - }, - "certificate" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "description" : "A content of the file to upload.", - "format" : "binary", - "example" : "No example available for this type" - } - } - } - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/certificates/vnode/{holdingidentityid}/{usage}/{alias}" : { - "get" : { - "tags" : [ "Certificates" ], - "description" : "This method gets the certificate chain in PEM format for a virtual node.", - "operationId" : "get_certificates_vnode__holdingidentityid___usage___alias_", - "parameters" : [ { - "name" : "usage", - "in" : "path", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate usage. Can be either 'p2p-tls' for a TLS certificate to be used in P2P communication, 'p2p-session' for a session certificate to be used in P2P communication, 'rest-tls' for a TLS certificate to be used in REST communication, or 'code-signer' for a certificate of the code signing service.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "holdingidentityid", - "in" : "path", - "description" : "The certificate holding identity ID", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate holding identity ID", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "alias", - "in" : "path", - "description" : "The certificate chain unique alias.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate chain unique alias.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The certificate in PEM format.", - "content" : { - "application/json" : { - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/certificates/{tenantid}/{keyid}" : { - "post" : { - "tags" : [ "Certificates" ], - "description" : "This method enables you to generate a certificate signing request (CSR) for a tenant.", - "operationId" : "post_certificates__tenantid___keyid_", - "parameters" : [ { - "name" : "tenantid", - "in" : "path", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "keyid", - "in" : "path", - "description" : "Identifier of the public key that will be included in the certificate", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Identifier of the public key that will be included in the certificate", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/GenerateCsrWrapperRequest" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "The CSR in PEM format.", - "content" : { - "application/json" : { - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/config" : { - "put" : { - "tags" : [ "Configuration" ], - "description" : "This method updates a section of the cluster configuration.", - "operationId" : "put_config", - "parameters" : [ ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/UpdateConfigParameters" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "\n The updated cluster configuration for the specified section:\n - `section`: the section of the configuration to be updated.\n - `config`: the updated configuration in JSON or HOCON format.\n - `schemaVersion`: the schema version of the configuration.\n - `version`: the version number used for optimistic locking. The request fails if this version does not \n match the version stored in the database for the corresponding section or -1 if this is a new section \n for which no configuration has yet been stored.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/UpdateConfigResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/config/getprotocolversion" : { - "get" : { - "tags" : [ "Configuration" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_config_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/config/{section}" : { - "get" : { - "tags" : [ "Configuration" ], - "description" : "This method returns the 'active' configuration for the given section, in both the 'raw' format and with defaults applied.", - "operationId" : "get_config__section_", - "parameters" : [ { - "name" : "section", - "in" : "path", - "description" : "Section name for the configuration.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Section name for the configuration.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The configuration for the given section", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/GetConfigResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/cpi" : { - "get" : { - "tags" : [ "CPI" ], - "description" : "The GET method returns a list of all CPIs uploaded to the cluster.", - "operationId" : "get_cpi", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "Details of all of the CPIs uploaded to the cluster.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/GetCPIsResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "CPI" ], - "description" : "This method uses the POST method to upload a Corda Package Installer (CPI) file to the Corda cluster.", - "operationId" : "post_cpi", - "parameters" : [ ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "multipart/form-data" : { - "schema" : { - "type" : "object", - "properties" : { - "upload" : { - "type" : "string", - "description" : "The CPI file to be uploaded.", - "format" : "binary", - "nullable" : false, - "example" : "No example available for this type" - } - } - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "The ID for the CPI upload request", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/CpiUploadResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/cpi/getprotocolversion" : { - "get" : { - "tags" : [ "CPI" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_cpi_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/cpi/status/{id}" : { - "get" : { - "tags" : [ "CPI" ], - "description" : "The status endpoint uses the GET method to return status information for the CPI upload with the given request ID.", - "operationId" : "get_cpi_status__id_", - "parameters" : [ { - "name" : "id", - "in" : "path", - "description" : "The ID returned from the CPI upload request.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The ID returned from the CPI upload request.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Success", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/CpiUploadStatus" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/flow/getprotocolversion" : { - "get" : { - "tags" : [ "Flow Management" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_flow_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/flow/{holdingidentityshorthash}" : { - "get" : { - "tags" : [ "Flow Management" ], - "description" : "This method returns an array containing the statuses of all flows running for a specified holding identity. An empty array is returned if there are no flows running.", - "operationId" : "get_flow__holdingidentityshorthash_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The short hash of the holding identity; obtained during node registration", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The short hash of the holding identity; obtained during node registration", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n A collection of statuses for the flow instances, including:\n \n holdingIdentityShortHash: The short form hash of the Holding Identity\n clientRequestId: The unique ID supplied by the client when the flow was created.\n flowId: The internal unique ID for the flow.\n flowStatus: The current state of the executing flow.\n flowResult: The result returned from a completed flow, only set when the flow status is 'COMPLETED' otherwise null\n flowError: The details of the error that caused a flow to fail, only set when the flow status is 'FAILED' otherwise null\n timestamp: The timestamp of when the status was last updated (in UTC)\n ", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/FlowStatusResponses" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "Flow Management" ], - "description" : "This method starts a new instance for the specified flow for the specified holding identity.", - "operationId" : "post_flow__holdingidentityshorthash_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The short hash of the holding identity; obtained during node registration", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The short hash of the holding identity; obtained during node registration", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/StartFlowParameters" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "\n The initial status of the flow instance; if the flow already exists, then the status of the existing flow will be returned.\n \n holdingIdentityShortHash: The short form hash of the holding identity\n clientRequestId: The unique ID supplied by the client when the flow was created.\n flowId: The internal unique ID for the flow.\n flowStatus: The current state of the executing flow.\n flowResult: The result returned from a completed flow, only set when the flow status is 'COMPLETED' otherwise null\n flowError: The details of the error that caused a flow to fail, only set when the flow status is 'FAILED' otherwise null\n timestamp: The timestamp of when the status was last updated (in UTC)\n ", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/FlowStatusResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/flow/{holdingidentityshorthash}/{clientrequestid}" : { - "get" : { - "tags" : [ "Flow Management" ], - "description" : "This method gets the current status of the specified flow instance.", - "operationId" : "get_flow__holdingidentityshorthash___clientrequestid_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The short hash of the holding identity; obtained during node registration", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The short hash of the holding identity; obtained during node registration", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "clientrequestid", - "in" : "path", - "description" : "Client provided flow identifier", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Client provided flow identifier", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n The status of the flow instance, including:\n \n holdingIdentityShortHash: The short form hash of the Holding Identity\n clientRequestId: The unique ID supplied by the client when the flow was created.\n flowId: The internal unique ID for the flow.\n flowStatus: The current state of the executing flow.\n flowResult: The result returned from a completed flow, only set when the flow status is 'COMPLETED' otherwise null\n flowError: The details of the error that caused a flow to fail, only set when the flow status is 'FAILED' otherwise null\n timestamp: The timestamp of when the status was last updated (in UTC)\n ", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/FlowStatusResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/flow/{holdingidentityshorthash}/{clientrequestid}/result" : { - "get" : { - "tags" : [ "Flow Management" ], - "description" : "This method gets the result of the specified flow instance execution.", - "operationId" : "get_flow__holdingidentityshorthash___clientrequestid__result", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The short hash of the holding identity; obtained during node registration", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The short hash of the holding identity; obtained during node registration", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "clientrequestid", - "in" : "path", - "description" : "Client provided flow identifier", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Client provided flow identifier", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n The result of the flow instance, including:\n \n holdingIdentityShortHash: The short form hash of the Holding Identity\n clientRequestId: The unique ID supplied by the client when the flow was created.\n flowId: The internal unique ID for the flow.\n flowStatus: The current state of the executing flow.\n json: The result returned from a completed flow, only set when the flow status is 'COMPLETED' otherwise null.\n flowError: The details of the error that caused a flow to fail, only set when the flow status is 'FAILED' otherwise null.\n timestamp: The timestamp of when the status was last updated (in UTC)\n ", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/FlowResultResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/flowclass/getprotocolversion" : { - "get" : { - "tags" : [ "Flow Info" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_flowclass_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/flowclass/{holdingidentityshorthash}" : { - "get" : { - "tags" : [ "Flow Info" ], - "description" : "This method gets all flows that can be used by the specified holding identity.", - "operationId" : "get_flowclass__holdingidentityshorthash_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The short hash of the holding identity; this is obtained during node registration", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The short hash of the holding identity; this is obtained during node registration", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The class names of all flows that can be run", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/StartableFlowsResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/hello" : { - "post" : { - "tags" : [ "Hello Rest" ], - "description" : "This method produces a greeting phrase for the addressee.", - "operationId" : "post_hello", - "parameters" : [ { - "name" : "addressee", - "in" : "query", - "description" : "An arbitrary name can be used for the greeting.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "An arbitrary name can be used for the greeting.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "A greeting phrase for the addressee", - "content" : { - "application/json" : { - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/hello/getprotocolversion" : { - "get" : { - "tags" : [ "Hello Rest" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_hello_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/hsm/getprotocolversion" : { - "get" : { - "tags" : [ "HSM" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_hsm_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/hsm/soft/{tenantid}/{category}" : { - "post" : { - "tags" : [ "HSM" ], - "description" : "This method enables you to assign a soft HSM to the tenant for the specified category.", - "operationId" : "post_hsm_soft__tenantid___category_", - "parameters" : [ { - "name" : "tenantid", - "in" : "path", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "category", - "in" : "path", - "description" : "The category of the HSM; can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', or 'JWT_KEY'", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The category of the HSM; can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', or 'JWT_KEY'", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n The HSM association details including:\n id: the unique identifier of the HSM association\n hsmId: the HSM identifier included into the association\n category: the category of the HSM; can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', \n 'TLS', or 'JWT_KEY'\n masterKeyAlias: optional master key alias to be used on HSM\n deprecatedAt: time when the association was deprecated, epoch time in seconds; \n value of 0 means the association is active", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/HsmAssociationInfo" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/hsm/{tenantid}/{category}" : { - "get" : { - "tags" : [ "HSM" ], - "description" : "This method retrieves information on the HSM of the specified category assigned to the tenant.", - "operationId" : "get_hsm__tenantid___category_", - "parameters" : [ { - "name" : "tenantid", - "in" : "path", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "category", - "in" : "path", - "description" : "The category of the HSM; can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', or 'JWT_KEY'", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The category of the HSM; can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', or 'JWT_KEY'", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n The HSM association details including:\n id: the unique identifier of the HSM association\n hsmId: the HSM identifier included into the association\n category: the category of the HSM; can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', \n 'TLS', or 'JWT_KEY'\n masterKeyAlias: optional master key alias to be used on HSM\n deprecatedAt: time when the association was deprecated, epoch time in seconds; \n value of 0 means the association is active", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/HsmAssociationInfo" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/keys/getprotocolversion" : { - "get" : { - "tags" : [ "Keys Management" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_keys_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/keys/{tenantid}" : { - "get" : { - "tags" : [ "Keys Management" ], - "description" : "This method retrieves information about a list of key pairs belonging to a tenant.", - "operationId" : "get_keys__tenantid_", - "parameters" : [ { - "name" : "tenantid", - "in" : "path", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "skip", - "in" : "query", - "description" : "The response paging information, number of records to skip", - "required" : false, - "schema" : { - "type" : "integer", - "description" : "The response paging information, number of records to skip", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - }, { - "name" : "take", - "in" : "query", - "description" : "The response paging information, that is, the number of records to return. The actual number returned may be less than requested.", - "required" : false, - "schema" : { - "type" : "integer", - "description" : "The response paging information, that is, the number of records to return. The actual number returned may be less than requested.", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - }, { - "name" : "orderby", - "in" : "query", - "description" : "Specifies how to order the results. Can be one of 'NONE', 'TIMESTAMP', 'CATEGORY', 'SCHEME_CODE_NAME', 'ALIAS', 'MASTER_KEY_ALIAS', 'EXTERNAL_ID', 'ID', 'TIMESTAMP_DESC', 'CATEGORY_DESC', 'SCHEME_CODE_NAME_DESC', 'ALIAS_DESC', 'MASTER_KEY_ALIAS_DESC', 'EXTERNAL_ID_DESC', 'ID_DESC'.", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Specifies how to order the results. Can be one of 'NONE', 'TIMESTAMP', 'CATEGORY', 'SCHEME_CODE_NAME', 'ALIAS', 'MASTER_KEY_ALIAS', 'EXTERNAL_ID', 'ID', 'TIMESTAMP_DESC', 'CATEGORY_DESC', 'SCHEME_CODE_NAME_DESC', 'ALIAS_DESC', 'MASTER_KEY_ALIAS_DESC', 'EXTERNAL_ID_DESC', 'ID_DESC'.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "category", - "in" : "query", - "description" : "Category of the HSM which handles the key pairs. Can be one of 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', 'JWT_KEY'.", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Category of the HSM which handles the key pairs. Can be one of 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', 'JWT_KEY'.", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "schemecodename", - "in" : "query", - "description" : "The key pairs' signature scheme name. For example, 'CORDA.RSA', 'CORDA.ECDSA.SECP256K1', 'CORDA.ECDSA.SECP256R1', 'CORDA.EDDSA.ED25519', 'CORDA.SPHINCS-256'.", - "required" : false, - "schema" : { - "type" : "string", - "description" : "The key pairs' signature scheme name. For example, 'CORDA.RSA', 'CORDA.ECDSA.SECP256K1', 'CORDA.ECDSA.SECP256R1', 'CORDA.EDDSA.ED25519', 'CORDA.SPHINCS-256'.", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "alias", - "in" : "query", - "description" : "The alias under which the key pair is stored", - "required" : false, - "schema" : { - "type" : "string", - "description" : "The alias under which the key pair is stored", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "masterkeyalias", - "in" : "query", - "description" : "The alias of the wrapping key", - "required" : false, - "schema" : { - "type" : "string", - "description" : "The alias of the wrapping key", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "createdafter", - "in" : "query", - "description" : "Only include key pairs which were created on or after the specified time. Must be a valid instant in UTC, such as 2022-12-03T10:15:30.00Z.", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Only include key pairs which were created on or after the specified time. Must be a valid instant in UTC, such as 2022-12-03T10:15:30.00Z.", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "createdbefore", - "in" : "query", - "description" : "Only include key pairs which were created on or before the specified time. Must be a valid instant in UTC, such as 2022-12-03T10:15:30.00Z.", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Only include key pairs which were created on or before the specified time. Must be a valid instant in UTC, such as 2022-12-03T10:15:30.00Z.", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "id", - "in" : "query", - "description" : "Only include key pairs associated with the specified list of key IDs. If specified, other filter parameters will be ignored.", - "required" : false, - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : true, - "items" : { - "type" : "string", - "example" : "string" - } - } - } ], - "responses" : { - "200" : { - "description" : "A map of key IDs to the respective key pair information", - "content" : { - "application/json" : { - "schema" : { - "type" : "object", - "additionalProperties" : { - "$ref" : "#/components/schemas/KeyMetaData" - }, - "nullable" : false, - "example" : "No example available for this type" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/keys/{tenantid}/alias/{alias}/category/{hsmcategory}/scheme/{scheme}" : { - "post" : { - "tags" : [ "Keys Management" ], - "description" : "This method generates a new key pair for a tenant.", - "operationId" : "post_keys__tenantid__alias__alias__category__hsmcategory__scheme__scheme_", - "parameters" : [ { - "name" : "tenantid", - "in" : "path", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "alias", - "in" : "path", - "description" : "The alias under which the new key pair will be stored", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The alias under which the new key pair will be stored", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "hsmcategory", - "in" : "path", - "description" : "Category of the HSM which handles the key pairs. Can be one of 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', 'JWT_KEY'.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Category of the HSM which handles the key pairs. Can be one of 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', 'JWT_KEY'.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "scheme", - "in" : "path", - "description" : "The key's scheme describing which type of the key pair to generate. For example, 'CORDA.RSA', 'CORDA.ECDSA.SECP256K1', 'CORDA.ECDSA.SECP256R1', 'CORDA.EDDSA.ED25519', 'CORDA.SPHINCS-256'.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The key's scheme describing which type of the key pair to generate. For example, 'CORDA.RSA', 'CORDA.ECDSA.SECP256K1', 'CORDA.ECDSA.SECP256R1', 'CORDA.EDDSA.ED25519', 'CORDA.SPHINCS-256'.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The ID of the newly generated key pair", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/KeyPairIdentifier" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/keys/{tenantid}/schemes/{hsmcategory}" : { - "get" : { - "tags" : [ "Keys Management" ], - "description" : "This method retrieves a list of supported key schemes for a specified tenant and HSM category.", - "operationId" : "get_keys__tenantid__schemes__hsmcategory_", - "parameters" : [ { - "name" : "tenantid", - "in" : "path", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "hsmcategory", - "in" : "path", - "description" : "The category of the HSM. Can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', or 'JWT_KEY'", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The category of the HSM. Can be the value 'ACCOUNTS', 'CI', 'LEDGER', 'NOTARY', 'SESSION_INIT', 'TLS', or 'JWT_KEY'", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The list of scheme codes which are supported by the associated HSM integration", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/keys/{tenantid}/{keyid}" : { - "get" : { - "tags" : [ "Keys Management" ], - "description" : "This method retrieves a tenant's public key in PEM format.", - "operationId" : "get_keys__tenantid___keyid_", - "parameters" : [ { - "name" : "tenantid", - "in" : "path", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Can either be a holding identity ID or the value 'p2p' for a cluster-level tenant of the P2P services", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "keyid", - "in" : "path", - "description" : "Identifier of the public key to be retrieved", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Identifier of the public key to be retrieved", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The public key in PEM format", - "content" : { - "application/json" : { - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/maintenance/virtualnode/forcecpiupload" : { - "post" : { - "tags" : [ "Virtual Node Maintenance" ], - "description" : "Even if CPI with the same metadata has already been uploaded, this endpoint will overwrite the previously stored CPI record. This operation also purges any sandboxes running an overwritten version of a CPI. This action can take some time to process, therefore it is performed asynchronously.", - "operationId" : "post_maintenance_virtualnode_forcecpiupload", - "parameters" : [ ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "multipart/form-data" : { - "schema" : { - "type" : "object", - "properties" : { - "upload" : { - "type" : "string", - "description" : "A content of the file to upload.", - "format" : "binary", - "nullable" : false, - "example" : "No example available for this type" - } - } - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "The response ID which can be used to track the progress of the force CPI upload operation.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/CpiUploadResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/maintenance/virtualnode/getprotocolversion" : { - "get" : { - "tags" : [ "Virtual Node Maintenance" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_maintenance_virtualnode_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/maintenance/virtualnode/{virtualnodeshortid}/vault-schema/force-resync" : { - "post" : { - "tags" : [ "Virtual Node Maintenance" ], - "description" : "Rollback the virtual node database for the given virtual node short ID. Then apply current CPI migrations. This operation is destructive and will result in user vault data being deleted, but will not have any effect on system tables.", - "operationId" : "post_maintenance_virtualnode__virtualnodeshortid__vault_schema_force_resync", - "parameters" : [ { - "name" : "virtualnodeshortid", - "in" : "path", - "description" : "Short ID of the virtual node instance to rollback", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Short ID of the virtual node instance to rollback", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "A list of the shortIDs or the exception encountered" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/members/getprotocolversion" : { - "get" : { - "tags" : [ "Member Lookup" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_members_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/members/{holdingidentityshorthash}" : { - "get" : { - "tags" : [ "Member Lookup" ], - "description" : "This method retrieves a list of all active and pending members in the membership group.", - "operationId" : "get_members__holdingidentityshorthash_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "Holding identity ID of the requesting member. The result only contains members that are visible to this member", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Holding identity ID of the requesting member. The result only contains members that are visible to this member", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "cn", - "in" : "query", - "description" : "Common Name (CN) attribute of the X.500 name to filter members by", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Common Name (CN) attribute of the X.500 name to filter members by", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "o", - "in" : "query", - "description" : "Organization (O) attribute of the X.500 name to filter members by", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Organization (O) attribute of the X.500 name to filter members by", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "ou", - "in" : "query", - "description" : "Organization Unit (OU) attribute of the X.500 name to filter members by", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Organization Unit (OU) attribute of the X.500 name to filter members by", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "l", - "in" : "query", - "description" : "Locality (L) attribute of the X.500 name to filter members by", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Locality (L) attribute of the X.500 name to filter members by", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "st", - "in" : "query", - "description" : "State (ST) attribute of the X.500 name to filter members by", - "required" : false, - "schema" : { - "type" : "string", - "description" : "State (ST) attribute of the X.500 name to filter members by", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "c", - "in" : "query", - "description" : "Country (C) attribute of the X.500 name to filter members by", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Country (C) attribute of the X.500 name to filter members by", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "statuses", - "in" : "query", - "description" : "List of statuses (\"ACTIVE\", \"SUSPENDED\") to filter members by. By default, only ACTIVE members are filtered. Only an MGM can view suspended members. The v5_1 version of the API allows members to view themselves regardless of their status (e.g. even if they are suspended).", - "required" : false, - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - } - } ], - "responses" : { - "200" : { - "description" : "Success", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/RestMemberInfoList" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/members/{holdingidentityshorthash}/group-parameters" : { - "get" : { - "tags" : [ "Member Lookup" ], - "description" : "This method retrieves the group parameters of the membership group.", - "operationId" : "get_members__holdingidentityshorthash__group_parameters", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "Holding identity ID of the requesting member. The result contains group parameters visible to this member.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Holding identity ID of the requesting member. The result contains group parameters visible to this member.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The group parameters of the membership group as a map", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/RestGroupParameters" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/membership/getprotocolversion" : { - "get" : { - "tags" : [ "Member Registration" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_membership_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/membership/{holdingidentityshorthash}" : { - "get" : { - "tags" : [ "Member Registration" ], - "description" : "This method checks the statuses of all registration requests for a specified holding identity.", - "operationId" : "get_membership__holdingidentityshorthash_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The ID of the holding identity whose view of the registration progress is to be checked.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The ID of the holding identity whose view of the registration progress is to be checked.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n The registration status information, including:\n registrationId: the registration request ID\n registrationSent: the date and the when the registration progress started; \n value of null indicated that registration has not started yet\n registrationUpdated: the date and the when the registration has been last updated \n registrationStatus: the status of the registration request;\n possible values are \"NEW\", \"SENT_TO_MGM\", \"RECEIVED_BY_MGM\", \"PENDING_MEMBER_VERIFICATION\", \"PENDING_MANUAL_APPROVAL\",\n \"PENDING_AUTO_APPROVAL\", \"DECLINED\", \"INVALID\", \"FAILED\" or \"APPROVED\"\n memberInfoSubmitted: the properties submitted to MGM during the registration \n ", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/RestRegistrationRequestStatus" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "Member Registration" ], - "description" : "This method starts the registration process for a holding identity.", - "operationId" : "post_membership__holdingidentityshorthash_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the requesting virtual node", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the requesting virtual node", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/MemberRegistrationRequest" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "\n The registration progress information, including:\n registrationId: the registration request ID\n registrationSent: the date and the when the registration progress started; \n value of null indicated that registration has not started yet\n registrationStatus: the status of the registration request; \n possible values are \"SUBMITTED and \"NOT_SUBMITTED\"\n memberInfoSubmitted: the properties submitted to MGM during the registration \n ", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/RegistrationRequestProgress" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/membership/{holdingidentityshorthash}/{registrationrequestid}" : { - "get" : { - "tags" : [ "Member Registration" ], - "description" : "This method checks the status of the specified registration request for a holding identity.", - "operationId" : "get_membership__holdingidentityshorthash___registrationrequestid_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The ID of the holding identity whose view of the registration progress is to be checked.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The ID of the holding identity whose view of the registration progress is to be checked.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "registrationrequestid", - "in" : "path", - "description" : "The ID of the registration request", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The ID of the registration request", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n The registration status information, including:\n registrationId: the registration request ID\n registrationSent: the date and the when the registration progress started; \n value of null indicated that registration has not started yet\n registrationUpdated: the date and the when the registration has been last updated \n registrationStatus: the status of the registration request;\n possible values are \"NEW\", \"SENT_TO_MGM\", \"RECEIVED_BY_MGM\", \"PENDING_MEMBER_VERIFICATION\", \"PENDING_MANUAL_APPROVAL\",\n \"PENDING_AUTO_APPROVAL\", \"DECLINED\", \"INVALID\", \"FAILED\" or \"APPROVED\"\n memberInfoSubmitted: the properties submitted to MGM during the registration \n ", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/RestRegistrationRequestStatus" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/getprotocolversion" : { - "get" : { - "tags" : [ "MGM" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_mgm_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/activate" : { - "post" : { - "tags" : [ "MGM" ], - "description" : "This endpoint enables you to activate a previously suspended member. The v1 version of this endpoint is deprecated in favour of later versions. Later versions mandate that the serial number is specified in the request body.", - "operationId" : "post_mgm__holdingidentityshorthash__activate", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM of the membership group", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM of the membership group", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/SuspensionActivationParameters" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/approval/rules" : { - "get" : { - "tags" : [ "MGM" ], - "description" : "This API retrieves the set of rules the group is currently configured with", - "operationId" : "get_mgm__holdingidentityshorthash__approval_rules", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM of the membership group", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM of the membership group", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Collection of group approval rules", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/ApprovalRuleInfo" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "MGM" ], - "description" : "This API adds a rule to the set of group approval rules.", - "operationId" : "post_mgm__holdingidentityshorthash__approval_rules", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM of the membership group", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM of the membership group", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/ApprovalRuleRequestParams" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "Details of the newly persisted approval rule", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/ApprovalRuleInfo" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/approval/rules/preauth" : { - "get" : { - "tags" : [ "MGM" ], - "description" : "This API retrieves the set of rules the group is currently configured with for registration request with a pre-auth token.", - "operationId" : "get_mgm__holdingidentityshorthash__approval_rules_preauth", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "A collection of group approval rules.", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/ApprovalRuleInfo" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "MGM" ], - "description" : "This API adds a rule to the set of group approval rules for registrations including a pre-auth token.", - "operationId" : "post_mgm__holdingidentityshorthash__approval_rules_preauth", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM.", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/ApprovalRuleRequestParams" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "Details of the newly persisted approval rule.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/ApprovalRuleInfo" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/approval/rules/preauth/{ruleid}" : { - "delete" : { - "tags" : [ "MGM" ], - "description" : "This API deletes a group approval rule for registrations including a pre-auth token.", - "operationId" : "delete_mgm__holdingidentityshorthash__approval_rules_preauth__ruleid_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "ruleid", - "in" : "path", - "description" : "The ID of the group approval rule to be deleted.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The ID of the group approval rule to be deleted.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/approval/rules/{ruleid}" : { - "delete" : { - "tags" : [ "MGM" ], - "description" : "This API deletes a previously added group approval rule.", - "operationId" : "delete_mgm__holdingidentityshorthash__approval_rules__ruleid_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM of the membership group", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM of the membership group", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "ruleid", - "in" : "path", - "description" : "The ID of the group approval rule to be deleted", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The ID of the group approval rule to be deleted", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/approve/{requestid}" : { - "post" : { - "tags" : [ "MGM" ], - "description" : "", - "operationId" : "post_mgm__holdingidentityshorthash__approve__requestid_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM of the membership group", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM of the membership group", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "requestid", - "in" : "path", - "description" : "ID of the registration request", - "required" : true, - "schema" : { - "type" : "string", - "description" : "ID of the registration request", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/decline/{requestid}" : { - "post" : { - "tags" : [ "MGM" ], - "description" : "", - "operationId" : "post_mgm__holdingidentityshorthash__decline__requestid_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM of the membership group", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM of the membership group", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "requestid", - "in" : "path", - "description" : "ID of the registration request", - "required" : true, - "schema" : { - "type" : "string", - "description" : "ID of the registration request", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "required" : [ "reason" ], - "type" : "object", - "properties" : { - "reason" : { - "type" : "string", - "description" : "Reason for declining the specified registration request", - "nullable" : false, - "example" : "string" - } - } - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/info" : { - "get" : { - "tags" : [ "MGM" ], - "description" : "This API retrieves the group policy from the MGM required to join the membership group.", - "operationId" : "get_mgm__holdingidentityshorthash__info", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM of the membership group to be joined", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM of the membership group to be joined", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "The group policy from the MGM required to join the membership group as a string in JSON format", - "content" : { - "application/json" : { - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/mutual-tls/allowed-client-certificate-subjects" : { - "get" : { - "tags" : [ "MGM" ], - "description" : "This API list the allowed client certificates subjects to be used in mutual TLS connections.", - "operationId" : "get_mgm__holdingidentityshorthash__mutual_tls_allowed_client_certificate_subjects", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "List of the allowed client certificate subjects", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/mutual-tls/allowed-client-certificate-subjects/{subject}" : { - "put" : { - "tags" : [ "MGM" ], - "description" : "This API allows a client certificate with a given subject to be used in mutual TLS connections.", - "operationId" : "put_mgm__holdingidentityshorthash__mutual_tls_allowed_client_certificate_subjects__subject_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "subject", - "in" : "path", - "description" : "The certificate subject.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate subject.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "delete" : { - "tags" : [ "MGM" ], - "description" : "This API disallows a client certificate with a given subject to be used in mutual TLS connections.", - "operationId" : "delete_mgm__holdingidentityshorthash__mutual_tls_allowed_client_certificate_subjects__subject_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "subject", - "in" : "path", - "description" : "The certificate subject.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The certificate subject.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/preauthtoken" : { - "get" : { - "tags" : [ "MGM" ], - "description" : "", - "operationId" : "get_mgm__holdingidentityshorthash__preauthtoken", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "", - "required" : true, - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "ownerx500name", - "in" : "query", - "description" : "", - "required" : false, - "schema" : { - "type" : "string", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "preauthtokenid", - "in" : "query", - "description" : "", - "required" : false, - "schema" : { - "type" : "string", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "viewinactive", - "in" : "query", - "description" : "", - "required" : false, - "schema" : { - "type" : "boolean", - "nullable" : false, - "example" : true - } - } ], - "responses" : { - "200" : { - "description" : "Success", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/PreAuthToken" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "MGM" ], - "description" : "", - "operationId" : "post_mgm__holdingidentityshorthash__preauthtoken", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "", - "required" : true, - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/PreAuthTokenRequest" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "Success", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/PreAuthToken" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/preauthtoken/revoke/{preauthtokenid}" : { - "put" : { - "tags" : [ "MGM" ], - "description" : "", - "operationId" : "put_mgm__holdingidentityshorthash__preauthtoken_revoke__preauthtokenid_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "", - "required" : true, - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "preauthtokenid", - "in" : "path", - "description" : "", - "required" : true, - "schema" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "type" : "object", - "properties" : { - "remarks" : { - "type" : "string", - "nullable" : true, - "example" : "string" - } - } - } - } - }, - "required" : false - }, - "responses" : { - "200" : { - "description" : "Success", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/PreAuthToken" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/registrations" : { - "get" : { - "tags" : [ "MGM" ], - "description" : "", - "operationId" : "get_mgm__holdingidentityshorthash__registrations", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM of the membership group", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM of the membership group", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "requestsubjectx500name", - "in" : "query", - "description" : "X.500 name of the requesting member", - "required" : false, - "schema" : { - "type" : "string", - "description" : "X.500 name of the requesting member", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "viewhistoric", - "in" : "query", - "description" : "Include completed (historic) requests if set to 'true'", - "required" : false, - "schema" : { - "type" : "boolean", - "description" : "Include completed (historic) requests if set to 'true'", - "nullable" : false, - "example" : true - } - } ], - "responses" : { - "200" : { - "description" : "Success", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/RestRegistrationRequestStatus" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgm/{holdingidentityshorthash}/suspend" : { - "post" : { - "tags" : [ "MGM" ], - "description" : "The suspend endpoint enables you to suspend a member. The v1 version of this endpoint is deprecated in favour of later versions. Later versions mandate that the serial number is specified in the request body.", - "operationId" : "post_mgm__holdingidentityshorthash__suspend", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The holding identity ID of the MGM of the membership group", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The holding identity ID of the MGM of the membership group", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/SuspensionActivationParameters" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/mgmadmin/getprotocolversion" : { - "get" : { - "tags" : [ "MGM Admin" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_mgmadmin_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/network/getprotocolversion" : { - "get" : { - "tags" : [ "Network" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_network_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/network/setup/{holdingidentityshorthash}" : { - "put" : { - "tags" : [ "Network" ], - "description" : "This method configures a holding identity as a network participant by setting properties required for P2P messaging.", - "operationId" : "put_network_setup__holdingidentityshorthash_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "ID of the holding identity to set up", - "required" : true, - "schema" : { - "type" : "string", - "description" : "ID of the holding identity to set up", - "nullable" : false, - "example" : "string" - } - } ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/HostedIdentitySetupRequest" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "Success" - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/permission" : { - "get" : { - "tags" : [ "RBAC Permission" ], - "description" : "This method returns permissions which satisfy supplied query criteria.", - "operationId" : "get_permission", - "parameters" : [ { - "name" : "limit", - "in" : "query", - "description" : "The maximum number of results to return. The value must be in the range [1..1000].", - "required" : true, - "schema" : { - "type" : "integer", - "description" : "The maximum number of results to return. The value must be in the range [1..1000].", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - }, { - "name" : "permissiontype", - "in" : "query", - "description" : "The permission type to be returned.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The permission type to be returned.", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "groupvisibility", - "in" : "query", - "description" : "Optional group visibility for a permission.", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Optional group visibility for a permission.", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "virtualnode", - "in" : "query", - "description" : "Optional virtual node the permissions apply to.", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Optional virtual node the permissions apply to.", - "nullable" : true, - "example" : "string" - } - }, { - "name" : "permissionstringprefix", - "in" : "query", - "description" : "Optional permission string prefix for permissions to be located.", - "required" : false, - "schema" : { - "type" : "string", - "description" : "Optional permission string prefix for permissions to be located.", - "nullable" : true, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Permissions which satisfy supplied query criteria", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/PermissionResponseType" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "RBAC Permission" ], - "description" : "This method creates a new permission.", - "operationId" : "post_permission", - "parameters" : [ ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/CreatePermissionType" - } - } - }, - "required" : true - }, - "responses" : { - "201" : { - "description" : "\n id: The server-side generated ID of the new permission\n permissionType: Defines whether this is an ALLOW or DENY type of permission\n permissionString: A machine-parseable string representing an individual permission; \n it can be any arbitrary string as long as the authorization code can make use of it in the context of user \n permission matching\n groupVisibility: An optional group visibility identifier of the permission\n virtualNode: An optional identifier of the virtual node to which the physical node permission applies\n version: The version number of the permission; a value of 0 is assigned to a newly-created permission\n updateTimestamp: The server-side timestamp showing when the permission was created\n ", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/PermissionResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/permission/bulk" : { - "post" : { - "tags" : [ "RBAC Permission" ], - "description" : "This method creates a set of permissions and optionally assigns them to the existing roles.", - "operationId" : "post_permission_bulk", - "parameters" : [ ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/BulkCreatePermissionsRequestType" - } - } - }, - "required" : true - }, - "responses" : { - "201" : { - "description" : "A set of identifiers for permissions created along with role identifiers they were associated with.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/BulkCreatePermissionsResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/permission/getprotocolversion" : { - "get" : { - "tags" : [ "RBAC Permission" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_permission_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/permission/{id}" : { - "get" : { - "tags" : [ "RBAC Permission" ], - "description" : "This method returns the permission associated with the specified ID.", - "operationId" : "get_permission__id_", - "parameters" : [ { - "name" : "id", - "in" : "path", - "description" : "ID of the permission to be returned.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "ID of the permission to be returned.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n id: The server-side generated ID of the new permission\n permissionType: Defines whether this is an ALLOW or DENY type of permission\n permissionString: A machine-parseable string representing an individual permission; \n it can be any arbitrary string as long as the authorization code can make use of it in the context of user \n permission matching\n groupVisibility: An optional group visibility identifier of the permission\n virtualNode: An optional identifier of the virtual node to which the physical node permission applies\n version: The version number of the permission; a value of 0 is assigned to a newly-created permission\n updateTimestamp: The server-side timestamp showing when the permission was created", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/PermissionResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/role" : { - "get" : { - "tags" : [ "RBAC Role" ], - "description" : "This method returns an array with information about all roles in the permission system.", - "operationId" : "get_role", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "\n Set of roles with each role having the following attributes: \n id: The unique identifier of the role\n version: The version number of the role\n updateTimestamp: The date and time when the role was last updated\n roleName: The name of the role\n groupVisibility: An optional group visibility of the role\n permissions: The list of permissions associated with the role\n ", - "content" : { - "application/json" : { - "schema" : { - "uniqueItems" : true, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/RoleResponseType" - } - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "RBAC Role" ], - "description" : "The method creates a new role in the RBAC permission system.", - "operationId" : "post_role", - "parameters" : [ ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/CreateRoleType" - } - } - }, - "required" : true - }, - "responses" : { - "201" : { - "description" : "\n Newly created role with attributes:\n id: The unique identifier of the role\n version: The version number of the role\n updateTimestamp: The date and time when the role was last updated\n roleName: The name of the role\n groupVisibility: An optional group visibility of the role\n permissions: The list of permissions associated with the role", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/RoleResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/role/getprotocolversion" : { - "get" : { - "tags" : [ "RBAC Role" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_role_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/role/{id}" : { - "get" : { - "tags" : [ "RBAC Role" ], - "description" : "This method gets the details of a role specified by its ID.", - "operationId" : "get_role__id_", - "parameters" : [ { - "name" : "id", - "in" : "path", - "description" : "ID of the role to be returned.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "ID of the role to be returned.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n Role with attributes:\n id: The unique identifier of the role\n version: The version number of the role\n updateTimestamp: The date and time when the role was last updated\n roleName: The name of the role\n groupVisibility: An optional group visibility of the role\n permissions: The list of permissions associated with the role", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/RoleResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/role/{roleid}/permission/{permissionid}" : { - "put" : { - "tags" : [ "RBAC Role" ], - "description" : "This method adds the specified permission to the specified role.", - "operationId" : "put_role__roleid__permission__permissionid_", - "parameters" : [ { - "name" : "roleid", - "in" : "path", - "description" : "Identifier for an existing role", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Identifier for an existing role", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "permissionid", - "in" : "path", - "description" : "Identifier for an existing permission", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Identifier for an existing permission", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n Role with attributes:\n id: The unique identifier of the role\n version: The version number of the role\n updateTimestamp: The date and time when the role was last updated\n roleName: The name of the role\n groupVisibility: An optional group visibility of the role\n permissions: The list of permissions associated with the role", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/RoleResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "delete" : { - "tags" : [ "RBAC Role" ], - "description" : "This method removes the specified permission from the specified role.", - "operationId" : "delete_role__roleid__permission__permissionid_", - "parameters" : [ { - "name" : "roleid", - "in" : "path", - "description" : "Identifier for an existing role", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Identifier for an existing role", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "permissionid", - "in" : "path", - "description" : "Identifier for an existing permission", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Identifier for an existing permission", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n Role with attributes:\n id: The unique identifier of the role\n version: The version number of the role\n updateTimestamp: The date and time when the role was last updated\n roleName: The name of the role\n groupVisibility: An optional group visibility of the role\n permissions: The list of permissions associated with the role", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/RoleResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/user" : { - "get" : { - "tags" : [ "RBAC User" ], - "description" : "This method returns a user based on the specified login name.", - "operationId" : "get_user", - "parameters" : [ { - "name" : "loginname", - "in" : "query", - "description" : "The login name of the user to be returned", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The login name of the user to be returned", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n A newly created user with the following attributes:\n id: Unique server generated identifier for the user\n version: The version of the user; version 0 is assigned to a newly created user\n updateTimestamp: The date and time when the user was last updated\n fullName: The full name for the new user\n loginName: The login name for the new user\n enabled: If true, the user account is enabled; false, the account is disabled\n ssoAuth: If true, the user account is enabled for SSO authentication; \n false, the account is enabled for password authentication\n passwordExpiry: The date and time when the password should expire, specified as an ISO-8601 string;\n value of null means that the password does not expire\n parentGroup: An optional identifier of the user group for the new user to be included;\n value of null means that the user will belong to the root group\n properties: An optional set of key/value properties associated with a user account\n roleAssociations: A set of roles associated with the user account", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/UserResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "RBAC User" ], - "description" : "This method creates a new user.", - "operationId" : "post_user", - "parameters" : [ ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/CreateUserType" - } - } - }, - "required" : true - }, - "responses" : { - "201" : { - "description" : "\n A newly created user with the following attributes:\n id: Unique server generated identifier for the user\n version: The version of the user; version 0 is assigned to a newly created user\n updateTimestamp: The date and time when the user was last updated\n fullName: The full name for the new user\n loginName: The login name for the new user\n enabled: If true, the user account is enabled; false, the account is disabled\n ssoAuth: If true, the user account is enabled for SSO authentication; \n false, the account is enabled for password authentication\n passwordExpiry: The date and time when the password should expire, specified as an ISO-8601 string;\n value of null means that the password does not expire\n parentGroup: An optional identifier of the user group for the new user to be included;\n value of null means that the user will belong to the root group\n properties: An optional set of key/value properties associated with a user account\n roleAssociations: A set of roles associated with the user account", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/UserResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/user/getprotocolversion" : { - "get" : { - "tags" : [ "RBAC User" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_user_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/user/{loginname}/permissionsummary" : { - "get" : { - "tags" : [ "RBAC User" ], - "description" : "This method returns a summary of the user's permissions.", - "operationId" : "get_user__loginname__permissionsummary", - "parameters" : [ { - "name" : "loginname", - "in" : "path", - "description" : "The login name of the user", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The login name of the user", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n enabled: If true, the user account is enabled; false, the account is disabled\n lastUpdateTimestamp: The date and time when the user was last updated\n loginName: The login name of the user\n permissions: An array of one or more permissions associated with the user\n ", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/UserPermissionSummaryResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/user/{loginname}/role/{roleid}" : { - "put" : { - "tags" : [ "RBAC User" ], - "description" : "This method assigns a specified role to a specified user.", - "operationId" : "put_user__loginname__role__roleid_", - "parameters" : [ { - "name" : "loginname", - "in" : "path", - "description" : "The login name of the user", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The login name of the user", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "roleid", - "in" : "path", - "description" : "The ID of the role to assign to the user", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The ID of the role to assign to the user", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n A newly created user with the following attributes:\n id: Unique server generated identifier for the user\n version: The version of the user; version 0 is assigned to a newly created user\n updateTimestamp: The date and time when the user was last updated\n fullName: The full name for the new user\n loginName: The login name for the new user\n enabled: If true, the user account is enabled; false, the account is disabled\n ssoAuth: If true, the user account is enabled for SSO authentication; \n false, the account is enabled for password authentication\n passwordExpiry: The date and time when the password should expire, specified as an ISO-8601 string;\n value of null means that the password does not expire\n parentGroup: An optional identifier of the user group for the new user to be included;\n value of null means that the user will belong to the root group\n properties: An optional set of key/value properties associated with a user account\n roleAssociations: A set of roles associated with the user account", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/UserResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "delete" : { - "tags" : [ "RBAC User" ], - "description" : "This method removes the specified role from the specified user.", - "operationId" : "delete_user__loginname__role__roleid_", - "parameters" : [ { - "name" : "loginname", - "in" : "path", - "description" : "The login name of the user", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The login name of the user", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "roleid", - "in" : "path", - "description" : "The ID of the role to remove from the user", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The ID of the role to remove from the user", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "\n A newly created user with the following attributes:\n id: Unique server generated identifier for the user\n version: The version of the user; version 0 is assigned to a newly created user\n updateTimestamp: The date and time when the user was last updated\n fullName: The full name for the new user\n loginName: The login name for the new user\n enabled: If true, the user account is enabled; false, the account is disabled\n ssoAuth: If true, the user account is enabled for SSO authentication; \n false, the account is enabled for password authentication\n passwordExpiry: The date and time when the password should expire, specified as an ISO-8601 string;\n value of null means that the password does not expire\n parentGroup: An optional identifier of the user group for the new user to be included;\n value of null means that the user will belong to the root group\n properties: An optional set of key/value properties associated with a user account\n roleAssociations: A set of roles associated with the user account", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/UserResponseType" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/virtualnode" : { - "get" : { - "tags" : [ "Virtual Node" ], - "description" : "This method lists all virtual nodes in the cluster.", - "operationId" : "get_virtualnode", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "List of virtual node details.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/VirtualNodes" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - }, - "post" : { - "tags" : [ "Virtual Node" ], - "description" : "This method creates a new virtual node.", - "operationId" : "post_virtualnode", - "parameters" : [ ], - "requestBody" : { - "description" : "requestBody", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/CreateVirtualNodeRequest" - } - } - }, - "required" : true - }, - "responses" : { - "200" : { - "description" : "The details of the created virtual node.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/AsyncResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/virtualnode/getprotocolversion" : { - "get" : { - "tags" : [ "Virtual Node" ], - "description" : "Returns the version of the endpoint", - "operationId" : "get_virtualnode_getprotocolversion", - "parameters" : [ ], - "responses" : { - "200" : { - "description" : "An integer value specifying the version of the endpoint", - "content" : { - "application/json" : { - "schema" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/virtualnode/status/{requestid}" : { - "get" : { - "tags" : [ "Virtual Node" ], - "description" : "This method returns the VirtualNodeOperationStatus for a given operation request id.", - "operationId" : "get_virtualnode_status__requestid_", - "parameters" : [ { - "name" : "requestid", - "in" : "path", - "description" : "The requestId for the operation; obtained during node creation/upgrade", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The requestId for the operation; obtained during node creation/upgrade", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "VirtualNodeOperationStatus for the specified virtual node.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/AsyncOperationStatus" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/virtualnode/{holdingidentityshorthash}" : { - "get" : { - "tags" : [ "Virtual Node" ], - "description" : "This method returns the VirtualNodeInfo for a given Holding Identity ShortHash.", - "operationId" : "get_virtualnode__holdingidentityshorthash_", - "parameters" : [ { - "name" : "holdingidentityshorthash", - "in" : "path", - "description" : "The short hash of the holding identity; obtained during node registration", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The short hash of the holding identity; obtained during node registration", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "VirtualNodeInfo for the specified virtual node.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/VirtualNodeInfo" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/virtualnode/{virtualnodeshortid}/cpi/{targetcpifilechecksum}" : { - "put" : { - "tags" : [ "Virtual Node" ], - "description" : "This method upgrades a virtual node's CPI.", - "operationId" : "put_virtualnode__virtualnodeshortid__cpi__targetcpifilechecksum_", - "parameters" : [ { - "name" : "virtualnodeshortid", - "in" : "path", - "description" : "Short ID of the virtual node instance to update", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Short ID of the virtual node instance to update", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "targetcpifilechecksum", - "in" : "path", - "description" : "The file checksum of the CPI to upgrade to.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "The file checksum of the CPI to upgrade to.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Identifier for the request.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/AsyncResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - }, - "/virtualnode/{virtualnodeshortid}/state/{newstate}" : { - "put" : { - "tags" : [ "Virtual Node" ], - "description" : "This method updates the state of a new virtual node to one of the pre-defined values.", - "operationId" : "put_virtualnode__virtualnodeshortid__state__newstate_", - "parameters" : [ { - "name" : "virtualnodeshortid", - "in" : "path", - "description" : "Short ID of the virtual node instance to update", - "required" : true, - "schema" : { - "type" : "string", - "description" : "Short ID of the virtual node instance to update", - "nullable" : false, - "example" : "string" - } - }, { - "name" : "newstate", - "in" : "path", - "description" : "State to transition virtual node instance into. Possible values are: MAINTENANCE and ACTIVE.", - "required" : true, - "schema" : { - "type" : "string", - "description" : "State to transition virtual node instance into. Possible values are: MAINTENANCE and ACTIVE.", - "nullable" : false, - "example" : "string" - } - } ], - "responses" : { - "200" : { - "description" : "Complete information about updated virtual node which will also contain the updated state.", - "content" : { - "application/json" : { - "schema" : { - "$ref" : "#/components/schemas/ChangeVirtualNodeStateResponse" - } - } - } - }, - "401" : { - "description" : "Unauthorized" - }, - "403" : { - "description" : "Forbidden" - } - } - } - } - }, - "components" : { - "schemas" : { - "ApprovalRuleInfo" : { - "required" : [ "ruleId", "ruleRegex" ], - "type" : "object", - "properties" : { - "ruleId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "ruleLabel" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "ruleRegex" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "ApprovalRuleRequestParams" : { - "required" : [ "ruleRegex" ], - "type" : "object", - "properties" : { - "ruleLabel" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "ruleRegex" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - }, - "description" : "The approval rule information including the regular expression associated with the rule, and an optional label describing the rule" - }, - "AsyncOperationStatus" : { - "required" : [ "lastUpdatedTimestamp", "operation", "requestId", "status" ], - "type" : "object", - "properties" : { - "errorReason" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "lastUpdatedTimestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "operation" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "processingStage" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "requestId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "resourceId" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "status" : { - "nullable" : false, - "example" : "IN_PROGRESS", - "enum" : [ "ACCEPTED", "IN_PROGRESS", "SUCCEEDED", "FAILED", "ABORTED" ] - } - } - }, - "AsyncResponse" : { - "required" : [ "requestId" ], - "type" : "object", - "properties" : { - "requestId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "BulkCreatePermissionsRequestType" : { - "required" : [ "permissionsToCreate", "roleIds" ], - "type" : "object", - "properties" : { - "permissionsToCreate" : { - "uniqueItems" : true, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/CreatePermissionType" - } - }, - "roleIds" : { - "uniqueItems" : true, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - } - }, - "description" : "The details of the permissions to be created along with existing role identifiers newly created permissions should be associated with." - }, - "BulkCreatePermissionsResponseType" : { - "required" : [ "permissionIds", "roleIds" ], - "type" : "object", - "properties" : { - "permissionIds" : { - "uniqueItems" : true, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - }, - "roleIds" : { - "uniqueItems" : true, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - } - } - }, - "ChangeVirtualNodeStateResponse" : { - "required" : [ "holdingIdShortHash", "newState" ], - "type" : "object", - "properties" : { - "holdingIdShortHash" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "newState" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "ConfigSchemaVersion" : { - "required" : [ "major", "minor" ], - "type" : "object", - "properties" : { - "major" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - }, - "minor" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - }, - "CpiIdentifier" : { - "required" : [ "cpiName", "cpiVersion" ], - "type" : "object", - "properties" : { - "cpiName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "cpiVersion" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "signerSummaryHash" : { - "type" : "string", - "nullable" : true, - "example" : "string" - } - } - }, - "CpiMetadata" : { - "required" : [ "cpiFileChecksum", "cpiFileFullChecksum", "cpks", "id", "timestamp" ], - "type" : "object", - "properties" : { - "cpiFileChecksum" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "cpiFileFullChecksum" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "cpks" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/CpkMetadata" - } - }, - "groupPolicy" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "id" : { - "$ref" : "#/components/schemas/CpiIdentifier" - }, - "timestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - } - } - }, - "CpiUploadResponse" : { - "required" : [ "id" ], - "type" : "object", - "properties" : { - "id" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "CpiUploadStatus" : { - "required" : [ "cpiFileChecksum", "status" ], - "type" : "object", - "properties" : { - "cpiFileChecksum" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "status" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "CpkIdentifier" : { - "required" : [ "name", "version" ], - "type" : "object", - "properties" : { - "name" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "signerSummaryHash" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "version" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "CpkMetadata" : { - "required" : [ "hash", "id", "libraries", "mainBundle", "timestamp", "type" ], - "type" : "object", - "properties" : { - "hash" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "id" : { - "$ref" : "#/components/schemas/CpkIdentifier" - }, - "libraries" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - }, - "mainBundle" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "timestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "type" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "CreatePermissionType" : { - "required" : [ "permissionString", "permissionType" ], - "type" : "object", - "properties" : { - "groupVisibility" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "permissionString" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "permissionType" : { - "nullable" : false, - "example" : "DENY", - "enum" : [ "ALLOW", "DENY" ] - }, - "virtualNode" : { - "type" : "string", - "nullable" : true, - "example" : "string" - } - } - }, - "CreateRoleType" : { - "required" : [ "roleName" ], - "type" : "object", - "properties" : { - "groupVisibility" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "roleName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - }, - "description" : "\n Details of the role to be created: \n roleName - name of the role\n groupVisibility - optional group visibility of the role\n " - }, - "CreateUserType" : { - "required" : [ "enabled", "fullName", "loginName" ], - "type" : "object", - "properties" : { - "enabled" : { - "type" : "boolean", - "nullable" : false, - "example" : true - }, - "fullName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "initialPassword" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "loginName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "parentGroup" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "passwordExpiry" : { - "type" : "string", - "format" : "datetime", - "nullable" : true, - "example" : "2022-06-24T10:15:30Z" - } - }, - "description" : "\n Details of the user to be created with the following parameters:\n enabled: If true, the user account is enabled; false, the account is disabled\n fullName: The full name for the new user\n initialPassword: The initial password for the new user; \n the value can be null for Single Sign On (SSO) users\n loginName: The login name for the new user\n parentGroup: An optional identifier of the user group for the new user to be included;\n value of null means that the user will belong to the root group\n passwordExpiry: The date and time when the password should expire, specified as an ISO-8601 string;\n value of null means that the password does not expire" - }, - "CreateVirtualNodeRequest" : { - "required" : [ "cpiFileChecksum", "x500Name" ], - "type" : "object", - "properties" : { - "cpiFileChecksum" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "cryptoDdlConnection" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "cryptoDmlConnection" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "uniquenessDdlConnection" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "uniquenessDmlConnection" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "vaultDdlConnection" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "vaultDmlConnection" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "x500Name" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - }, - "description" : "Details of the virtual node to be created" - }, - "FlowResultResponse" : { - "required" : [ "flowStatus", "holdingIdentityShortHash", "timestamp" ], - "type" : "object", - "properties" : { - "clientRequestId" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "flowError" : { - "$ref" : "#/components/schemas/FlowStateErrorResponse" - }, - "flowId" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "flowStatus" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "holdingIdentityShortHash" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "json" : { - "description" : "Either nested JSON object or a valid JSON-escaped string.", - "nullable" : true, - "example" : "{\"command\":\"echo\", \"data\":{\"value\": \"hello-world\"}}", - "type" : "object" - }, - "timestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - } - } - }, - "FlowStateErrorResponse" : { - "required" : [ "message", "type" ], - "type" : "object", - "properties" : { - "message" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "type" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "FlowStatusResponse" : { - "required" : [ "flowStatus", "holdingIdentityShortHash", "timestamp" ], - "type" : "object", - "properties" : { - "clientRequestId" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "flowError" : { - "$ref" : "#/components/schemas/FlowStateErrorResponse" - }, - "flowId" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "flowResult" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "flowStatus" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "holdingIdentityShortHash" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "timestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - } - } - }, - "FlowStatusResponses" : { - "required" : [ "flowStatusResponses" ], - "type" : "object", - "properties" : { - "flowStatusResponses" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/FlowStatusResponse" - } - } - } - }, - "GenerateCsrWrapperRequest" : { - "required" : [ "x500Name" ], - "properties" : { - "contextMap" : { - "type" : "object", - "additionalProperties" : { - "type" : "string", - "example" : "string" - }, - "description" : "Used to add additional attributes to the CSR; for example, signature spec", - "nullable" : true, - "example" : "No example available for this type" - }, - "subjectAlternativeNames" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : true, - "items" : { - "type" : "string", - "example" : "string" - } - }, - "x500Name" : { - "type" : "string", - "description" : "The X.500 name that will be the subject associated with the request", - "nullable" : false, - "example" : "string" - } - }, - "description" : "GenerateCsrWrapperRequest", - "nullable" : false - }, - "GetCPIsResponse" : { - "required" : [ "cpis" ], - "type" : "object", - "properties" : { - "cpis" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/CpiMetadata" - } - } - } - }, - "GetConfigResponse" : { - "required" : [ "configWithDefaults", "schemaVersion", "section", "sourceConfig", "version" ], - "type" : "object", - "properties" : { - "configWithDefaults" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "schemaVersion" : { - "$ref" : "#/components/schemas/ConfigSchemaVersion" - }, - "section" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "sourceConfig" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "version" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - }, - "HoldingIdentity" : { - "required" : [ "fullHash", "groupId", "shortHash", "x500Name" ], - "type" : "object", - "properties" : { - "fullHash" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "groupId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "shortHash" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "x500Name" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "HostedIdentitySessionKeyAndCertificate" : { - "required" : [ "preferred", "sessionKeyId" ], - "type" : "object", - "properties" : { - "preferred" : { - "type" : "boolean", - "nullable" : false, - "example" : true - }, - "sessionCertificateChainAlias" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "sessionKeyId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "HostedIdentitySetupRequest" : { - "required" : [ "p2pTlsCertificateChainAlias", "sessionKeysAndCertificates" ], - "type" : "object", - "properties" : { - "p2pTlsCertificateChainAlias" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "sessionKeysAndCertificates" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/HostedIdentitySessionKeyAndCertificate" - } - }, - "useClusterLevelTlsCertificateAndKey" : { - "type" : "boolean", - "nullable" : true, - "example" : true - } - }, - "description" : "\n Request object which contains properties for P2P messaging including:\n p2pTlsCertificateChainAlias: the P2P TLS certificate chain alias\n useClusterLevelTlsCertificateAndKey: Should the cluster-level P2P TLS certificate type and key be \n used or the virtual node certificate and key.\n sessionKeyId: the session key identifier" - }, - "HsmAssociationInfo" : { - "required" : [ "category", "deprecatedAt", "hsmId", "id" ], - "type" : "object", - "properties" : { - "category" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "deprecatedAt" : { - "type" : "integer", - "format" : "int64", - "nullable" : false, - "example" : 0 - }, - "hsmId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "id" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "masterKeyAlias" : { - "type" : "string", - "nullable" : true, - "example" : "string" - } - } - }, - "KeyMetaData" : { - "required" : [ "alias", "created", "hsmCategory", "keyId", "scheme" ], - "type" : "object", - "properties" : { - "alias" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "created" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "hsmCategory" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "keyId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "masterKeyAlias" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "scheme" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "KeyPairIdentifier" : { - "required" : [ "id" ], - "type" : "object", - "properties" : { - "id" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "MemberInfoSubmitted" : { - "required" : [ "data" ], - "type" : "object", - "properties" : { - "data" : { - "type" : "object", - "additionalProperties" : { - "type" : "string", - "example" : "string" - }, - "nullable" : false, - "example" : "No example available for this type" - } - } - }, - "MemberRegistrationRequest" : { - "required" : [ "context" ], - "type" : "object", - "properties" : { - "context" : { - "type" : "object", - "additionalProperties" : { - "type" : "string", - "example" : "string" - }, - "nullable" : false, - "example" : "No example available for this type" - } - }, - "description" : "The request sent during registration which contains the requested registration context map containing data required to initiate the registration process." - }, - "PermissionAssociationResponseType" : { - "required" : [ "createdTimestamp", "id" ], - "type" : "object", - "properties" : { - "createdTimestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "id" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "PermissionResponseType" : { - "required" : [ "id", "permissionString", "permissionType", "updateTimestamp", "version" ], - "type" : "object", - "properties" : { - "groupVisibility" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "id" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "permissionString" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "permissionType" : { - "nullable" : false, - "example" : "DENY", - "enum" : [ "ALLOW", "DENY" ] - }, - "updateTimestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "version" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - }, - "virtualNode" : { - "type" : "string", - "nullable" : true, - "example" : "string" - } - } - }, - "PermissionSummaryResponseType" : { - "required" : [ "id", "permissionString", "permissionType" ], - "type" : "object", - "properties" : { - "groupVisibility" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "id" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "permissionString" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "permissionType" : { - "nullable" : false, - "example" : "DENY", - "enum" : [ "ALLOW", "DENY" ] - }, - "virtualNode" : { - "type" : "string", - "nullable" : true, - "example" : "string" - } - } - }, - "PreAuthToken" : { - "required" : [ "id", "ownerX500Name", "status" ], - "type" : "object", - "properties" : { - "creationRemark" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "id" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "ownerX500Name" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "removalRemark" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "status" : { - "nullable" : false, - "example" : "REVOKED", - "enum" : [ "AVAILABLE", "REVOKED", "CONSUMED", "AUTO_INVALIDATED" ] - }, - "ttl" : { - "type" : "string", - "format" : "datetime", - "nullable" : true, - "example" : "2022-06-24T10:15:30Z" - } - } - }, - "PreAuthTokenRequest" : { - "required" : [ "ownerX500Name" ], - "type" : "object", - "properties" : { - "ownerX500Name" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "remarks" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "ttl" : { - "type" : "string", - "format" : "duration", - "nullable" : true, - "example" : "PT15M" - } - } - }, - "PropertyResponseType" : { - "required" : [ "key", "lastChangedTimestamp", "value" ], - "type" : "object", - "properties" : { - "key" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "lastChangedTimestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "value" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "RegistrationRequestProgress" : { - "required" : [ "availableNow", "memberInfoSubmitted", "reason", "registrationId", "registrationStatus" ], - "type" : "object", - "properties" : { - "availableNow" : { - "type" : "boolean", - "nullable" : false, - "example" : true - }, - "memberInfoSubmitted" : { - "$ref" : "#/components/schemas/MemberInfoSubmitted" - }, - "reason" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "registrationId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "registrationSent" : { - "type" : "string", - "format" : "datetime", - "nullable" : true, - "example" : "2022-06-24T10:15:30Z" - }, - "registrationStatus" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "RestGroupParameters" : { - "required" : [ "parameters" ], - "type" : "object", - "properties" : { - "parameters" : { - "type" : "object", - "additionalProperties" : { - "type" : "string", - "example" : "string" - }, - "nullable" : false, - "example" : "No example available for this type" - } - } - }, - "RestMemberInfo" : { - "required" : [ "memberContext", "mgmContext" ], - "type" : "object", - "properties" : { - "memberContext" : { - "type" : "object", - "additionalProperties" : { - "type" : "string", - "example" : "string" - }, - "nullable" : false, - "example" : "No example available for this type" - }, - "mgmContext" : { - "type" : "object", - "additionalProperties" : { - "type" : "string", - "example" : "string" - }, - "nullable" : false, - "example" : "No example available for this type" - } - } - }, - "RestMemberInfoList" : { - "required" : [ "members" ], - "type" : "object", - "properties" : { - "members" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/RestMemberInfo" - } - } - } - }, - "RestRegistrationRequestStatus" : { - "required" : [ "memberInfoSubmitted", "registrationId", "registrationStatus" ], - "type" : "object", - "properties" : { - "memberInfoSubmitted" : { - "$ref" : "#/components/schemas/MemberInfoSubmitted" - }, - "reason" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "registrationId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "registrationSent" : { - "type" : "string", - "format" : "datetime", - "nullable" : true, - "example" : "2022-06-24T10:15:30Z" - }, - "registrationStatus" : { - "nullable" : false, - "example" : "SENT_TO_MGM", - "enum" : [ "NEW", "SENT_TO_MGM", "RECEIVED_BY_MGM", "STARTED_PROCESSING_BY_MGM", "PENDING_MEMBER_VERIFICATION", "PENDING_MANUAL_APPROVAL", "PENDING_AUTO_APPROVAL", "DECLINED", "INVALID", "FAILED", "APPROVED" ] - }, - "registrationUpdated" : { - "type" : "string", - "format" : "datetime", - "nullable" : true, - "example" : "2022-06-24T10:15:30Z" - }, - "serial" : { - "type" : "integer", - "format" : "int64", - "nullable" : true, - "example" : 0 - } - } - }, - "RoleAssociationResponseType" : { - "required" : [ "createTimestamp", "roleId" ], - "type" : "object", - "properties" : { - "createTimestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "roleId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "RoleResponseType" : { - "required" : [ "id", "permissions", "roleName", "updateTimestamp", "version" ], - "type" : "object", - "properties" : { - "groupVisibility" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "id" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "permissions" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/PermissionAssociationResponseType" - } - }, - "roleName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "updateTimestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "version" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - }, - "Route" : { - "required" : [ "active", "channelName", "externalReceiveTopicName", "inactiveResponseType" ], - "type" : "object", - "properties" : { - "active" : { - "type" : "boolean", - "nullable" : false, - "example" : true - }, - "channelName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "externalReceiveTopicName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "inactiveResponseType" : { - "nullable" : false, - "example" : "IGNORE", - "enum" : [ "ERROR", "IGNORE" ] - } - } - }, - "RouteConfiguration" : { - "required" : [ "currentRoutes", "previousVersionRoutes" ], - "type" : "object", - "properties" : { - "currentRoutes" : { - "$ref" : "#/components/schemas/Routes" - }, - "previousVersionRoutes" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/Routes" - } - } - } - }, - "Routes" : { - "required" : [ "cpiIdentifier", "routes" ], - "type" : "object", - "properties" : { - "cpiIdentifier" : { - "$ref" : "#/components/schemas/CpiIdentifier" - }, - "routes" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/Route" - } - } - } - }, - "StartFlowParameters" : { - "required" : [ "clientRequestId", "flowClassName", "requestBody" ], - "type" : "object", - "properties" : { - "clientRequestId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "flowClassName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "requestBody" : { - "description" : "Either nested JSON object or a valid JSON-escaped string.", - "nullable" : false, - "example" : "{\"command\":\"echo\", \"data\":{\"value\": \"hello-world\"}}", - "type" : "object" - } - }, - "description" : "\n Information required to start a flow for this holdingId, including:\n clientRequestId: a client provided flow identifier\n flowClassName: fully qualified class name of the flow to start\n requestBody: optional start arguments string passed to the flow; defaults to an empty string\n " - }, - "StartableFlowsResponse" : { - "required" : [ "flowClassNames" ], - "type" : "object", - "properties" : { - "flowClassNames" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "type" : "string", - "example" : "string" - } - } - } - }, - "SuspensionActivationParameters" : { - "required" : [ "x500Name" ], - "type" : "object", - "properties" : { - "reason" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "serialNumber" : { - "type" : "integer", - "format" : "int64", - "nullable" : true, - "example" : 0 - }, - "x500Name" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - }, - "description" : "Parameters for suspending or activating a member." - }, - "UpdateConfigParameters" : { - "required" : [ "config", "schemaVersion", "section", "version" ], - "type" : "object", - "properties" : { - "config" : { - "description" : "Either nested JSON object or a valid JSON-escaped string.", - "nullable" : false, - "example" : "{\"command\":\"echo\", \"data\":{\"value\": \"hello-world\"}}", - "type" : "object" - }, - "schemaVersion" : { - "$ref" : "#/components/schemas/ConfigSchemaVersion" - }, - "section" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "version" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - }, - "description" : "\n Details of the updated configuration. Includes:\n - `section`: the section of the configuration to be updated.\n - `config`: the updated configuration in JSON or HOCON format.\n - `schemaVersion`: the schema version of the configuration.\n - `version`: the version number used for optimistic locking. The request fails if this version does not \n match the version stored in the database for the corresponding section or -1 if this is a new section \n for which no configuration has yet been stored." - }, - "UpdateConfigResponse" : { - "required" : [ "config", "schemaVersion", "section", "version" ], - "type" : "object", - "properties" : { - "config" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "schemaVersion" : { - "$ref" : "#/components/schemas/ConfigSchemaVersion" - }, - "section" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "version" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - }, - "UserPermissionSummaryResponseType" : { - "required" : [ "enabled", "lastUpdateTimestamp", "loginName", "permissions" ], - "type" : "object", - "properties" : { - "enabled" : { - "type" : "boolean", - "nullable" : false, - "example" : true - }, - "lastUpdateTimestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "loginName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "permissions" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/PermissionSummaryResponseType" - } - } - } - }, - "UserResponseType" : { - "required" : [ "enabled", "fullName", "id", "loginName", "properties", "roleAssociations", "ssoAuth", "updateTimestamp", "version" ], - "type" : "object", - "properties" : { - "enabled" : { - "type" : "boolean", - "nullable" : false, - "example" : true - }, - "fullName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "id" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "loginName" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "parentGroup" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "passwordExpiry" : { - "type" : "string", - "format" : "datetime", - "nullable" : true, - "example" : "2022-06-24T10:15:30Z" - }, - "properties" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/PropertyResponseType" - } - }, - "roleAssociations" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/RoleAssociationResponseType" - } - }, - "ssoAuth" : { - "type" : "boolean", - "nullable" : false, - "example" : true - }, - "updateTimestamp" : { - "type" : "string", - "format" : "datetime", - "nullable" : false, - "example" : "2022-06-24T10:15:30Z" - }, - "version" : { - "type" : "integer", - "format" : "int32", - "nullable" : false, - "example" : 0 - } - } - }, - "VirtualNodeInfo" : { - "required" : [ "cpiIdentifier", "cryptoDmlConnectionId", "flowOperationalStatus", "flowP2pOperationalStatus", "flowStartOperationalStatus", "holdingIdentity", "uniquenessDmlConnectionId", "vaultDbOperationalStatus", "vaultDmlConnectionId" ], - "type" : "object", - "properties" : { - "cpiIdentifier" : { - "$ref" : "#/components/schemas/CpiIdentifier" - }, - "cryptoDdlConnectionId" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "cryptoDmlConnectionId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "externalMessagingRouteConfiguration" : { - "$ref" : "#/components/schemas/RouteConfiguration" - }, - "flowOperationalStatus" : { - "nullable" : false, - "example" : "INACTIVE", - "enum" : [ "ACTIVE", "INACTIVE" ] - }, - "flowP2pOperationalStatus" : { - "nullable" : false, - "example" : "INACTIVE", - "enum" : [ "ACTIVE", "INACTIVE" ] - }, - "flowStartOperationalStatus" : { - "nullable" : false, - "example" : "INACTIVE", - "enum" : [ "ACTIVE", "INACTIVE" ] - }, - "holdingIdentity" : { - "$ref" : "#/components/schemas/HoldingIdentity" - }, - "hsmConnectionId" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "operationInProgress" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "uniquenessDdlConnectionId" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "uniquenessDmlConnectionId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - }, - "vaultDbOperationalStatus" : { - "nullable" : false, - "example" : "INACTIVE", - "enum" : [ "ACTIVE", "INACTIVE" ] - }, - "vaultDdlConnectionId" : { - "type" : "string", - "nullable" : true, - "example" : "string" - }, - "vaultDmlConnectionId" : { - "type" : "string", - "nullable" : false, - "example" : "string" - } - } - }, - "VirtualNodes" : { - "required" : [ "virtualNodes" ], - "type" : "object", - "properties" : { - "virtualNodes" : { - "uniqueItems" : false, - "type" : "array", - "nullable" : false, - "items" : { - "$ref" : "#/components/schemas/VirtualNodeInfo" - } - } - } - } - }, - "securitySchemes" : { - "basicAuth" : { - "type" : "http", - "scheme" : "basic" - } - } - } -} \ No newline at end of file diff --git a/support_bundle.ps1 b/support_bundle.ps1 index 50d58fbfa79..afa15d101da 100755 --- a/support_bundle.ps1 +++ b/support_bundle.ps1 @@ -79,7 +79,7 @@ foreach ($restSvcName in (kubectl get svc --namespace $namespace -l app.kubernet if ($remainingAttempts -gt 0) { $sections = "crypto", "externalMessaging", "flow", "ledger.utxo", "membership", "messaging", "p2p.gateway", "p2p.linkManager", "rbac", "reconciliation", "rest", "sandbox", "secrets", "security", "stateManager", "vnode.datasource" foreach ($section in $sections) { - Invoke-RestMethod -Uri "https://localhost:9443/api/v1/config/corda.$section" -Method Get -SkipCertificateCheck -Headers @{ Authorization = "Basic " + [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("${username}:${password}")) } -OutFile (Join-Path $configDir "corda.$section.json") + Invoke-RestMethod -Uri "https://localhost:9443/api/v5_3/config/corda.$section" -Method Get -SkipCertificateCheck -Headers @{ Authorization = "Basic " + [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("${username}:${password}")) } -OutFile (Join-Path $configDir "corda.$section.json") } } diff --git a/support_bundle.sh b/support_bundle.sh index 27e539f6d71..23020a0f92d 100755 --- a/support_bundle.sh +++ b/support_bundle.sh @@ -65,7 +65,7 @@ for restSvcName in $(kubectl get svc --namespace "$namespace" -l app.kubernetes. if curl -sk "https://localhost:9443" --retry 10 --retry-delay 1 --retry-all-errors > /dev/null 2>&1; then sections="crypto externalMessaging flow ledger.utxo membership messaging p2p.gateway p2p.linkManager rbac reconciliation rest sandbox secrets security stateManager vnode.datasource" for section in $sections; do - curl -sk -u "${username}:${password}" "https://localhost:9443/api/v1/config/corda.${section}" -o "${configDir}/corda.${section}.json" + curl -sk -u "${username}:${password}" "https://localhost:9443/api/v5_3/config/corda.${section}" -o "${configDir}/corda.${section}.json" done fi disown $pid diff --git a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/CertificateUtils.kt b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/CertificateUtils.kt index cf10808c0b4..ce430bb5d02 100644 --- a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/CertificateUtils.kt +++ b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/CertificateUtils.kt @@ -3,7 +3,6 @@ package net.corda.e2etest.utilities import com.fasterxml.jackson.databind.ObjectMapper import net.corda.e2etest.utilities.config.SingleClusterTestConfigManager import net.corda.rest.ResponseCode -import net.corda.rest.annotations.RestApiVersion import net.corda.schema.configuration.ConfigKeys import net.corda.utilities.seconds import java.io.File @@ -29,20 +28,11 @@ fun ClusterInfo.generateCsr( assertWithRetryIgnoringExceptions { interval(1.seconds) - if (restApiVersion == RestApiVersion.C5_0) { - command { - initialClient.post( - "/api/${RestApiVersion.C5_0.versionPath}/certificates/$tenantId/$keyId", - ObjectMapper().writeValueAsString(payload) - ) - } - } else { - command { - vNodeCreatorClient.post( - "/api/${restApiVersion.versionPath}/certificate/$tenantId/$keyId", - ObjectMapper().writeValueAsString(payload) - ) - } + command { + vNodeCreatorClient.post( + "/api/${restApiVersion.versionPath}/certificate/$tenantId/$keyId", + ObjectMapper().writeValueAsString(payload) + ) } condition { it.code == ResponseCode.OK.statusCode } }.body diff --git a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/ClusterBuilder.kt b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/ClusterBuilder.kt index e18939f297c..de623a73d41 100644 --- a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/ClusterBuilder.kt +++ b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/ClusterBuilder.kt @@ -136,12 +136,11 @@ class ClusterBuilder(clusterInfo: ClusterInfo, val REST_API_VERSION_PATH: String } } - private fun uploadCertificateResource(cmd: String, resourceName: String, alias: String, deprecated: Boolean = false) = + private fun uploadCertificateResource(cmd: String, resourceName: String, alias: String) = getInputStream(resourceName).uploadCertificateInputStream( cmd, alias, Paths.get(resourceName).fileName.toString(), - deprecated ) @@ -150,14 +149,9 @@ class ClusterBuilder(clusterInfo: ClusterInfo, val REST_API_VERSION_PATH: String private fun InputStream.uploadCertificateInputStream( - cmd: String, alias: String, fileName: String, deprecated: Boolean = false + cmd: String, alias: String, fileName: String ) = use { - val httpsClient = if (deprecated) { - initialClient - } else { - vNodeCreatorClient - } - httpsClient.putMultiPart( + vNodeCreatorClient.putMultiPart( cmd, mapOf("alias" to alias), mapOf("certificate" to HttpsClientFileUpload(it, fileName)) @@ -170,21 +164,11 @@ class ClusterBuilder(clusterInfo: ClusterInfo, val REST_API_VERSION_PATH: String fun importCertificate(resourceName: String, usage: String, alias: String) = uploadCertificateResource( - "/api/$REST_API_VERSION_PATH/${REST_API_VERSION_PATH.certificatePath()}/cluster/$usage", + "/api/$REST_API_VERSION_PATH/certificate/cluster/$usage", resourceName, alias, ) - @Suppress("unused") - // Used to test RestApiVersion.C5_0 CertificateRestResource from 5.1 cluster, remove after LTS - fun deprecatedImportCertificate(resourceName: String, usage: String, alias: String) = - uploadCertificateResource( - "/api/${RestApiVersion.C5_0.versionPath}/certificates/cluster/$usage", - resourceName, - alias, - true - ) - /** * If [holdingIdentityId] is not specified, it will be uploaded as a cluster-level certificate. * If [holdingIdentityId] is specified, it will be uploaded as a vnode-level certificate under the specified vnode. @@ -199,30 +183,20 @@ class ClusterBuilder(clusterInfo: ClusterInfo, val REST_API_VERSION_PATH: String private fun importClusterCertificate(file: File, usage: String, alias: String) = uploadCertificateFile( - "/api/$REST_API_VERSION_PATH/${REST_API_VERSION_PATH.certificatePath()}/cluster/$usage", + "/api/$REST_API_VERSION_PATH/certificate/cluster/$usage", file, alias, ) private fun importVnodeCertificate(file: File, usage: String, alias: String, holdingIdentityId: String) = uploadCertificateFile( - "/api/$REST_API_VERSION_PATH/${REST_API_VERSION_PATH.certificatePath()}/vnode/$holdingIdentityId/$usage", + "/api/$REST_API_VERSION_PATH/certificate/vnode/$holdingIdentityId/$usage", file, alias ) fun getCertificateChain(usage: String, alias: String) = - vNodeCreatorClient.get("/api/$REST_API_VERSION_PATH/${REST_API_VERSION_PATH.certificatePath()}/cluster/$usage/$alias") - - /** - * Returns the correct path for certificate rest resource based on the rest api version we use. - */ - private fun String.certificatePath(): String = - if (this == RestApiVersion.C5_0.versionPath) { - "certificates" - } else { - "certificate" - } + vNodeCreatorClient.get("/api/$REST_API_VERSION_PATH/certificate/cluster/$usage/$alias") @Suppress("unused") /** Assumes the resource *is* a CPB */ @@ -638,26 +612,14 @@ class ClusterBuilder(clusterInfo: ClusterInfo, val REST_API_VERSION_PATH: String vNodeCreatorClient.post("/api/$REST_API_VERSION_PATH/hsm/soft/$holdingIdentityShortHash/$category", body = "") fun createKey(holdingIdentityShortHash: String, alias: String, category: String, scheme: String) = - if (REST_API_VERSION_PATH == RestApiVersion.C5_0.versionPath) { - // Used to test RestApiVersion.C5_0 CertificateRestResource, remove after LTS - deprecatedCreateKey(holdingIdentityShortHash, alias, category, scheme) - } else { - vNodeCreatorClient.post( - "/api/$REST_API_VERSION_PATH/key/$holdingIdentityShortHash/alias/$alias/category/$category/scheme/$scheme", - body = "" - ) - } - - // Used to test RestApiVersion.C5_0 KeysRestResource from 5.1 cluster, remove after LTS - fun deprecatedCreateKey(holdingIdentityShortHash: String, alias: String, category: String, scheme: String) = - initialClient.post( - "/api/${RestApiVersion.C5_0.versionPath}/keys/$holdingIdentityShortHash/alias/$alias/category/$category/scheme/$scheme", + vNodeCreatorClient.post( + "/api/$REST_API_VERSION_PATH/key/$holdingIdentityShortHash/alias/$alias/category/$category/scheme/$scheme", body = "" ) @Suppress("unused") fun getKey(tenantId: String, keyId: String) = - vNodeCreatorClient.get("/api/$REST_API_VERSION_PATH/${REST_API_VERSION_PATH.keyPath()}/$tenantId/$keyId") + vNodeCreatorClient.get("/api/$REST_API_VERSION_PATH/key/$tenantId/$keyId") fun getKey( tenantId: String, @@ -675,19 +637,9 @@ class ClusterBuilder(clusterInfo: ClusterInfo, val REST_API_VERSION_PATH: String } else { queries.joinToString(prefix = "?", separator = "&") } - return vNodeCreatorClient.get("/api/$REST_API_VERSION_PATH/${REST_API_VERSION_PATH.keyPath()}/$tenantId$queryStr") + return vNodeCreatorClient.get("/api/$REST_API_VERSION_PATH/key/$tenantId$queryStr") } - /** - * Returns the correct path for key rest resource based on the rest api version we use. - */ - private fun String.keyPath(): String = - if (this == RestApiVersion.C5_0.versionPath) { - "keys" - } else { - "key" - } - /** Get status of a flow */ fun flowStatus(holdingIdentityShortHash: String, clientRequestId: String) = initialClient.get("/api/$REST_API_VERSION_PATH/flow/$holdingIdentityShortHash/$clientRequestId") diff --git a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/MGMUtils.kt b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/MGMUtils.kt index dbda5237a31..1a9b213eb9e 100644 --- a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/MGMUtils.kt +++ b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/MGMUtils.kt @@ -6,7 +6,6 @@ import com.fasterxml.jackson.databind.ObjectMapper import net.corda.e2etest.utilities.types.CertificateAuthority import net.corda.e2etest.utilities.types.NetworkOnboardingMetadata import net.corda.rest.ResponseCode -import net.corda.rest.annotations.RestApiVersion import net.corda.utilities.minutes import net.corda.utilities.seconds import java.net.URLEncoder.encode @@ -358,31 +357,6 @@ fun ClusterInfo.suspendMember( } } -@Suppress("unused") -/** - * Suspend a member identified by [x500Name]. - * Suspension is performed by the MGM identified by [mgmHoldingId]. - * - * Used to test RestApiVersion.C5_0, this version allows the serial number to be Null. - */ -fun ClusterInfo.deprecatedSuspendMember( - mgmHoldingId: String, - x500Name: String, - serialNumber: Int? = null, -) = cluster { - assertWithRetry { - timeout(15.seconds) - interval(1.seconds) - command { - initialClient.post( - "/api/${RestApiVersion.C5_0.versionPath}/mgm/$mgmHoldingId/suspend", - "{ \"x500Name\": \"$x500Name\", \"serialNumber\": $serialNumber }" - ) - } - condition { it.code == ResponseCode.NO_CONTENT.statusCode || it.code == ResponseCode.CONFLICT.statusCode } - } -} - @Suppress("unused") /** * Activate a member identified by [x500Name]. @@ -406,31 +380,6 @@ fun ClusterInfo.activateMember( } } -@Suppress("unused") -/** - * Activate a member identified by [x500Name]. - * Activation is performed by the MGM identified by [mgmHoldingId]. - * - * Used to test RestApiVersion.C5_0, this version allows the serial number to be Null. - */ -fun ClusterInfo.deprecatedActivateMember( - mgmHoldingId: String, - x500Name: String, - serialNumber: Int? = null, -) = cluster { - assertWithRetry { - timeout(15.seconds) - interval(1.seconds) - command { - initialClient.post( - "/api/${RestApiVersion.C5_0.versionPath}/mgm/$mgmHoldingId/activate", - "{ \"x500Name\": \"$x500Name\", \"serialNumber\": $serialNumber }" - ) - } - condition { it.code == ResponseCode.NO_CONTENT.statusCode || it.code == ResponseCode.CONFLICT.statusCode } - } -} - @Suppress("unused") /** * Update the group parameters as the MGM identified by [mgmHoldingId], and return the newly updated group parameters. diff --git a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/MembershipUtils.kt b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/MembershipUtils.kt index d2838c6f080..76b827ec67e 100644 --- a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/MembershipUtils.kt +++ b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/MembershipUtils.kt @@ -197,7 +197,7 @@ fun ClusterInfo.onboardNotaryMember( "corda.notary.keys.0.signature.spec" to DEFAULT_SIGNATURE_SPEC ) + (getAdditionalContext?.let { it(holdingId) } ?: emptyMap()) + ( // Add the optional backchain property if version is >= 5.2 - if (restApiVersion != RestApiVersion.C5_0 && restApiVersion != RestApiVersion.C5_1 && isBackchainRequired != null) + if (restApiVersion != RestApiVersion.C5_1 && isBackchainRequired != null) mapOf("corda.notary.service.backchain.required" to "$isBackchainRequired") else emptyMap() ) diff --git a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/BasicAuthUpgradeListener.kt b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/BasicAuthUpgradeListener.kt deleted file mode 100644 index 73cf846f235..00000000000 --- a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/BasicAuthUpgradeListener.kt +++ /dev/null @@ -1,30 +0,0 @@ -package net.corda.e2etest.utilities.websocket.client - -import org.eclipse.jetty.websocket.api.UpgradeRequest -import org.eclipse.jetty.websocket.api.UpgradeResponse -import org.eclipse.jetty.websocket.client.io.UpgradeListener -import org.slf4j.LoggerFactory -import java.util.Base64 - -class BasicAuthUpgradeListener( - private val userName: String, - private val password: String -) : UpgradeListener { - private companion object { - val log = LoggerFactory.getLogger(this::class.java.enclosingClass) - const val AUTHORIZATION_HEADER = "Authorization" - } - - override fun onHandshakeRequest(request: UpgradeRequest) { - val headerValue = toBasicAuthValue(userName, password) - log.info("Header value: $headerValue") - request.setHeader(AUTHORIZATION_HEADER, headerValue) - } - - override fun onHandshakeResponse(response: UpgradeResponse?) { - } - - private fun toBasicAuthValue(username: String, password: String): String { - return "Basic " + Base64.getEncoder().encodeToString("$username:$password".toByteArray()) - } -} \ No newline at end of file diff --git a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/InternalWebsocketHandler.kt b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/InternalWebsocketHandler.kt deleted file mode 100644 index ebf8515e584..00000000000 --- a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/InternalWebsocketHandler.kt +++ /dev/null @@ -1,7 +0,0 @@ -package net.corda.e2etest.utilities.websocket.client - -interface InternalWebsocketHandler { - val messageQueueSnapshot: List - fun isConnected(): Boolean - fun send(message: String) -} \ No newline at end of file diff --git a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/MessageQueueWebSocketHandler.kt b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/MessageQueueWebSocketHandler.kt deleted file mode 100644 index 7201e06a413..00000000000 --- a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/MessageQueueWebSocketHandler.kt +++ /dev/null @@ -1,48 +0,0 @@ -package net.corda.e2etest.utilities.websocket.client - -import org.eclipse.jetty.websocket.api.Session -import org.eclipse.jetty.websocket.client.NoOpEndpoint -import org.slf4j.LoggerFactory -import java.io.IOException -import java.util.concurrent.CopyOnWriteArrayList - -class MessageQueueWebSocketHandler : NoOpEndpoint(), InternalWebsocketHandler { - - private val _messageQueue = CopyOnWriteArrayList() - - override val messageQueueSnapshot: List - get() = ArrayList(_messageQueue) - - private companion object { - val log = LoggerFactory.getLogger(this::class.java.enclosingClass) - } - - override fun onWebSocketConnect(session: Session) { - log.info("onWebSocketConnect : $session") - super.onWebSocketConnect(session) - } - - override fun onWebSocketClose(statusCode: Int, reason: String?) { - log.info("Reacting to server closed: $statusCode - $reason") - super.onWebSocketClose(statusCode, reason) - } - - override fun onWebSocketText(message: String) { - log.info("Received message: $message") - _messageQueue.add(message) - } - - override fun send(message: String) { - if (super.isConnected()) { - try { - log.info("Attempting to send message from client websocket handler to server. Message: $message") - remote.sendString(message) - } catch (e: IOException) { - log.warn("Exception sending message to server.", e) - throw SmokeTestWebsocketException("Exception sending message to server.", e) - } - } else { - throw SmokeTestWebsocketException("Attempted to send message from client to server but session was not connected.") - } - } -} diff --git a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/SmokeTestWebsocketClient.kt b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/SmokeTestWebsocketClient.kt deleted file mode 100644 index a0c252889a2..00000000000 --- a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/SmokeTestWebsocketClient.kt +++ /dev/null @@ -1,110 +0,0 @@ -package net.corda.e2etest.utilities.websocket.client - -import net.corda.e2etest.utilities.DEFAULT_CLUSTER -import net.corda.e2etest.utilities.PASSWORD -import net.corda.e2etest.utilities.USERNAME -import net.corda.e2etest.utilities.getOrThrow -import net.corda.test.util.consistently -import net.corda.test.util.eventually -import org.assertj.core.api.Assertions.assertThat -import org.eclipse.jetty.client.HttpClient -import org.eclipse.jetty.util.ssl.SslContextFactory -import org.eclipse.jetty.websocket.api.CloseStatus -import org.eclipse.jetty.websocket.api.Session -import org.eclipse.jetty.websocket.api.StatusCode -import org.eclipse.jetty.websocket.api.WebSocketAdapter -import org.eclipse.jetty.websocket.client.ClientUpgradeRequest -import org.eclipse.jetty.websocket.client.WebSocketClient -import org.slf4j.Logger -import org.slf4j.LoggerFactory -import java.net.URI -import java.time.Duration -import java.util.LinkedList - -fun useWebsocketConnection( - path: String, - block: (wsHandler: InternalWebsocketHandler) -> Unit -) { - val wsHandler = MessageQueueWebSocketHandler() - val client = SmokeTestWebsocketClient() - - client.use { - it.start() - it.connect(path, wsHandler) - - // Loop as necessary to wait for connection to be established - eventually(duration = Duration.ofSeconds(30)) { - assertThat(wsHandler.isConnected) - .withFailMessage("web-socket-client should get connected") - .isTrue - } - - // Ensure that connection stays stable - consistently( - duration = Duration.ofSeconds(5), - waitBefore = Duration.ofMillis(500) - ) { - assertThat(wsHandler.isConnected) - .withFailMessage("web-socket-client should have stable connection") - .isTrue - } - - block.invoke(wsHandler) - } - - eventually { - assertThat(wsHandler.isConnected) - .withFailMessage("web-socket-client should be disconnected") - .isFalse - } -} - -class SmokeTestWebsocketClient( - private val username: String = USERNAME, - private val password: String = PASSWORD, - private val connectTimeout: Duration = Duration.ofSeconds(10), -) : AutoCloseable { - - private companion object { - val log: Logger = LoggerFactory.getLogger(this::class.java.enclosingClass) - val restUri = DEFAULT_CLUSTER.rest.uri - val baseWssUri = URI("wss", restUri.schemeSpecificPart, restUri.fragment) - val baseWssPath = "$baseWssUri/api/v1" - } - - private val httpClient = HttpClient(SslContextFactory.Client(true)) - private val wsClient = WebSocketClient(httpClient) - - private val sessions: MutableList = LinkedList() - - fun start() { - wsClient.start() - } - - fun connect(path: String, webSocketAdapter: WebSocketAdapter): Session { - val fullPath = "$baseWssPath$path" - val sessionFuture = wsClient.connect( - webSocketAdapter, - URI(fullPath), - ClientUpgradeRequest(), - BasicAuthUpgradeListener(username, password) - ) - val session = (sessionFuture.getOrThrow(connectTimeout) - ?: throw SmokeTestWebsocketException("Session was null after ${connectTimeout.seconds} seconds.")) - - sessions.add(session) - - log.info("Session established for $username at $fullPath.") - log.info("Open sessions for this client: ${wsClient.openSessions.size}.") - return session - } - - override fun close() { - log.info("Gracefully closing sessions.") - sessions.forEach { it.close(CloseStatus(StatusCode.NORMAL, "Smoke test closing from client side")) } - log.info("Gracefully closing WebSocket client.") - wsClient.stop() - log.info("Gracefully closing HTTP client.") - httpClient.stop() - } -} \ No newline at end of file diff --git a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/SmokeTestWebsocketException.kt b/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/SmokeTestWebsocketException.kt deleted file mode 100644 index 5f878be7272..00000000000 --- a/testing/e2e-test-utilities/src/main/kotlin/net/corda/e2etest/utilities/websocket/client/SmokeTestWebsocketException.kt +++ /dev/null @@ -1,3 +0,0 @@ -package net.corda.e2etest.utilities.websocket.client - -class SmokeTestWebsocketException(message: String, e: Exception? = null) : Exception(message, e) \ No newline at end of file diff --git a/tools/corda-runtime-gradle-plugin/src/main/kotlin/net/corda/gradle/plugin/ProjectUtils.kt b/tools/corda-runtime-gradle-plugin/src/main/kotlin/net/corda/gradle/plugin/ProjectUtils.kt index 3026f9098e8..e7b5cff412a 100644 --- a/tools/corda-runtime-gradle-plugin/src/main/kotlin/net/corda/gradle/plugin/ProjectUtils.kt +++ b/tools/corda-runtime-gradle-plugin/src/main/kotlin/net/corda/gradle/plugin/ProjectUtils.kt @@ -1,16 +1,6 @@ package net.corda.gradle.plugin -import com.fasterxml.jackson.databind.DeserializationFeature -import com.fasterxml.jackson.databind.ObjectMapper -import kong.unirest.HttpResponse -import kong.unirest.JsonNode -import kong.unirest.Unirest -import net.corda.gradle.plugin.configuration.ProjectContext -import net.corda.gradle.plugin.dtos.VirtualNodeInfoDTO -import net.corda.gradle.plugin.dtos.VirtualNodesDTO -import net.corda.gradle.plugin.exception.CordaRuntimeGradlePluginException import java.net.ConnectException -import java.net.HttpURLConnection import java.net.Socket import java.time.Duration import java.time.Instant @@ -96,29 +86,3 @@ fun retryAttempts( } }; throw firstException!! } - -/** - * Gets a list of the virtual nodes which have already been created. - * @Param the [ProjectContext] - * @return a list of the virtual nodes which have already been created. - */ -fun getExistingNodes(pc: ProjectContext) : List { - - Unirest.config().verifySsl(false) - val mapper = ObjectMapper() - mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false) - - val response: HttpResponse = Unirest.get(pc.cordaClusterURL + "/api/v1/virtualnode") - .basicAuth(pc.cordaRestUser, pc.cordaRestPassword) - .asJson() - - if (response.status != HttpURLConnection.HTTP_OK) { - throw CordaRuntimeGradlePluginException("Failed to get Existing vNodes, response status: " + response.status) - } - - return try { - mapper.readValue(response.body.toString(), VirtualNodesDTO::class.java).virtualNodes!! - } catch (e: Exception) { - throw CordaRuntimeGradlePluginException("Failed to get Existing vNodes with exception: ${e.message}", e) - } -} diff --git a/tools/corda-runtime-gradle-plugin/src/main/kotlin/net/corda/gradle/plugin/cordalifecycle/EnvironmentSetupHelper.kt b/tools/corda-runtime-gradle-plugin/src/main/kotlin/net/corda/gradle/plugin/cordalifecycle/EnvironmentSetupHelper.kt index 15f52b8dca0..15729042189 100644 --- a/tools/corda-runtime-gradle-plugin/src/main/kotlin/net/corda/gradle/plugin/cordalifecycle/EnvironmentSetupHelper.kt +++ b/tools/corda-runtime-gradle-plugin/src/main/kotlin/net/corda/gradle/plugin/cordalifecycle/EnvironmentSetupHelper.kt @@ -59,7 +59,7 @@ class EnvironmentSetupHelper { cordaRestPassword: String, configSection: String ): Int { - return Unirest.get("$cordaClusterURL/api/v1/config/$configSection") + return Unirest.get("$cordaClusterURL/api/v5_1/config/$configSection") .basicAuth(cordaRestUser, cordaRestPassword) .asJson() .ifSuccess {}.body.`object`["version"].toString().toInt() @@ -74,7 +74,7 @@ class EnvironmentSetupHelper { configBody: String, configVersion: Int ) { - Unirest.put("$cordaClusterURL/api/v1/config") + Unirest.put("$cordaClusterURL/api/v5_1/config") .basicAuth(cordaRestUser, cordaRestPassword) .body( """