-
Notifications
You must be signed in to change notification settings - Fork 2
/
apnf-man-platform-openapi-bpco.yaml
845 lines (812 loc) · 44.9 KB
/
apnf-man-platform-openapi-bpco.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
openapi: 3.0.3
info:
title: APNF MAN Platform - BPCO API Reference
version: 1.7.0
license:
name: CC-BY-SA-4.0
url: https://creativecommons.org/licenses/by-sa/4.0/legalcode
description: |
# Introduction
Welcome to the APNF MAN platform BPCO (*Base Publique des Certificats Opérateurs*) API reference.
These APIs are publicly available and allow service provider STI-VS component to retrieve and validate STI certificates.
The following resources can be retrieved from this service:
- The STI certificates,
- The Certificate Revocation List (CRL) for the STI certificates,
- The STI-CA certificates used to sign the STI certificates,
- The STI-PA certificates used to sign the STI certificates CRL,
- The CRL of the STI-CA and STI-PA certificates
- The STI Root certificate used to sign the STI-CA and STI-PA certificates, as well as their CRL
## Requests & Headers
A `X-Request-Id` header can also be provided with an UUID. If provided, this header will be returned in the
`X-Response-Id` response header.
The usual `Accept` header may also be passed to specify the desired response format. If not supported by the
service, the error **406** will be returned.
## Responses & Headers
Following headers may be included in responses:
- `Content-Type`: format of the response, if a body is included in the response.
- `Content-Length`: size in bytes of the response body, if a body is included in the response.
- `X-Response-Id`: uniquely identifies the response sent to the client. It corresponds to the `X-Request-Id`
request header if provided. Otherwise, a new value is generated.
- `X-Correlation-Id`: ID generated by the API gateway to track the request between the different services. This
value can be different from the `X-Response-Id` header.
Additional headers may be provided, depending on the API. Refer to each API section to review them.
## Common Error Codes
The following error codes can be returned:
| Error code | Description |
|:--------------:|-------------------------------------------------------------------------|
| **400** | Request input data is invalid. |
| **404** | The resource does not exist. |
| **405** | The method is not allowed for the resource. |
| **406** | The format in the `Accept` header is not supported. |
| **409** | There is a conflict between the object status and the action requested |
| **429** | Too many requests have been sent by the client (see Rate Limiting). |
| **500** | An unexpected error occurred while processing the request. |
| **503** | The service is unavailable. |
## Rate Limiting
To ensure availability to all clients, concurrent accesses to this API are restricted per
below rate limiting logic:
- Each IP address is allowed to perform up to 600 calls during a period of 1 minute.
- Any additional call will be rejected by the API using a 429 "TOO_MANY_REQUESTS" error code
# References
Additional API references are also available, covering other MAN platform functionalities:
- **MAN Platform GCO API Reference**, listing the MAN platform GCO (Gestionnaires des Certificats Opérateurs) module APIs, to manage service provider data in the MAN platform, including STI certificates.
- **MAN Platform Authentication API Reference**, providing the APIs to create access tokens require to authenticate against the APIs listed in this document.
# History
**1.7.0** - 2024/09/09
- Reorder alphabetically components
**1.6.0** - 2023/12/13
- (Description) Fix spelling error in 'Rate limiting'
- (History) - Set correct 1.5.1 version for 2023/10/05 release
**1.5.1** - 2023/10/05
- (GET /ca) Update `version` format from integer to float
- (GET /ca/certs) Update `version` format from integer to float
**1.5.0** - 2023/09/27
- Include in `Description` section rate limiting logic
- Add CC-BY-SA-4.0 license
**1.4.0** - N/A
**1.3.0** - 2023/06/16
- Add `servers` entries for VABF and Preproduction platforms
- (GET /ca) Clarify format for `version` and `sequence` properties
- (GET /ca) Remove `byte` format for response body properties as they are Base64 URL encoded and not Base64 encoded.
- (GET /ca/certs) Clarify format for `version` and `sequence` properties
- (GET /ca/certs) Remove `byte` format for response body properties as they are Base64 URL encoded and not Base64 encoded.
**1.2.0** - 2023/05/04
- (All) Add 405 HTTP status case to all responses
- (All) Add 409 HTTP status code to the Common Error Codes section
- (All) Add `Content-Type` header to all 4xx HTTP status cases
- (GET /certs/{spc}/{sn}.cer) Add 400 HTTP status case
- (GET /crl) Add `Content-Type` header for 304 HTTP status case
- (GET /crl) Remove `Content-Length` header for 304 HTTP status case
- (GET /ca) Add `Content-Type` header for 304 HTTP status case
- (GET /ca) Remove `Content-Length` header for 304 HTTP status case
- (GET /ca/certs) Add `Content-Type` header for 304 HTTP status case
- (GET /ca/certs) Remove `Content-Length` header for 304 HTTP status case
- (GET /ca/certs/{sn}.cer) Add 400 HTTP status case
- (GET /ca/crl) Add `Content-Type` header for 304 HTTP status case
- (GET /ca/crl) Remove `Content-Length` header for 304 HTTP status case
**1.1.0** - 2023/01/18
- Update base URL from *https://man-bpco.fr/* to *https://api.man-bpco.fr/*
- Update `CertificateSerialNumber` component schema pattern
servers:
- url: https://api.man-bpco.fr/
description: Production platform
- url: https://api.pprod.man-bpco.fr/
description: Preproduction platform
- url: https://api.vabf.man-bpco.fr/
description: VABF platform
tags:
- name: BPCO
description: |
MAN platform public access service used to download STI certificates and related data to validate them.
paths:
/certs/{spc}/{sn}.cer:
get:
summary: Get STI certificate
description: |
Return in PEM format the provider STI certificate identified by the service provider code and its serial number.
tags:
- BPCO
parameters:
- name: spc
in: path
description: Service Provider Code. Each service provider in France is assigned a unique code by the APNF.
required: true
schema:
type: string
pattern: ^([0-9A-Z]{6})$
example: OPC000
- $ref: '#/components/parameters/CertificateSerialNumber'
- $ref: '#/components/parameters/X-Request-Id'
responses:
'200':
description: The STI certificate in PEM format.
content:
application/x-pem-file:
schema:
type: string
example: |
-----BEGIN CERTIFICATE-----
MIIC/DCCAqOgAwIBAgIUV6uzS8pRAEO95DhGDxOyfmqCwAQwCgYIKoZIzj0EAwIw
gYcxLDAqBgNVBAMMI0JQQ08gQ0ExIMOiwoDCkyBTSEFLRU4gSW50ZXJtZWRpYXRl
MQswCQYDVQQGEwJGUjEqMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DD
g8KpcmF0ZXVyMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIw
NzA0MTAwMDMxWhcNMjIxMDAyMTAwMDMxWjBXMRYwFAYDVQQDDA1TSEFLRU4gT1BD
MDAwMQswCQYDVQQGEwJGUjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQL
DBBTZXJ2aWNlIFByb3ZpZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/
qQeNfCytgqjIETfjmVEw7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0
ULplSrl9+QrrpKLwjKOCARowggEWMB0GA1UdDgQWBBRk53mcS8XiTcavdh4VBd3j
RA803zAfBgNVHSMEGDAWgBRNelLrS9FcVoyWR7d8FHJRlixuBDAOBgNVHQ8BAf8E
BAMCB4AwDAYDVR0TAQH/BAIwADCBmwYDVR0fBIGTMIGQMIGNoB6gHIYaaHR0cHM6
Ly88ZG9tYWluZS1icGNvPi9jcmyia6RpMGcxCzAJBgNVBAYTAkZSMSowKAYDVQQK
DCFCYXNlIGRlcyBDZXJ0aWZpY2F0cyBPcMODwqlyYXRldXIxGTAXBgNVBAsMEFBv
bGljeSBBdXRob3JpdHkxETAPBgNVBAMMCEJQQ08gUEExMBgGCCsGAQUFBwEaBAww
CqAIFgZPUEMwMDAwCgYIKoZIzj0EAwIDRwAwRAIgNBAcIP/Gwx1rXvI2/PiflboV
YVc3KWvfczSpXEMF61oCIG64G0cYxoO00MBdY+vg6umsNtA6eT0q5G6wW7dNjOTv
-----END CERTIFICATE-----
headers:
Content-Length:
description: Size in bytes of the PEM contents provided in the response
schema:
type: integer
example: 1094
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'400':
$ref: '#/components/responses/ErrorValidation'
'404':
$ref: '#/components/responses/ErrorNotFound'
'405':
$ref: '#/components/responses/ErrorNotAllowed'
'406':
$ref: '#/components/responses/ErrorInvalidAcceptHeader'
'429':
$ref: '#/components/responses/ErrorRateLimiting'
'500':
$ref: '#/components/responses/ErrorInternal'
'503':
$ref: '#/components/responses/ServiceUnavailable'
/crl:
get:
summary: Get STI certificates Certificate Revocation List
description: |
Return in DER format the Certificate Revocation List (CRL) for the STI certificates. This CRL is used to list all STI
certificates signed by the Certificate Authority that have been revoked before their expiration.
The CRL provides the following information for each revoked certificate, as described in RFC 5280 & 6818:
* Update date
* Serial number
When the `If-Modified-Since` request header is specified, a **304** response is returned if the CRL file has
not been updated since the date specified in the header. This header can be filled with the value of the
`Last-Modified` response header collected from a previous call to this API.
tags:
- BPCO
parameters:
- $ref: '#/components/parameters/If-Modified-Since'
- $ref: '#/components/parameters/X-Request-Id'
responses:
'200':
description: The Certificate Revocation List in DER format.
content:
application/pkix-crl:
schema:
type: string
format: binary
example: |
00000000: 3082 0120 3081 c802 0101 300a 0608 2a86 0.. 0.....0...*.
00000010: 48ce 3d04 0302 3067 3111 300f 0603 5504 H.=...0g1.0...U.
00000020: 030c 0842 5043 4f20 5041 3131 0b30 0906 ...BPCO PA11.0..
00000030: 0355 0406 1302 4652 312a 3028 0603 5504 .U....FR1*0(..U.
00000040: 0a0c 2142 6173 6520 6465 7320 4365 7274 ..!Base des Cert
00000050: 6966 6963 6174 7320 4f70 c383 c2a9 7261 ificats Op....ra
00000060: 7465 7572 3119 3017 0603 5504 0b0c 1050 teur1.0...U....P
00000070: 6f6c 6963 7920 4175 7468 6f72 6974 7917 olicy Authority.
00000080: 0d32 3230 3730 3431 3235 3032 305a 170d .220704125020Z..
00000090: 3232 3038 3033 3132 3530 3230 5aa0 3030 220803125020Z.00
000000a0: 2e30 1f06 0355 1d23 0418 3016 8014 097a .0...U.#..0....z
000000b0: 34d8 9663 a43e 0250 9294 9de2 de31 8135 4..c.>.P.....1.5
000000c0: 3c8a 300b 0603 551d 1404 0402 0210 0030 <.0...U........0
000000d0: 0a06 082a 8648 ce3d 0403 0203 4700 3044 ...*.H.=....G.0D
000000e0: 0220 58da 50e6 2670 a7e4 413d bb9d c193 . X.P.&p..A=....
000000f0: e0c0 3852 0138 1bd0 73fc 04fa 7328 952b ..8R.8..s...s(.+
00000100: e169 0220 1110 3e86 450b f0db 4345 80c9 .i. ..>.E...CE..
00000110: b12e d905 9f72 051a e02d fd3d 67d7 4ce2 .....r...-.=g.L.
00000120: b92f e546 ./.F
headers:
Last-Modified:
description: Last update date of the CRL file. Uses HTTP-Date format (RFC 7231).
schema:
$ref: '#/components/schemas/RFC7231.HTTP-date'
Content-Length:
description: Size in bytes of the DER contents provided in the response.
schema:
type: integer
example: 292
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'304':
description: No change since the date provided in the `If-Modified-Since` request header.
headers:
Last-Modified:
description: Last update date of the CRL file. Uses HTTP-Date format (RFC 7231).
schema:
$ref: '#/components/schemas/RFC7231.HTTP-date'
Content-Type:
$ref: '#/components/headers/Content-Type-Pkix-Crl'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'405':
$ref: '#/components/responses/ErrorNotAllowed'
'406':
$ref: '#/components/responses/ErrorInvalidAcceptHeader'
'429':
$ref: '#/components/responses/ErrorRateLimiting'
'500':
$ref: '#/components/responses/ErrorInternal'
'503':
$ref: '#/components/responses/ServiceUnavailable'
/ca:
get:
summary: Get Certificate Authority root certificates
description: |
Return in a JSON Web Token (JWT) the list of Certificate Authority root certificates, following the
ATIS-100084.v002 standard.
When the `If-Modified-Since` request header is specified, a **304** response is returned if the Certificate
Authority has not been updated since the date specified in the header. This header can be filled with the value
of the `Last-Modified` response header collected from a previous call to this API.
tags:
- BPCO
parameters:
- $ref: '#/components/parameters/If-Modified-Since'
- $ref: '#/components/parameters/X-Request-Id'
responses:
'200':
description: |
A JSON Web Token containing the Certificate Authority root certificates in its payload and signed by the
Certificate Authority PA certificate following
[RFC 7515 (JSON Serialisation)](https://datatracker.ietf.org/doc/html/rfc7515#section-3.2).
* `protected` property contains the JWS protected header encoded as Base64:
```
base64UrlEncode({
"alg" : "ES256",
"typ" : "JWT",
"x5u" : "https://api.man-bpco.fr/ca/certs/2825D0EC08D575B25F595CA683A80F911590FCC3.cer"
})
```
* `payload` property contains the JWS payload encoded as Base64:
```
base64UrlEncode({
"version": 1.0,
"sequence": 1,
"exp": 1300819380,
"trustList": [
"-----BEGIN CERTIFICATE-----\nMIICNjCCAdygAwIBAgIUSClrMzSowIZ578Y9IBztf7K3x/IwCgYIKoZIzj0EAwIw\neTEeMBwGA1UEAwwVQlBDTyBSMSAtIFNIQUtFTiBSb290MQswCQYDVQQGEwJGUjEq\nMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DDg8KpcmF0ZXVyMR4wHAYD\nVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIwNzAxMDkwMDA0WhcNMjcw\nNjMwMDkwMDA0WjB5MR4wHAYDVQQDDBVCUENPIFIxIC0gU0hBS0VOIFJvb3QxCzAJ\nBgNVBAYTAkZSMSowKAYDVQQKDCFCYXNlIGRlcyBDZXJ0aWZpY2F0cyBPcMODwqly\nYXRldXIxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOxwHSMOsCRsjRRMD+Gg3f5yvKfO6Zo/uV2/JqRkU0Xb\ncWvtO/qMh03x+rcb39U2KS4s2XVPIJHiL09M0jxpt6ajQjBAMB0GA1UdDgQWBBQQ\nn6w1P+pMKttkhn223yrXVkO+ojAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUw\nAwEB/zAKBggqhkjOPQQDAgNIADBFAiBup54QrIBzxvPcP8d8wCcffpyQcW5I/QCT\n6PILfemc9gIhAOLdf3wxWwJIvK0e4K2BnkyJMEM0f/WW/IFlhYQus2Hv\n-----END CERTIFICATE-----\n"
]
})
```
In this payload:
* `version` is a float starting with `1.0` and incremented by 1 each time the payload format is updated,
* `sequence` is an integer incremented each time the certificate list is updated,
* `exp` contains the timestamp corresponding to the token expiration date. Expiration for this token is set to one week.
* `trustList` contains the list of the CA root certificates in PEM format.
* `signature` property contains the JWS signature encoded as Base64:
```
base64UrlEncode(ECDSASHA256(
base64UrlEncode(protected) + '.' + base64UrlEncode(payload)
))
```
content:
application/jose+json:
schema:
type: object
properties:
protected:
type: string
example: |
eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1dSI6Imh0dHBzOi8vPGRvbWFpbmUtYnBjbz4vY2EvY2VydHMvM\
jgyNUQwRUMwOEQ1NzVCMjVGNTk1Q0E2ODNBODBGOTExNTkwRkNDMy5jZXIifQ
payload:
type: string
example: |
eyJ2ZXJzaW9uIjoxLjAsInNlcXVlbmNlIjoxLCJleHAiOjEzMDA4MTkzODAsInRydXN0TGlzdCI6WyItLS0tLUJFR\
0lOIENFUlRJRklDQVRFLS0tLS1cbk1JSUNOakNDQWR5Z0F3SUJBZ0lVU0Nsck16U293SVo1NzhZOUlCenRmN0szeC9Jd0NnWUlL\
b1pJemowRUF3SXdcbmVURWVNQndHQTFVRUF3d1ZRbEJEVHlCU01TQXRJRk5JUVV0RlRpQlNiMjkwTVFzd0NRWURWUVFHRXdKR1V\
qRXFcbk1DZ0dBMVVFQ2d3aFFtRnpaU0JrWlhNZ1EyVnlkR2xtYVdOaGRITWdUM0REZzhLcGNtRjBaWFZ5TVI0d0hBWURcblZRUU\
xEQlZEWlhKMGFXWnBZMkYwWlNCQmRYUm9iM0pwZEhrd0hoY05Nakl3TnpBeE1Ea3dNREEwV2hjTk1qY3dcbk5qTXdNRGt3TURBM\
FdqQjVNUjR3SEFZRFZRUUREQlZDVUVOUElGSXhJQzBnVTBoQlMwVk9JRkp2YjNReEN6QUpcbkJnTlZCQVlUQWtaU01Tb3dLQVlE\
VlFRS0RDRkNZWE5sSUdSbGN5QkRaWEowYVdacFkyRjBjeUJQY01PRHdxbHlcbllYUmxkWEl4SGpBY0JnTlZCQXNNRlVObGNuUnB\
abWxqWVhSbElFRjFkR2h2Y21sMGVUQlpNQk1HQnlxR1NNNDlcbkFnRUdDQ3FHU000OUF3RUhBMElBQk94d0hTTU9zQ1JzalJSTU\
QrR2czZjV5dktmTzZaby91VjIvSnFSa1UwWGJcbmNXdnRPL3FNaDAzeCtyY2IzOVUyS1M0czJYVlBJSkhpTDA5TTBqeHB0NmFqU\
WpCQU1CMEdBMVVkRGdRV0JCUVFcbm42dzFQK3BNS3R0a2huMjIzeXJYVmtPK29qQU9CZ05WSFE4QkFmOEVCQU1DQWdRd0R3WURW\
UjBUQVFIL0JBVXdcbkF3RUIvekFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUJ1cDU0UXJJQnp4dlBjUDhkOHdDY2ZmcHlRY1c1SS9\
RQ1RcbjZQSUxmZW1jOWdJaEFPTGRmM3d4V3dKSXZLMGU0SzJCbmt5Sk1FTTBmL1dXL0lGbGhZUXVzMkh2XG4tLS0tLUVORCBDRV\
JUSUZJQ0FURS0tLS0tXG4iXX0
signature:
type: string
example: tqPZ22O4eNL82KwK7vFgHU6yXk53rfNBdSDgweNwsCgBoiYUOehWV6cnlrI-IVjAfTPLWVb91uUALz0g8w2e3A
headers:
Last-Modified:
description: |
Last update date of the Certificate Authority root certificates list. Uses HTTP-Date format (RFC 7231).
schema:
$ref: '#/components/schemas/RFC7231.HTTP-date'
Content-Length:
$ref: '#/components/headers/Content-Length'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'304':
description: No change since the date provided in the `If-Modified-Since` request header
headers:
Last-Modified:
description: Last update date of the Certificate Authority root certificates list. Uses HTTP-Date format (RFC 7231).
schema:
$ref: '#/components/schemas/RFC7231.HTTP-date'
Content-Type:
$ref: '#/components/headers/Content-Type-Jose-Json'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'405':
$ref: '#/components/responses/ErrorNotAllowed'
'406':
$ref: '#/components/responses/ErrorInvalidAcceptHeader'
'429':
$ref: '#/components/responses/ErrorRateLimiting'
'500':
$ref: '#/components/responses/ErrorInternal'
'503':
$ref: '#/components/responses/ServiceUnavailable'
/ca/certs:
get:
summary: Get Certificate Authority intermediate certificates
description: |
Return in a JSON Web Token (JWT) the list of Certificate Authority intermediate certificates that can be used
to sign the provider STI certificates.
When the `If-Modified-Since` request header is specified, a **304** response is returned if the intermediate
certificate list has not been updated since the date specified in the header. This header can be filled with
the value of the `Last-Modified` response header collected from a previous call to this API.
tags:
- BPCO
parameters:
- $ref: '#/components/parameters/If-Modified-Since'
- $ref: '#/components/parameters/X-Request-Id'
responses:
'200':
description: |
A JSON Web Token containing the Certificate Authority intermediate certificates in its payload and signed
by the Certificate Authority PA certificate following
[RFC 7515 (JSON Serialisation)](https://datatracker.ietf.org/doc/html/rfc7515#section-3.2).
* `protected` property contains the JWS protected header encoded as Base64:
```
base64UrlEncode({
"alg" : "ES256",
"typ" : "JWT",
"x5u" : "https://api.man-bpco.fr/ca/certs/2825D0EC08D575B25F595CA683A80F911590FCC3.cer"
})
```
* `payload` property contains the JWS payload encoded as Base64:
```
base64UrlEncode({
"version": 1.0,
"sequence": 1,
"exp": 1300819380,
"certList": [
"-----BEGIN CERTIFICATE-----\nMIIDSjCCAu+gAwIBAgIUKCXQ7AjVdbJfWVymg6gPkRWQ/MQwCgYIKoZIzj0EAwIw\neTEeMBwGA1UEAwwVQlBDTyBSMSAtIFNIQUtFTiBSb290MQswCQYDVQQGEwJGUjEq\nMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DDg8KpcmF0ZXVyMR4wHAYD\nVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIwNzA0MDk1NzAxWhcNMjMw\nNzA0MDk1NzAxWjCBhzEsMCoGA1UEAwwjQlBDTyBDQTEgw6LCgMKTIFNIQUtFTiBJ\nbnRlcm1lZGlhdGUxCzAJBgNVBAYTAkZSMSowKAYDVQQKDCFCYXNlIGRlcyBDZXJ0\naWZpY2F0cyBPcMODwqlyYXRldXIxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhv\ncml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNJoswbujnxJ8LBLlb9fwGF/\nRofpMde+3/Ky9jGB+nnILEHDiObazp5SoxF/W7UvJv40GR3teyAt2xZwO7EMYb+j\nggFEMIIBQDAdBgNVHQ4EFgQUTXpS60vRXFaMlke3fBRyUZYsbgQwHwYDVR0jBBgw\nFoAUEJ+sNT/qTCrbZIZ9tt8q11ZDvqIwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB\n/wQIMAYBAf8CAQAwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAChitodHRwczov\nLzxkb21haW5lLWJwY28+L2NhL2NlcnRzL2JwY29fcjEuY2VyMIGQBgNVHR8EgYgw\ngYUwgYKgIaAfhh1odHRwczovLzxkb21haW5lLWJwY28+L2NhL2NybKJdpFswWTEL\nMAkGA1UEBhMCRlIxKjAoBgNVBAoMIUJhc2UgZGVzIENlcnRpZmljYXRzIE9ww4PC\nqXJhdGV1cjEeMBwGA1UEAwwVQlBDTyBSMSAtIFNIQUtFTiBSb290MAoGCCqGSM49\nBAMCA0kAMEYCIQDzKJTwFaBj9vBg94B6uo1HIsQi/WNemQiXbhF/VUzjNwIhAPMs\n8dTDVnrUp4cvWDS1dR1mdwp6Me39hxU/SMgJik6i\n-----END CERTIFICATE-----\n",
"-----BEGIN CERTIFICATE-----\nMIIDSTCCAu+gAwIBAgIUKCXQ7AjVdbJfWVymg6gPkRWQ/MIwCgYIKoZIzj0EAwIw\neTEeMBwGA1UEAwwVQlBDTyBSMSAtIFNIQUtFTiBSb290MQswCQYDVQQGEwJGUjEq\nMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DDg8KpcmF0ZXVyMR4wHAYD\nVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIwNzAxMTIzMjMzWhcNMjMw\nNzAxMTIzMjMzWjCBhzEsMCoGA1UEAwwjQlBDTyBDQTIgw6LCgMKTIFNIQUtFTiBJ\nbnRlcm1lZGlhdGUxCzAJBgNVBAYTAkZSMSowKAYDVQQKDCFCYXNlIGRlcyBDZXJ0\naWZpY2F0cyBPcMODwqlyYXRldXIxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhv\ncml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGDkmrQjfI1RVshFzLTOW3ND\nsgHwpawd0M+OWpH7YPGQ5z+Izl39T5UYspWRiCaR4U+ezmkFYXrqvr5jdk8TmCqj\nggFEMIIBQDAdBgNVHQ4EFgQU5aG26FlXZBzA7KxexafbHzodraEwHwYDVR0jBBgw\nFoAUEJ+sNT/qTCrbZIZ9tt8q11ZDvqIwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB\n/wQIMAYBAf8CAQAwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAChitodHRwczov\nLzxkb21haW5lLWJwY28+L2NhL2NlcnRzL2JwY29fcjEuY2VyMIGQBgNVHR8EgYgw\ngYUwgYKgIaAfhh1odHRwczovLzxkb21haW5lLWJwY28+L2NhL2NybKJdpFswWTEL\nMAkGA1UEBhMCRlIxKjAoBgNVBAoMIUJhc2UgZGVzIENlcnRpZmljYXRzIE9ww4PC\nqXJhdGV1cjEeMBwGA1UEAwwVQlBDTyBSMSAtIFNIQUtFTiBSb290MAoGCCqGSM49\nBAMCA0gAMEUCIGmaF8B308blN0GAm33sxos3S1/6ITOdEFCelDDthkYMAiEAjZ+j\nL3wPTDkaW02cu/1NP1FsS55ocxmJReB9r7nIG4M=\n-----END CERTIFICATE-----\n"
]
})
```
In this payload:
* `version` is a float starting with `1.0` and incremented by 1 each time the payload format is updated,
* `sequence` is an integer incremented each time the certificate list is updated,
* `exp` contains the timestamp corresponding to the token expiration date. Expiration for this token is set to one week.
* `certList` contains the list of the CA intermediates certificates in PEM format.
* `signature` property contains the JWS signature encoded as Base64:
```
base64UrlEncode(ECDSASHA256(
base64UrlEncode(protected) + '.' + base64UrlEncode(payload)
))
```
content:
application/jose+json:
schema:
type: object
properties:
protected:
type: string
example: |
eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1dSI6Imh0dHBzOi8vPGRvbWFpbmUtYnBjbz4vY2EvY2VydHMvM\
jgyNUQwRUMwOEQ1NzVCMjVGNTk1Q0E2ODNBODBGOTExNTkwRkNDMy5jZXIifQ
payload:
type: string
example: |
eyJ2ZXJzaW9uIjoxLjAsInNlcXVlbmNlIjoxLCJleHAiOjEzMDA4MTkzODAsImNlcnRMaXN0IjpbIi0tLS0tQkVHS\
U4gQ0VSVElGSUNBVEUtLS0tLVxuTUlJRFNqQ0NBdStnQXdJQkFnSVVLQ1hRN0FqVmRiSmZXVnltZzZnUGtSV1EvTVF3Q2dZSUtv\
Wkl6ajBFQXdJd1xuZVRFZU1Cd0dBMVVFQXd3VlFsQkRUeUJTTVNBdElGTklRVXRGVGlCU2IyOTBNUXN3Q1FZRFZRUUdFd0pHVWp\
FcVxuTUNnR0ExVUVDZ3doUW1GelpTQmtaWE1nUTJWeWRHbG1hV05oZEhNZ1QzRERnOEtwY21GMFpYVnlNUjR3SEFZRFxuVlFRTE\
RCVkRaWEowYVdacFkyRjBaU0JCZFhSb2IzSnBkSGt3SGhjTk1qSXdOekEwTURrMU56QXhXaGNOTWpNd1xuTnpBME1EazFOekF4V\
2pDQmh6RXNNQ29HQTFVRUF3d2pRbEJEVHlCRFFURWd3NkxDZ01LVElGTklRVXRGVGlCSlxuYm5SbGNtMWxaR2xoZEdVeEN6QUpC\
Z05WQkFZVEFrWlNNU293S0FZRFZRUUtEQ0ZDWVhObElHUmxjeUJEWlhKMFxuYVdacFkyRjBjeUJQY01PRHdxbHlZWFJsZFhJeEh\
qQWNCZ05WQkFzTUZVTmxjblJwWm1sallYUmxJRUYxZEdodlxuY21sMGVUQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQT\
BJQUJOSm9zd2J1am54SjhMQkxsYjlmd0dGL1xuUm9mcE1kZSszL0t5OWpHQitubklMRUhEaU9iYXpwNVNveEYvVzdVdkp2NDBHU\
jN0ZXlBdDJ4WndPN0VNWWIralxuZ2dGRU1JSUJRREFkQmdOVkhRNEVGZ1FVVFhwUzYwdlJYRmFNbGtlM2ZCUnlVWllzYmdRd0h3\
WURWUjBqQkJnd1xuRm9BVUVKK3NOVC9xVENyYlpJWjl0dDhxMTFaRHZxSXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1CSUdBMVVkRXd\
FQlxuL3dRSU1BWUJBZjhDQVFBd1J3WUlLd1lCQlFVSEFRRUVPekE1TURjR0NDc0dBUVVGQnpBQ2hpdG9kSFJ3Y3pvdlxuTHp4a2\
IyMWhhVzVsTFdKd1kyOCtMMk5oTDJObGNuUnpMMkp3WTI5ZmNqRXVZMlZ5TUlHUUJnTlZIUjhFZ1lnd1xuZ1lVd2dZS2dJYUFma\
Ggxb2RIUndjem92THp4a2IyMWhhVzVsTFdKd1kyOCtMMk5oTDJOeWJLSmRwRnN3V1RFTFxuTUFrR0ExVUVCaE1DUmxJeEtqQW9C\
Z05WQkFvTUlVSmhjMlVnWkdWeklFTmxjblJwWm1sallYUnpJRTl3dzRQQ1xucVhKaGRHVjFjakVlTUJ3R0ExVUVBd3dWUWxCRFR\
5QlNNU0F0SUZOSVFVdEZUaUJTYjI5ME1Bb0dDQ3FHU000OVxuQkFNQ0Ewa0FNRVlDSVFEektKVHdGYUJqOXZCZzk0QjZ1bzFISX\
NRaS9XTmVtUWlYYmhGL1ZVempOd0loQVBNc1xuOGRURFZuclVwNGN2V0RTMWRSMW1kd3A2TWUzOWh4VS9TTWdKaWs2aVxuLS0tL\
S1FTkQgQ0VSVElGSUNBVEUtLS0tLVxuIiwiLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEU1RDQ0F1K2dBd0lCQWdJ\
VUtDWFE3QWpWZGJKZldWeW1nNmdQa1JXUS9NSXdDZ1lJS29aSXpqMEVBd0l3XG5lVEVlTUJ3R0ExVUVBd3dWUWxCRFR5QlNNU0F\
0SUZOSVFVdEZUaUJTYjI5ME1Rc3dDUVlEVlFRR0V3SkdVakVxXG5NQ2dHQTFVRUNnd2hRbUZ6WlNCa1pYTWdRMlZ5ZEdsbWFXTm\
hkSE1nVDNERGc4S3BjbUYwWlhWeU1SNHdIQVlEXG5WUVFMREJWRFpYSjBhV1pwWTJGMFpTQkJkWFJvYjNKcGRIa3dIaGNOTWpJd\
056QXhNVEl6TWpNeldoY05Nak13XG5OekF4TVRJek1qTXpXakNCaHpFc01Db0dBMVVFQXd3alFsQkRUeUJEUVRJZ3c2TENnTUtU\
SUZOSVFVdEZUaUJKXG5iblJsY20xbFpHbGhkR1V4Q3pBSkJnTlZCQVlUQWtaU01Tb3dLQVlEVlFRS0RDRkNZWE5sSUdSbGN5QkR\
aWEowXG5hV1pwWTJGMGN5QlBjTU9Ed3FseVlYUmxkWEl4SGpBY0JnTlZCQXNNRlVObGNuUnBabWxqWVhSbElFRjFkR2h2XG5jbW\
wwZVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkdEa21yUWpmSTFSVnNoRnpMVE9XM05EXG5zZ0h3cGF3ZDBNK\
09XcEg3WVBHUTV6K0l6bDM5VDVVWXNwV1JpQ2FSNFUrZXpta0ZZWHJxdnI1amRrOFRtQ3FqXG5nZ0ZFTUlJQlFEQWRCZ05WSFE0\
RUZnUVU1YUcyNkZsWFpCekE3S3hleGFmYkh6b2RyYUV3SHdZRFZSMGpCQmd3XG5Gb0FVRUorc05UL3FUQ3JiWklaOXR0OHExMVp\
EdnFJd0RnWURWUjBQQVFIL0JBUURBZ0lFTUJJR0ExVWRFd0VCXG4vd1FJTUFZQkFmOENBUUF3UndZSUt3WUJCUVVIQVFFRU96QT\
VNRGNHQ0NzR0FRVUZCekFDaGl0b2RIUndjem92XG5MenhrYjIxaGFXNWxMV0p3WTI4K0wyTmhMMk5sY25SekwySndZMjlmY2pFd\
VkyVnlNSUdRQmdOVkhSOEVnWWd3XG5nWVV3Z1lLZ0lhQWZoaDFvZEhSd2N6b3ZMenhrYjIxaGFXNWxMV0p3WTI4K0wyTmhMMk55\
YktKZHBGc3dXVEVMXG5NQWtHQTFVRUJoTUNSbEl4S2pBb0JnTlZCQW9NSVVKaGMyVWdaR1Z6SUVObGNuUnBabWxqWVhSeklFOXd\
3NFBDXG5xWEpoZEdWMWNqRWVNQndHQTFVRUF3d1ZRbEJEVHlCU01TQXRJRk5JUVV0RlRpQlNiMjkwTUFvR0NDcUdTTTQ5XG5CQU\
1DQTBnQU1FVUNJR21hRjhCMzA4YmxOMEdBbTMzc3hvczNTMS82SVRPZEVGQ2VsRER0aGtZTUFpRUFqWitqXG5MM3dQVERrYVcwM\
mN1LzFOUDFGc1M1NW9jeG1KUmVCOXI3bklHNE09XG4tLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tXG4iXX0
signature:
type: string
example: nXGIkIbqKKeH5rzoECy6TnQKf6_yBKMb4B4OAT3TqNsyup5HVK8330dh3r42GwHkRb48IsrhsdUdys1goueaKQ
headers:
Last-Modified:
description: |
Last update date of the Certificate Authority intermediate certificates list. Uses HTTP-Date format (RFC 7231).
schema:
$ref: '#/components/schemas/RFC7231.HTTP-date'
Content-Length:
$ref: '#/components/headers/Content-Length'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'304':
description: No change since the date provided in the `If-Modified-Since` request header
headers:
Last-Modified:
description: |
Last update date of the Certificate Authority intermediate certificates list. Uses HTTP-Date format (RFC 7231).
schema:
$ref: '#/components/schemas/RFC7231.HTTP-date'
Content-Type:
$ref: '#/components/headers/Content-Type-Jose-Json'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'405':
$ref: '#/components/responses/ErrorNotAllowed'
'406':
$ref: '#/components/responses/ErrorInvalidAcceptHeader'
'429':
$ref: '#/components/responses/ErrorRateLimiting'
'500':
$ref: '#/components/responses/ErrorInternal'
'503':
$ref: '#/components/responses/ServiceUnavailable'
/ca/certs/{sn}.cer:
get:
summary: Get Certificate Authority certificate
description: |
Return in PEM format the Certificate Authority certificate identified by its serial number.
tags:
- BPCO
parameters:
- $ref: '#/components/parameters/CertificateSerialNumber'
- $ref: '#/components/parameters/X-Request-Id'
responses:
'200':
description: The Certificate Authority certificate in PEM format.
content:
application/x-pem-file:
schema:
type: string
example: |
-----BEGIN CERTIFICATE-----
MIIDITCCAsigAwIBAgIUKCXQ7AjVdbJfWVymg6gPkRWQ/MMwCgYIKoZIzj0EAwIw
eTEeMBwGA1UEAwwVQlBDTyBSMSAtIFNIQUtFTiBSb290MQswCQYDVQQGEwJGUjEq
MCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DDg8KpcmF0ZXVyMR4wHAYD
VQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIwNzAxMTUwNTI3WhcNMjMw
NzAxMTUwNTI3WjBnMREwDwYDVQQDDAhCUENPIFBBMTELMAkGA1UEBhMCRlIxKjAo
BgNVBAoMIUJhc2UgZGVzIENlcnRpZmljYXRzIE9ww4PCqXJhdGV1cjEZMBcGA1UE
CwwQUG9saWN5IEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPGR
0Hd+PO4NNA8EQX3twjM/oDTmsH8snHe9zLBSKx2lXjyyjTB+PQI8LOo6wUMQF7rd
9N3rJucFreToVlatM5ajggE+MIIBOjAdBgNVHQ4EFgQUCXo02JZjpD4CUJKUneLe
MYE1PIowHwYDVR0jBBgwFoAUEJ+sNT/qTCrbZIZ9tt8q11ZDvqIwDgYDVR0PAQH/
BAQDAgGCMAwGA1UdEwEB/wQCMAAwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAC
hitodHRwczovLzxkb21haW5lLWJwY28+L2NhL2NlcnRzL2JwY29fcjEuY2VyMIGQ
BgNVHR8EgYgwgYUwgYKgIaAfhh1odHRwczovLzxkb21haW5lLWJwY28+L2NhL2Ny
bKJdpFswWTELMAkGA1UEBhMCRlIxKjAoBgNVBAoMIUJhc2UgZGVzIENlcnRpZmlj
YXRzIE9ww4PCqXJhdGV1cjEeMBwGA1UEAwwVQlBDTyBSMSAtIFNIQUtFTiBSb290
MAoGCCqGSM49BAMCA0cAMEQCICJrNIGvO44Bn/gLEsG/20NqxZNan1I2s/8mmR2B
5aOcAiBrqL+eXVHTebRCJENJelTryJIaC5rI1KQuanV9aUUkOg==
-----END CERTIFICATE-----
headers:
Content-Length:
description: Size in bytes of the PEM contents provided in the response.
schema:
type: integer
example: 1147
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'400':
$ref: '#/components/responses/ErrorValidation'
'404':
$ref: '#/components/responses/ErrorNotFound'
'405':
$ref: '#/components/responses/ErrorNotAllowed'
'406':
$ref: '#/components/responses/ErrorInvalidAcceptHeader'
'429':
$ref: '#/components/responses/ErrorRateLimiting'
'500':
$ref: '#/components/responses/ErrorInternal'
'503':
$ref: '#/components/responses/ServiceUnavailable'
/ca/crl:
get:
summary: Get Certificate Authority Certificate Revocation List
description: |
Return in DER format Certificate Revocation List (CRL) for the Certificate Authority certificates.
This CRL is used to list all Certificate Authority intermediate and PA certificates that have been revoked
before their expiration.
The CRL provides the following information for each revoked certificate, as described in RFC 5280 & 6818:
* Update date
* Serial number
When the `If-Modified-Since` request header is specified, a **304** response is returned if the CRL file has
not been updated since the date specified in the header. This header can be filled with the value of the
`Last-Modified` response header collected from a previous call to this API.
tags:
- BPCO
parameters:
- $ref: '#/components/parameters/If-Modified-Since'
- $ref: '#/components/parameters/X-Request-Id'
responses:
'200':
description: The Certificate Revocation List in DER format.
content:
application/pkix-crl:
schema:
type: string
format: binary
example: |
00000000: 3082 0133 3081 da02 0101 300a 0608 2a86 0..30.....0...*.
00000010: 48ce 3d04 0302 3079 311e 301c 0603 5504 H.=...0y1.0...U.
00000020: 030c 1542 5043 4f20 5231 202d 2053 4841 ...BPCO R1 - SHA
00000030: 4b45 4e20 526f 6f74 310b 3009 0603 5504 KEN Root1.0...U.
00000040: 0613 0246 5231 2a30 2806 0355 040a 0c21 ...FR1*0(..U...!
00000050: 4261 7365 2064 6573 2043 6572 7469 6669 Base des Certifi
00000060: 6361 7473 204f 70c3 83c2 a972 6174 6575 cats Op....rateu
00000070: 7231 1e30 1c06 0355 040b 0c15 4365 7274 r1.0...U....Cert
00000080: 6966 6963 6174 6520 4175 7468 6f72 6974 ificate Authorit
00000090: 7917 0d32 3230 3730 3431 3232 3034 345a y..220704122044Z
000000a0: 170d 3232 3038 3033 3132 3230 3434 5aa0 ..220803122044Z.
000000b0: 3030 2e30 1f06 0355 1d23 0418 3016 8014 00.0...U.#..0...
000000c0: 109f ac35 3fea 4c2a db64 867d b6df 2ad7 ...5?.L*.d.}..*.
000000d0: 5643 bea2 300b 0603 551d 1404 0402 0210 VC..0...U.......
000000e0: 0230 0a06 082a 8648 ce3d 0403 0203 4800 .0...*.H.=....H.
000000f0: 3045 0221 00d5 29c0 d938 0ca6 423d 4116 0E.!..)..8..B=A.
00000100: 43d9 e731 ba20 d312 396e 1e1f 5ebd cd53 C..1. ..9n..^..S
00000110: b0cb 7165 7802 2019 5b6e 0c5a bcc9 21aa ..qex. .[n.Z..!.
00000120: 64f4 3548 dcec 65ef 9ee9 aa42 5095 8e63 d.5H..e....BP..c
00000130: 942a 424b 6231 e1 .*BKb1.
headers:
Last-Modified:
description: Last update date of the CRL file. Uses HTTP-Date format (RFC 7231).
schema:
$ref: '#/components/schemas/RFC7231.HTTP-date'
Content-Length:
description: Size in bytes of the DER contents provided in the response.
schema:
type: integer
example: 311
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'304':
description: No change since the date provided in the `If-Modified-Since` request header
headers:
Last-Modified:
description: Last update date of the CRL file. Uses HTTP-Date format (RFC 7231).
schema:
$ref: '#/components/schemas/RFC7231.HTTP-date'
Content-Type:
$ref: '#/components/headers/Content-Type-Pkix-Crl'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
'405':
$ref: '#/components/responses/ErrorNotAllowed'
'406':
$ref: '#/components/responses/ErrorInvalidAcceptHeader'
'429':
$ref: '#/components/responses/ErrorRateLimiting'
'500':
$ref: '#/components/responses/ErrorInternal'
'503':
$ref: '#/components/responses/ServiceUnavailable'
components:
headers:
Content-Length:
description: Size in bytes of the response body.
schema:
type: integer
example: 80
Content-Length-0:
description: Size in bytes of the response body. Always set to 0.
schema:
type: integer
minimum: 0
maximum: 0
default: 0
example: 0
Content-Type-Jose-Json:
description: Content-Type header set as "application/jose+json".
schema:
type: string
example: application/jose+json
Content-Type-Pkix-Crl:
description: Content-Type header set as "application/pkix-crl".
schema:
type: string
example: application/pkix-crl
Content-Type-TextPlain:
description: Content-Type header set as "text/plain".
schema:
type: string
example: text/plain
X-Correlation-Id:
description: ID generated by the API gateway.
schema:
$ref: '#/components/schemas/UUID'
example: f13371a6-40d7-48cf-a221-794b63fddbd9
X-Response-Id:
description: Response ID that corresponds to the `X-Request-Id` request header, if provided.
schema:
$ref: '#/components/schemas/UUID'
example: 68831c50-2953-4047-9935-81a98ac1e1e1
parameters:
CertificateSerialNumber:
name: sn
in: path
description: Certificate serial number
required: true
schema:
type: string
pattern: ^([0-9A-Fa-f]{2,40})$
example: 57ABB34BCA510043BDE438460F13B27E6A82C004
If-Modified-Since:
name: If-Modified-Since
in: header
description: Date in HTTP-Date format (RFC 7231).
required: false
schema:
$ref: '#/components/schemas/RFC7231.HTTP-date'
X-Request-Id:
name: X-Request-Id
in: header
description: Request ID that will be returned into the `X-Response-Id` response header.
required: false
schema:
$ref: '#/components/schemas/UUID'
example: 68831c50-2953-4047-9935-81a98ac1e1e1
responses:
ErrorInternal:
description: Returned when an unexpected error occurred while processing the request.
headers:
Content-Length:
$ref: '#/components/headers/Content-Length-0'
Content-Type:
$ref: '#/components/headers/Content-Type-TextPlain'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
ErrorInvalidAcceptHeader:
description: Returned when the client specifies a type in `Accept` HTTP header not supported.
headers:
Content-Length:
$ref: '#/components/headers/Content-Length-0'
Content-Type:
$ref: '#/components/headers/Content-Type-TextPlain'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
ErrorNotAllowed:
description: Returned when the API method is not allowed for the given object.
headers:
Content-Length:
$ref: '#/components/headers/Content-Length-0'
Content-Type:
$ref: '#/components/headers/Content-Type-TextPlain'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
ErrorNotFound:
description: Returned when the object referenced by the API request does not exist.
headers:
Content-Length:
$ref: '#/components/headers/Content-Length-0'
Content-Type:
$ref: '#/components/headers/Content-Type-TextPlain'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
ErrorRateLimiting:
description: Returned when too many requests have been sent by the client in a certain amount of time.
headers:
Content-Length:
$ref: '#/components/headers/Content-Length-0'
Content-Type:
$ref: '#/components/headers/Content-Type-TextPlain'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
ErrorValidation:
description: Returned when the request input validation failed.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
headers:
Content-Length:
$ref: '#/components/headers/Content-Length'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
ServiceUnavailable:
description: Returned when the service is unavailable (e.g. maintenance mode) and cannot process the request.
headers:
Content-Length:
$ref: '#/components/headers/Content-Length-0'
Content-Type:
$ref: '#/components/headers/Content-Type-TextPlain'
X-Correlation-Id:
$ref: '#/components/headers/X-Correlation-Id'
X-Response-Id:
$ref: '#/components/headers/X-Response-Id'
schemas:
ErrorResponse:
type: object
properties:
error:
type: string
required:
- error
example:
error: The request failed.
RFC7231.HTTP-date:
type: string
description: Date format as defined in RFC7231, section 7.1.1.1.
pattern: ^((Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} GMT)$
example: Mon, 17 Jan 2022 10:12:25 GMT
UUID:
type: string
format: uuid
pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$
example: cc4519cb-b2b6-45ad-904c-7698fdf72ba2