Before using the REST API to view and manage Keystore Service (KSS) keystores, you need to understand how to access the REST resources and other important concepts.
See "About the REST API".
For more information about KSS keystore management, see "Configuring the OPSS Keystore Service for Message Protection" in Administering Web Services.
This chapter includes the following sections:
You can view and manage KSS keystores using a set of representational state transfer (REST) resources, as summarized below.
Section | Method | Resource Path |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Use the POST method to create a new Keystore Service (KSS) Keystore.
REST Request
POST /idaas/platform/admin/v1/keystoreservice
Request Body
Media types for the request or response body: application/json
The request body contains the details of the create request:
Attribute | Description |
---|---|
|
Name for the KSS keystore. |
|
Boolean value that specifies whether to create a permission-based keystore. |
|
Password for the KSS keystore. |
|
Name of the stripe to contain the KSS keystore. |
Response Body
Media types for the request or response body: application/json
The response body returns the status of the create operation, including:
Attribute | Description |
---|---|
|
If |
|
If |
|
Status of operation. For example, |
cURL Example
The following example shows how to create a KSS keystore by submitting a POST request on the REST resource using cURL.
TESTED
curl -i -X POST -u username:password --data @createkss.json -H Content-Type:application/json http://myhost:7001/idaas/platform/admin/v1/keystoreservice
Example of Request Body
The following shows an example of the request body in JSON format.
{
"stripe" : "myStripe",
"keystore" : "myKeystore",
"pwd" : "Password",
"permission" : "false"
}
Note:
A password is required unless creating a permission-based keystore ("permission" : "true"
).
Example of Response Header
The following shows an example of the response header.
HTTP/1.1 201 Created
Example of Response Body
The following shows an example of the response body in JSON format.
{ "STATUS": "Succeeded" }
Use the POST method to import a Keystore Service (KSS) keystore from a JKS keystore file.
REST Request
POST /idaas/platform/admin/v1/keystoreservice/keystore
Request Body
Media types for the request body: multipart/form-data
The response body contains information about the import request, including:
Attribute | Description |
---|---|
|
Comma-separated list of aliases for the keys to be imported from the |
|
Comma-separated list of passwords for the keys to be imported from the |
|
Name of a valid local JKS keystore file |
|
Name for the JKS keystore. |
|
Password for the local keystore file that is being imported and the keystore entry, if password-protected. |
|
Keystore type. This value must be set to |
|
Boolean value that specifies whether to import as a permission-based keystore. |
|
Name of the stripe. |
Response Body
Media types for the response body: application/json
The response body contains information about the import operation, including:
Attribute | Description |
---|---|
|
List of keystores in the stripe, where |
|
If |
|
If |
|
Status of operation. For example, |
cURL Example
The following example shows how to import a KSS keystore by submitting a POST request on the REST resource using cURL.
TESTED
curl -i -X POST -u username:password -H Content-Type:multipart/form-data --form "stripeName=myStripe" --form "keystoreFile=@clientkeystore" --form "keystoreName=myKeystore" --form "keystorePassword=Password" --form "keystoreType=JKS" --form "keyAliases=client" --form "keyPasswords=Password" --form "permission=false" http://myhost:7001/idaas/platform/admin/v1/keystoreservice/keystore
Example of Response Header
The following shows an example of the response header.
HTTP/1.1 201 Created
Example of Response Body
The following shows an example of the response body in JSON format.
{ "STATUS":"Succeeded", "SUCCESS_MSG":"Aliases:client imported successfully", "alias 1":"client" }
Use the PUT method to update the password for a Keystore Service (KSS) keystore.
REST Request
PUT /idaas/platform/admin/v1/keystoreservice
Request Body
Media types for the request body: application/json
The response body contains information about the Load Balancer patches, including:
Attribute | Description |
---|---|
|
Name of the KSS keystore. |
|
New password for the keystore. |
|
Old password for the keystore. |
|
Name of the stripe. |
Response Body
Media types for the response body: application/json
The response body returns the status of the update operation, including:
Attribute | Description |
---|---|
|
If |
|
If |
|
Status of operation. For example, |
cURL Example
The following example shows how to import a KSS keystore by submitting a PUT request on the REST resource using cURL.
TESTED
curl -i -X PUT -u username:password --data @updatekss.json -H Content-Type:application/json http://myhost:7001/idaas/platform/admin/v1/keystoreservice
Example of Request Body
The following shows an example of the request body in JSON format.
{ "stripe" : "myStripe", "keystore" : "mykssstore", "oldpass" : "Password", "newpass" : "Password" }
Example of Response Header
The following shows an example of the response header.
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{ "STATUS": "Succeeded" }
Use the POST method to Import a trusted certificate into a Keystore Service (KSS) keystore.
REST Request
POST /idaas/platform/admin/v1/keystoreservice/certificates
Request Body
Media types for the request body: application/json
The response body contains information about the import request, including:
Attribute | Description |
---|---|
|
Alias for the trusted certificate. |
|
Base64-encoded certificate. |
|
Keystore entry type. Valid values include: |
|
Name of the KSS keystore. |
|
Password for the KSS keystore. |
|
Name of the stripe. |
Response Body
Media types for the response body: application/json
The response body returns the status of the import operation, including:
Attribute | Description |
---|---|
|
If |
|
If |
|
Status of operation. For example, |
|
Subject DN list that was imported. |
cURL Example
The following example shows how to create a KSS keystore by submitting a POST request on the REST resource using cURL.
TESTED
curl -i -X POST -u username:password --data @importcertkss.json -H Content-Type:application/json http://myhost:7001/idaas/platform/admin/v1/keystoreservice/certificates
Example of Request Body
The following shows an example of the request body in JSON format.
{
"keyAlias" : "myAlias",
"keystoreEntry":
"Bese64-encoded certificate",
"keystoreEntryType" : "TrustedCertificate",
"keystoreName" : "myKeystore",
"stripeName" : "myStripe",
"keystorePassword" : "Password"
}
Example of Response Header
The following shows an example of the response header.
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{ "STATUS": "Succeeded" "SUBJECT_DN": "CN=y,OU=y,O=y,L=y,ST=y,C=y" }
Use the GET method to return all Keystore Service (KSS) keystores for a stripe.
REST Request
GET /idaas/platform/admin/v1/keystoreservice/{stripeName}
Parameters
The following table summarizes the GET request parameters.
Name | Description | Type |
---|---|---|
|
Name of stripe for which you want to view all KSS keystores. |
Path |
Response Body
Media types for the request or response body: application/json
The response body contains information about the certificate, including:
Attribute | Description |
---|---|
|
List of keystores in the stripe, where |
cURL Example
The following example shows how to view all certificates for an alias by submitting a GET request on the REST resource using cURL.
TESTED
curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystoreservice/myStripe
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{ "keystore 1":"trust", "keystore 2":"castore" }
Use the GET method to view the alias for the Keystore Service (KSS) keystore.
REST Request
GET /idaas/platform/admin/v1/keystoreservice/alias/{stripeName}/{keystoreName}/{entryType}
Parameters
The following table summarizes the GET request parameters.
Name | Description | Type |
---|---|---|
|
Keystore type. Valid values include |
Path |
|
Name of the keystore. |
Path |
|
Name of the stripe. |
Path |
Response Body
Media types for the request or response body: application/json
The response body contains information about the certificate, including:
Attribute | Description |
---|---|
|
List of keystore aliases in the stripe where |
cURL Example
The following example shows how to view all certificates for an alias by submitting a GET request on the REST resource using cURL.
TESTED
curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystoreservice/alias/myStripe/myKeystore/TrustedCertificate
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{ "keystore 1":"myAlias", }
Use the GET method to view trusted certificates in the Keystore Service (KSS) keystore. If the keystore is password-protected, you must provide a Base64-encoded header value for the keystore password.
REST Request
GET /idaas/platform/admin/v1/keystoreservice/certificates
Parameters
The following table summarizes the GET request parameters.
Name | Description | Type |
---|---|---|
|
Alias for trusted certificate. |
Query |
|
Type of keystore entry. Valid values include |
Query |
|
Name of the keystore. |
Query |
|
Name of the stripe. |
Query |
Response Body
Media types for the request or response body: application/json
The response body contains information about the certificate, including:
Attribute | Description |
---|---|
|
Contents of the Base64-encoded certificate. |
|
Optional extensions that are used to issue a certificate for a specific purpose. Each extension includes the following:
|
|
List of trusted distinguished names. |
|
Date the certificate expires. |
|
Date the certificate is activated. |
|
Serial number of the JKS keystore. |
|
Base64-encoded signature key. |
|
Signing algorithm for the alias. |
|
Subject distinguished names list. |
cURL Example
The following example shows how to view all certificates for an alias by submitting a GET request on the REST resource using cURL.
TESTED
curl -i -X GET -u username:password -H keystorePassword:password http://myhost:7001/idaas/platform/admin/v1/keystoreservice/certificates?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=client&keystoreEntryType=Certificate"
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{ "SUBJECT_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y", "ISSUER_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y", "NOT_BEFORE":"Fri Jul 25 02:45:11 PDT 2014", "NOT_AFTER":"Thu Oct 23 02:45:11 PDT 2014", "SERIAL_NO":"982191050", "SIGNING_ALGORITHM":"1.2.840.10040.4.3", "CONTENT":"-----BEGIN CERTIFICATE----- \n Bese64-encoded certificate\n -----END CERTIFICATE-----", "SIGNATURE":"Bese64-encoded signature key", "Extensions":"{subjectKeyIDExtension {oid = 2.5.29.14 critical = false, value = 329b98f6b6225e92ca52513d3bfc43ee02aa9121}}" }
Use the Delete method to delete a certificate from a Keystore Service (KSS) keystore. If the keystore is password-protected, you must provide Base64-encoded header values for the keystore and key passwords.
REST Request
DELETE /idaas/platform/admin/v1/keystoreservice/certificates
Parameters
The following table summarizes the DELETE request parameters.
Name | Description | Type |
---|---|---|
|
Alias for the certificate in the KSS keystore. |
Query |
|
Name of the keystore. |
Query |
|
Name of stripe. |
Query |
Response Body
Media types for the request or response body: application/json
The response body returns the status of the import operation, including:
Attribute | Description |
---|---|
|
If |
|
If |
|
Status of operation. For example, |
cURL Example
The following example shows how to delete a trusted certificate from the keystore by submitting a DELETE request on the REST resource using cURL.
TESTED
curl -i -X DELETE -u username:password -H keystorePassword:cHdkMQ== -H keyPassword:bXlQd2Qy http://myhost:7001/idaas/platform/admin/v1/keystoreservice/certificates?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=myAlias"
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{ "STATUS": "Succeeded" }
Use the POST method to create a secret key used in symmetric encryption/decryption for a KSS keystore.
REST Request
POST /idaas/platform/admin/v1/keystoreservice/secretkey
Request Body
Media types for the request body: application/json
The request body contains the details of the create request:
Attribute | Description |
---|---|
|
Controls the cryptographic characteristics of the algorithms that are used when securing messages. |
|
Alias for the secret key. |
|
Password for the secret key. |
|
Size measured in bits of the of the key used in cryptographic algorithm. |
|
Name for the KSS keystore. |
|
Password for the KSS keystore. |
|
Name of the stripe. |
Response Body
Media types for the response body: application/json
The response body returns the status of the import operation, including:
Attribute | Description |
---|---|
|
If |
|
If |
|
Status of operation. For example, |
cURL Example
The following example shows how to create a secret key by submitting a POST request on the REST resource using cURL.
TESTED
curl -i -X POST -u username:password --data @secretkey.json -H Content-Type:application/json http://myhost:7001/idaas/platform/admin/v1/keystoreservice/secretkey
Example of Request Body
The following shows an example of the request body in JSON format.
{ "stripeName" : "myStripe", "keystoreName" : "myKeystore", "keyAlias" : "myKeyAlias", "keySize" : "56", "algorithm" : "DES", "keystorePassword" : "Password", "keyPassword" : "Password" }
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{ "STATUS": "Succeeded" }
Use the GET method to view the secret key properties for a KSS keystore. If the keystore is password-protected, you must provide Base64-encoded header values for the keystore and key passwords.
REST Request
GET /idaas/platform/admin/v1/keystoreservice/secretkey
Parameters
The following table summarizes the GET request parameters.
Name | Description | Type |
---|---|---|
|
Alias of the secret key. |
Query |
|
Name of the keystore. |
Query |
|
Name of the stripe. |
Query |
Response Body
Media types for the request or response body: application/json
The response body contains information about the certificate, including:
Attribute | Description |
---|---|
|
List of secret key properties, where |
cURL Example
The following example shows how to view all certificates for an alias by submitting a GET request on the REST resource using cURL.
TESTED
curl -i -X GET -u username:password -H keystorePassword:password -H keyPassword:password http://myhost:7001/idaas/platform/admin/v1/keystoreservice/secretkey?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=myKeyAlias"
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{ "Property 1":"DES" }
Use the Delete method to delete a Keystore Service (KSS) keystore. If the keystore is password-protected, you must provide Base64-encoded header values for the keystore password.
REST Request
DELETE /idaas/platform/admin/v1/keystoreservice
Parameters
The following table summarizes the DELETE request parameters.
Name | Description | Type |
---|---|---|
|
Name of the keystore. |
Query |
|
Name of the stripe. |
Query |
Response Body
Media types for the request or response body: application/json
The response body returns the status of the delete operation, including:
Attribute | Description |
---|---|
|
If |
|
If |
|
Status of operation. For example, |
cURL Example
The following example shows how to delete a trusted certificate from the keystore by submitting a DELETE request on the REST resource using cURL.
TESTED
curl -i -X DELETE -u username:password -H keystorePassword:password http://myhost:7001/idaas/platform/admin/v1/keystoreservice?"stripeName=myStripe&keystoreName=myKeystore"
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 204 No Content