multipaz-server/org.multipaz.server.enrollment/Enrollment

Enrollment

interface Enrollment

Server-to-server RPC interface exposed by Multipaz servers that accept remote "enrollment" from another server.

Remote enrollment allows multipaz records server to act as Certificate Authority for all other servers that run on valid HTTPS hosts. By default all multipaz servers only trust the server running at "https://issuer.multipaz.org/records" to access this interface (this can be changed using "enrollment_server_url" setting).

Inheritors

Types

Link copied to clipboard
data class EnrollmentRequest(val alias: String, val url: String, val keyAttestation: KeyAttestation, val organization: String? = null, val organizationalUnit: String? = null, val locality: String? = null, val stateOrProvince: String? = null, val country: String? = null)

Information needed to issue a certificate.

Functions

Link copied to clipboard
abstract suspend fun enroll(requestId: String?, identity: ServerIdentity, alias: String, certChain: X509CertChain)

Provides certificate signed by CA for the given server identity.

Link copied to clipboard
abstract suspend fun request(requestId: String?, identity: ServerIdentity, nonce: ByteString, expiration: Instant): Enrollment.EnrollmentRequest

Initial step of a certificate issuance.

Link copied to clipboard
abstract suspend fun resetEnrollmentKey()

Notifies this server that remote server key changed and should be re-fetched.