multipaz-server/org.multipaz.server.enrollment

Package-level declarations

Types

Server-to-server RPC interface exposed by Multipaz servers that accept remote "enrollment" from another server.

Implements Enrollment interface.

Enum that describes types of server-side identity (i.e. a combination of a private key and a certificate chain) used in Multipaz.

suspend fun checkServerTrust(url: String, settingName: String)

Checks if the given url can be trusted according to a given server setting name.

suspend fun enrollServer(url: String, serverIdentity: ServerIdentity, requestId: String? = null)

"Enrolls" a server by creating a certificate of the requested type for its private key using Enrollment interface.

suspend fun generateServerIdentityLeafCertificate(serverIdentity: ServerIdentity, enrollmentRequest: Enrollment.EnrollmentRequest, now: Instant = Clock.System.now().truncateToWholeSeconds(), expiration: Instant = now + CERTIFICATE_DURATION): X509CertChain

suspend fun getCrl(serverIdentity: ServerIdentity, createOnRequest: Boolean): X509Crl

Reads CA certificate revocation list for the given server identity type issued locally on this server.

Reads CA/root certificate for the given server identity type issued locally on this server.

Obtain a server identity (private key + certificate chain) of a particular type.

Validates certificate chain created using an identity returned by getServerIdentity including, if possible, root certificate.