From 45f756cd4fe08e29b11085be80bea85b4abe7a54 Mon Sep 17 00:00:00 2001 From: Naomi Kirby Date: Mon, 15 Jul 2024 10:46:48 -0700 Subject: [PATCH] Add a bit more documentation --- docs/endpoints.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/endpoints.md b/docs/endpoints.md index 4427f3677..9455d60c5 100644 --- a/docs/endpoints.md +++ b/docs/endpoints.md @@ -271,12 +271,31 @@ See `/sign/data`, the response format is identical. A successful request return a `201 Created` with a response body containing an S/MIME detached signature encoded with Base 64. -## /x5u/:keyid/:chain +## /x5u/:keyid/:chainfile This is an endpoint used to fetch certificate chains which are generated and stored locally. If the signer is configured with a `chainuploadlocation` with the `file://` scheme, then the contents of that file location are mirrored here. +### Request + +The endpoint accepts a GET request without query parameters or request body. Because +this endpoint is intended to serve public certificates, no authentication headers are +necessary to access this endpoint. + +### Response + +A successful response returns a `200 OK` with a response body containing the +PEM-encoded certificate chain for the given `keyid` and `chainfile`. The expected +Content-Type should be `application/x-x509-ca-cert`. + +The following error codes may be observed with this endpoint: +- 400 Bad Request when the request includes a non-empty body +- 400 Bad Request when the `chainfile` contains a malformed filename. +- 404 Not Found when either the signer ID, or the requested chainfile are not found. +- 404 Not Found when the signer is not configured to store certificate chains locally. +- 405 Method Not Allowed when the request method is not GET + ## /\_\_monitor\_\_ This is a special endpoint designed to monitor the status of all signers