Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Obtain Signing Identity Information (Signing certificate)

Request

GET /trustedx-resources/esigp/v1/sign_identities/{sign_identity_id}

Parameters

NameTypeUsageDescription
sign_identity_idpathRequiredIdentifier of the signing identity information is being requested on.

Authorization

The request must contain a bearer access token generated by a trusted authorization server of the service from which the information on the signing identity is requested and that is associated to the domain to which the identity belongs. This token must be used as explained in RFC 6750. It must have the urn:safelayer:eidas:sign:identity:profile scope.

Basically, the token must be included in an HTTP Authorization header as follows:

Authorization: Bearer <token>

The access token can be obtained via an authorization code grant or client credentials grant OAuth 2.0 flow.

Example

GET /trustedx-resources/esigp/v1/sign_identities/12345678 HTTP/1.1
Authorization: Bearer mF_9.B5f-4.1JqM

Response

Response body representation in JSON as follows

{
 "id" : {string},
 "self" : {string},
 "description" : {string},
 "labels" : [ {string} ],
 "type" : {string},
 "device_id" : {string},
 "domain" : {string},
 "access" : [ {
  "user_id" : {string}
 } ]
 "details" : {
  "certificate" : {string},
 "activation_mode": {string},
 "public_key" : {string}
 },
 "links" : {
  <operation_alias> : {
  "auth" : {
 "oauth2": {
  "scopes": [ {string} ]
  }
 }
 }
},
 "status" : {
 "value" : {string},
 "reason" : {string}
 }
}

 

 

Property

Description
idIdentifier of the signing identity.
selfAccess URL for the signing identity.
descriptionDescription of the signing identity.
labels[]List of tags associated to the signing identity.
typeType of signing identity. This property currently always takes the pki:x509 value.
device_idDevice where the private part of the keys associated to the signing identity is located. Only the signing identities on mobile devices have this property.
domainDomain the signing identity belongs to.
access[]Information on access control to the signing identity.
access[].user_idIdentifier of a user with access to the signing identity.
detailsDetails for implementing the signing identity.
details.certificateX.509 certificate encoded in DER and base64. Only pki:x509 signing identities have this property.
details.activation_mode

Activation mode of the signing identity. Only server signing identities have this property and it can take the following values:

  • "trustedx": the signing identity is activated by the authentication of its owner performed by TrustedX eIDAS.
  • "hsm-pwd": the signature identity is activated by a password entered by the owner and validated by the HSM.
details.public_keyPublic part of the keys associated to the signing identity. PublicKeyInfo ASN.1 structure encoded in DER and base64. Only pki:x509 signing identities have this property.
linksInformation on operations that use the signing identity.
links.<operation_alias>Information on the <operation_alias> operation regarding the use of the signing identity. Currently the only value possible for <operation_alias> is Signatures.create.server.raw.
links.<operation_alias>.authAuthorization information on the <operation_alias> operation regarding the use of the signing identity.
links.<operation_alias>.auth.oauth2OAuth 2.0 authorization information on the <operation_alias> operation regarding the use of the signing identity.
links.<operation_alias>.auth.oauth2.scopes[]Set of OAuth 2.0 scopes required for accessing the <operation_alias> operation so that this operation can use the signing identity.
statusInformation on the status of the signing identity.
status.value

Status of the signing identity.

  • "enabled": The signing identity is enabled.
  • "disabled": The signing identity is disabled.
  • "locked": The signing identity is locked.
status.reasonReason why the signing identity is in its current state. This property is optional and is normally used to indicate why a signing identity has been locked or disabled.

 

 

 

 

 


  • No labels