Expand description
Dogtag PKI CA REST API client for kipuka EST server.
Provides a Rust client for the Dogtag Certificate Authority REST API, enabling kipuka to use RHCS/Dogtag PKI as its CA backend for certificate enrollment, revocation, and management.
§Architecture
The client communicates with Dogtag CA over HTTPS using mutual TLS (mTLS)
with an agent certificate. All operations are async and use reqwest for
HTTP transport.
§Supported Operations
- Enrollment: PKCS#10 profile-based certificate issuance via
/ca/rest/certrequests - Certificate management: Retrieval, listing, and revocation via
/ca/rest/certs - Profiles: Profile enumeration and constraint extraction via
/ca/rest/profiles - Full CMC: CMC request passthrough via
/ca/ee/ca/profileSubmitCMCFull - KRA: Server-side key generation and archival via
/kra/rest/agent/keys - HA: Multi-CA connection pooling with health-based routing
Re-exports§
pub use certs::CertFilter;pub use certs::CertInfo;pub use certs::RevocationReason;pub use client::DogtagClient;pub use cmc::CmcClient;pub use config::DogtagConfig;pub use enroll::EnrollResult;pub use enroll::EnrollStatus;pub use kra::KraClient;pub use pool::DogtagPool;pub use profiles::ProfileConstraints;pub use profiles::ProfileDetail;pub use profiles::ProfileInfo;
Modules§
- certs
- Certificate retrieval, listing, and revocation via Dogtag CA REST API.
- client
- HTTP client for the Dogtag CA REST API.
- cmc
- Full CMC (Certificate Management over CMS) operations.
- config
- Configuration types for Dogtag PKI client.
- enroll
- Certificate enrollment via Dogtag CA REST API.
- kra
- KRA (Key Recovery Authority) operations for server-side key generation.
- pool
- Multi-CA connection pool with health-based routing.
- profiles
- Enrollment profile operations via Dogtag CA REST API.
Enums§
- Dogtag
Error - Errors from Dogtag PKI REST API operations.
Type Aliases§
- Dogtag
Result - Result type alias for Dogtag operations.