From 9202c59f1dc5aead6bdc4ade01ce1ad08af250d8 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Tue, 24 Nov 2020 22:22:10 +0100
Subject: add missing key revocation endpoints

---
 core/api-exchange.rst | 59 +++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 57 insertions(+), 2 deletions(-)

(limited to 'core')

diff --git a/core/api-exchange.rst b/core/api-exchange.rst
index 55909161..7447023f 100644
--- a/core/api-exchange.rst
+++ b/core/api-exchange.rst
@@ -499,6 +499,61 @@ Management operations authorized by master key
     }
 
 
+.. http:post:: /management/denominations/$H_DENOM_PUB/revoke
+
+  Revoke denomination key, prevending further use by the exchange.
+  Only to be used by the exchange's offline key management team. Not useful
+  for anyone else.
+
+  **Request:** The request body must be a `DenomRevocationSignature` object.
+
+  **Response:**
+
+  :http:statuscode:`204 No content`:
+    The request was successfully processed.
+  :http:statuscode:`403 Forbidden`:
+    The provided signature is invalid.
+
+  **Details:**
+
+  .. ts:def:: DenomRevocationSignature
+
+    interface DenomRevocationSignature {
+
+      // Signature by the exchange master key.
+      // Must have purpose TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED
+      master_sig: EddsaSignature;
+
+    }
+
+.. http:post:: /management/signkeys/$EXCHANGE_PUB/revoke
+
+  Revoke exchange online signing key, prevending further use by the exchange.
+  Only to be used by the exchange's offline key management team. Not useful
+  for anyone else.
+
+  **Request:** The request body must be a `SignkeyRevocationSignature` object.
+
+  **Response:**
+
+  :http:statuscode:`204 No content`:
+    The request was successfully processed.
+  :http:statuscode:`403 Forbidden`:
+    The provided signature is invalid.
+
+  **Details:**
+
+  .. ts:def:: SignkeyRevocationSignature
+
+    interface SignkeyRevocationSignature {
+
+      // Signature by the exchange master key.
+      // Must have purpose TALER_SIGNATURE_MASTER_SIGN_KEY_REVOKED
+      master_sig: EddsaSignature;
+
+    }
+
+
 .. http:post:: /management/auditors
 
   This request will be used to enable an auditor.
@@ -590,7 +645,7 @@ Management operations authorized by master key
     }
 
 
-.. http:post:: /management/wire-methods
+.. http:post:: /management/wire
 
   This request will be used to enable a wire method (exchange bank account).
 
@@ -633,7 +688,7 @@ Management operations authorized by master key
 
     }
 
-.. http:post:: /management/wire-methods/disable
+.. http:post:: /management/wire/disable
 
   This request will be used to disable the use of the given wire method.
   We use POST instead of DELETE because the exchange will retain state
-- 
cgit v1.2.3