@startuml actor "Logged in user" as liu participant Browser participant "PKI-WAR or ATNA-EJB" as WAR participant "PKI-EJB" as EJB database database participant "PKI-core" as PKI liu -> Browser : Click on request a certificate page Browser -> WAR : HTTP GET "/gss/request/withoutcsr.seam" activate WAR WAR -> EJB : Get default params activate EJB EJB -> database : Get Certificate authority activate database database --> EJB deactivate database EJB -> database : Get default key algorithm activate database database --> EJB deactivate database EJB -> database : Get default key length activate database database --> EJB deactivate database EJB -> database : Get default signature algorithm activate database database --> EJB deactivate database EJB -> database : Get default validity period activate database database --> EJB deactivate database EJB --> WAR : Return default params deactivate EJB WAR --> Browser : return certificate request form\nwith displayed default params (read only) Browser --> liu : See form liu -> Browser : fill form and hit request Browser -> WAR : HTTP POST "/gss/request/withoutcsr.seam"\n[CertificateType, subjectX500 (CN, O...), SAN] WAR -> EJB : PKI create certificate request\n[CertificateType, subjectX500 (CN, O...), SAN] activate EJB EJB -> PKI : create KeyPair [key algorithm, key length] activate PKI PKI --> EJB deactivate PKI EJB -> PKI : PKI create CSR [subjectX500(CN, O...), publicKey] activate PKI PKI --> EJB deactivate PKI EJB -> PKI : addSANExtension [CSR, SAN] activate PKI PKI --> EJB deactivate PKI loop for each other extension, depending on cert Type EJB -> PKI : addXXXXXExtension [CSR, xxxxx] activate PKI PKI --> EJB deactivate PKI end note left: to complete EJB -> EJB : create CsrEntity, associate with it\nCSR, keys, subject, requester, request date EJB -> database : persist CsrEntity database --> EJB EJB --> WAR : return CsrEntity id deactivate EJB WAR --> Browser : HTTP redirect to\n/gss/request/view.seam?id= deactivate WAR @enduml