@startuml actor "admin" as admin participant Browser participant "PKI-WAR or ATNA-EJB" as WAR participant "PKI-EJB" as EJB database "DAO / database" as database participant "PKI-core" as PKI admin -> Browser : Click on create a certificate authority page Browser -> WAR : HTTP GET "/gss/request/ca.seam" activate WAR WAR -> EJB : Get default params activate EJB EJB -> database : Get Certificate authority activate database database --> EJB deactivate database EJB -> database : Get default key algorithm activate database database --> EJB deactivate database EJB -> database : Get default key length activate database database --> EJB deactivate database EJB -> database : Get default signature algorithm activate database database --> EJB deactivate database EJB -> database : Get default validity period activate database database --> EJB deactivate database EJB --> WAR : Return default params deactivate EJB WAR --> Browser : return certificate request form\nwith displayed default params (read only) Browser --> admin : See form admin -> Browser : fill form and hit request Browser -> WAR : HTTP POST "/gss/request/ca.seam"\n[CertificateType, subjectX500 (CN, O...), SAN] WAR -> EJB : PKI create certificate request\n[CertificateType, subjectX500 (CN, O...), SAN] activate EJB EJB -> PKI : create KeyPair [key algorithm, key length] activate PKI PKI --> EJB deactivate PKI EJB -> PKI : PKI create CSR [subjectX500(CN, O...), publicKey] activate PKI PKI --> EJB deactivate PKI EJB -> PKI : addSANExtension [CSR, SAN] activate PKI PKI --> EJB deactivate PKI loop for each other extension, depending on cert Type EJB -> PKI : addXXXXXExtension [CSR, xxxxx] activate PKI PKI --> EJB deactivate PKI end note left: to complete EJB -> EJB : create CsrEntity, associate with it\nCSR, keys, subject, requester, request date EJB -> database : persist CsrEntity database --> EJB EJB --> WAR : return CsrEntity id deactivate EJB WAR --> Browser : HTTP redirect to\n/gss/request/view.seam?id= deactivate WAR @enduml