This is modeled after the NetworkManager API, which seems to expose quite a
bit to unprivileged processes running on the desktop.
http://people.redhat.com/dcbw/NetworkManager/NetworkManager%20DBUS%20API.txt

Despite efforts, this may not match introspection data and the implementation,
since they're only kept in agreement manually.  These may not all be
implemented yet, but if you find a piece you need, please add a ticket or a
patch to do so.  Eventually we'll get it all.

The D-Bus API:
o service name = org.fedorahosted.certmonger
o object layout
  /org/fedorahosted/certmonger
  interface=org.fedorahosted.certmonger
  - get_requests
    returns: array of paths -> object paths for requests
  - get_defaults
    returns: path -> object path for defaults object
  - get_supported_key_types
    returns: array of string -> "RSA"
  - get_supported_key_storage
    returns: array of string -> "NSSDB", "FILE"
  - get_supported_cert_storage
    returns: array of string -> "NSSDB", "FILE"
  - add_request
    arguments: [dict{string,variant{string/array-of-string/number/boolean}}]
               {"NICKNAME",string}
               {"KEY_TYPE","RSA"}
               {"KEY_SIZE",integer}
               {"KEY_STORAGE","NSSDB"/"FILE"/"NONE"}*
               {"KEY_LOCATION",string}*
               {"KEY_NICKNAME",string}
               {"KEY_TOKEN",string}
               {"KEY_PIN",string}
               {"KEY_PIN_FILE",string}
               {"CERT_STORAGE","NSSDB"/"FILE"}*
               {"CERT_LOCATION",string}*
               {"CERT_NICKNAME",string}
               {"CERT_TOKEN",string}
	       {"TRACK",boolean}
	       {"RENEW",boolean}
	       {"SUBJECT",string}
	       {"EKU",array-of-string (oids)}
	       {"PRINCIPAL",array-of-string (principal names)}
	       {"DNS",array-of-string (dns names)}
	       {"EMAIL",array-of-string (email addresses)}
	       {"CA",string (name of configured CA to use)}
	       * = required values
    returns: boolean -> succeeded
             path (optional) -> object path for new request
  - remove_request
    arguments: path -> object path for request
    returns: boolean -> succeeded
  - get_known_cas
    returns: array of path -> object paths for known cas
  - add_known_ca
    arguments: string -> ca nickname
               string -> external helper command
               array of string (optional) -> known issuer names used by ca
    returns: boolean -> succeeded
  - remove_known_ca
    arguments: path -> object path for ca
    returns: boolean -> succeeded
  (objects whose names are returned by "get-requests" or "get-defaults")
  interface=org.fedorahosted.certmonger.request
  - get_nickname
    returns: string
  - get_status
    returns: string -> state name
             boolean -> i-am-stuck
  - get_key_type_and_size
    returns: string -> key algorithm
             number -> key size
  - get_key_storage_info
    returns: string -> "file", "nssdb"
             string(required for "nssdb" or "file") -> filename (for "file"), or directory (for "nssdb")
             string(required for "nssdb") -> nssdb nickname
             string(optional) -> nssdb token name
  - get_cert_storage_info
    returns: string -> "file", "nssdb"
             string -> filename (for "file"), or directory (for "nssdb")
             string(required for "nssdb") -> nssdb nickname
             string(optional) -> nssdb token name
  - get_cert_data
    returns: string -> certificate in PEM format
  - get_cert_info
    returns: string -> issuer
             string -> serial number
             string -> subject
             number -> expiration (unix time)
             array of string -> email addresses
             array of string -> dns names
             array of string -> principal names
             number -> key usage as bitfield based on RFC5280's values
             array of string -> oid values
  - get_monitoring
    returns: boolean -> enabled?
  - get_cert_last_checked
    returns: number -> time of last check for expiration (unix time)
  - get_notification_info
    returns: string -> method ("syslog", "email")
             string -> destination (log level or recipient)
  - get_autorenew
    returns: boolean -> enabled?
  - get_csr_info
    returns: string -> subject
             array of string -> email addresses
             array of string -> dns names
             array of string -> principal names
             number -> key usage as bitfield based on RFC5280's values
             array of string -> oid values
  - get_key_pin
    returns: string -> key storage PIN
  - get_key_pin_file
    returns: string -> path of file containing key storage PIN
  - get_csr_data
    returns: string -> signing request in PEM format
  - get_ca
    returns: path(optional) -> path to CA object
  - get_submitted_date
    returns: number(optional) -> time of last submission to a CA (as time_t)
  - get_submitted_cookie
    returns: string(optional) -> CA-specific value
  - get_ca_error
    returns: text(optional) -> error text sent by the CA
  - modify
    - nickname for request
      argument: string -> new ID
    - pin for key storage
      argument: string -> PIN used for key storage
    - pin file for key storage
      argument: string -> name of file containing PIN used for key storage
    - requested subject name
      argument: string -> requested subject
    - requested subject alternative name(s): email
      argument: array of string -> new requested addresses
    - requested subject alternative name(s): dnsname
      argument: array of string -> new requested hostnames
    - requested subject alternative name(s): principalname
      argument: array of string -> new requested principal names
    - requested new key usage
      argument: number -> key usage as bitfield based on RFC5280's values
    - requested new extended key usage
      argument: array of string -> requested OIDs
    - known-ca to use
      argument: path -> object path of CA
    returns: boolean -> ok
             path    -> object path, in case it changed
  - resubmit (for requests that have been denied, generates a new csr)
    returns: boolean -> working-on-it
  (objects whose names are returned by "get-known-cas")
  interface=org.fedorahosted.certmonger.ca
  - get_nickname
    returns: string
  - get_is_default
    returns: boolean -> is-the-default-ca
  - get_type
    returns: string -> "EXTERNAL" if this is implemented by an external helper
  - get_helper-location
    returns: string -> path to external helper
  - get_serial
    returns: string -> hex value (optional)
  - get_issuer-names
    returns: array of string (optional) -> set of known issuer names
  - modify
    - nickname
      arguments: string -> name of ca
      returns: boolean -> changed?
    - is-default
      arguments: boolean -> should-be-the-default-ca
      returns: boolean -> is-the-default-ca
    - helper-location
      arguments: string -> path to external helper
      returns: boolean -> changed?
    - associated issuer names (for when we have to guess which CA to use)
      arguments: array of string (optional) -> set of issuer names

Marshallers needed:
Arguments:
	string
	path
	string,string,string,array-of-string
	string,string
	boolean
	array-of-string
	dict{string,variant{string/array-of-string/number/boolean}}
Return:
	boolean
	number
	string
	path
	boolean,string
	boolean,path
	string,boolean
	string,number
	string,string
	array-of-path
	array-of-string
	string,string,string
	string,string,string,string
	string,string,string,array-of-string
	string,string,string,number,array-of-string,array-of-string,array-of-string,number,array-of-string
