mirror of https://github.com/dragonflyoss/api.git
55 lines
2.0 KiB
Protocol Buffer
55 lines
2.0 KiB
Protocol Buffer
/*
|
|
* Copyright 2022 The Dragonfly Authors
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
syntax = "proto3";
|
|
|
|
package security;
|
|
|
|
import "google/protobuf/duration.proto";
|
|
import "validate/validate.proto";
|
|
|
|
option go_package = "d7y.io/api/v2/pkg/apis/security/v1;security";
|
|
|
|
// Refer: https://github.com/istio/api/blob/master/security/v1alpha1/ca.proto
|
|
// Istio defines similar api for signing certificate, but it's not applicable in Dragonfly.
|
|
|
|
// Certificate request type.
|
|
// Dragonfly supports peers authentication with Mutual TLS(mTLS)
|
|
// For mTLS, all peers need to request TLS certificates for communicating
|
|
// The server side may overwrite ant requested certificate filed based on its policies.
|
|
message CertificateRequest {
|
|
// ASN.1 DER form certificate request.
|
|
// The public key in the CSR is used to generate the certificate,
|
|
// and other fields in the generated certificate may be overwritten by the CA.
|
|
bytes csr = 1 [(validate.rules).bytes.min_len = 1];
|
|
// Optional: requested certificate validity period.
|
|
google.protobuf.Duration validity_period = 2 [(validate.rules).duration.required = true];
|
|
}
|
|
|
|
// Certificate response type.
|
|
message CertificateResponse {
|
|
// ASN.1 DER form certificate chain.
|
|
repeated bytes certificate_chain = 1 [(validate.rules).repeated.min_items = 1];
|
|
}
|
|
|
|
// Service for managing certificates issued by the CA.
|
|
service Certificate {
|
|
// Using provided CSR, returns a signed certificate.
|
|
rpc IssueCertificate(CertificateRequest)
|
|
returns (CertificateResponse) {
|
|
}
|
|
}
|