api/pkg/apis/security/v1/security.proto

55 lines
2.0 KiB
Protocol Buffer

/*
* Copyright 2022 The Dragonfly Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
syntax = "proto3";
package security;
import "google/protobuf/duration.proto";
import "validate/validate.proto";
option go_package = "d7y.io/api/v2/pkg/apis/security/v1;security";
// Refer: https://github.com/istio/api/blob/master/security/v1alpha1/ca.proto
// Istio defines similar api for signing certificate, but it's not applicable in Dragonfly.
// Certificate request type.
// Dragonfly supports peers authentication with Mutual TLS(mTLS)
// For mTLS, all peers need to request TLS certificates for communicating
// The server side may overwrite ant requested certificate filed based on its policies.
message CertificateRequest {
// ASN.1 DER form certificate request.
// The public key in the CSR is used to generate the certificate,
// and other fields in the generated certificate may be overwritten by the CA.
bytes csr = 1 [(validate.rules).bytes.min_len = 1];
// Optional: requested certificate validity period.
google.protobuf.Duration validity_period = 2 [(validate.rules).duration.required = true];
}
// Certificate response type.
message CertificateResponse {
// ASN.1 DER form certificate chain.
repeated bytes certificate_chain = 1 [(validate.rules).repeated.min_items = 1];
}
// Service for managing certificates issued by the CA.
service Certificate {
// Using provided CSR, returns a signed certificate.
rpc IssueCertificate(CertificateRequest)
returns (CertificateResponse) {
}
}