letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove remaining old format authorization code from SA/protos (#4495)

This commit is contained in:
Roland Bracewell Shoemaker 2019-10-23 06:08:38 -07:00 committed by Daniel McCarney
parent 672bdcfdcb
commit 3ae1ae1493
11 changed files with 374 additions and 3236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/interfaces.go
View File

@ -114,25 +114,18 @@ type PolicyAuthority interface {
type StorageGetter interface {
GetRegistration(ctx context.Context, regID int64) (Registration, error)
GetRegistrationByKey(ctx context.Context, jwk *jose.JSONWebKey) (Registration, error)
GetAuthorization(ctx context.Context, authzID string) (Authorization, error)
GetValidAuthorizations(ctx context.Context, regID int64, domains []string, now time.Time) (map[string]*Authorization, error)
GetPendingAuthorization(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*Authorization, error)
GetCertificate(ctx context.Context, serial string) (Certificate, error)
GetPrecertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
GetCertificateStatus(ctx context.Context, serial string) (CertificateStatus, error)
CountCertificatesByNames(ctx context.Context, domains []string, earliest, latest time.Time) (countByDomain []*sapb.CountByNames_MapElement, err error)
CountRegistrationsByIP(ctx context.Context, ip net.IP, earliest, latest time.Time) (int, error)
CountRegistrationsByIPRange(ctx context.Context, ip net.IP, earliest, latest time.Time) (int, error)
CountPendingAuthorizations(ctx context.Context, regID int64) (int, error)
CountOrders(ctx context.Context, acctID int64, earliest, latest time.Time) (int, error)
CountFQDNSets(ctx context.Context, window time.Duration, domains []string) (count int64, err error)
FQDNSetExists(ctx context.Context, domains []string) (exists bool, err error)
PreviousCertificateExists(ctx context.Context, req *sapb.PreviousCertificateExistsRequest) (exists *sapb.Exists, err error)
GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
GetValidOrderAuthorizations(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (map[string]*Authorization, error)
CountInvalidAuthorizations(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (count *sapb.Count, err error)
GetAuthorizations(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
// New authz2 methods
GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
@ -147,17 +140,13 @@ type StorageGetter interface {
type StorageAdder interface {
NewRegistration(ctx context.Context, reg Registration) (created Registration, err error)
UpdateRegistration(ctx context.Context, reg Registration) error
NewPendingAuthorization(ctx context.Context, authz Authorization) (Authorization, error)
FinalizeAuthorization(ctx context.Context, authz Authorization) error
AddCertificate(ctx context.Context, der []byte, regID int64, ocsp []byte, issued *time.Time) (digest string, err error)
AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*corepb.Empty, error)
AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*corepb.Empty, error)
DeactivateRegistration(ctx context.Context, id int64) error
DeactivateAuthorization(ctx context.Context, id string) error
NewOrder(ctx context.Context, order *corepb.Order) (*corepb.Order, error)
SetOrderProcessing(ctx context.Context, order *corepb.Order) error
FinalizeOrder(ctx context.Context, order *corepb.Order) error
AddPendingAuthorizations(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error)
SetOrderError(ctx context.Context, order *corepb.Order) error
RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) error
// New authz2 methods

149
core/proto/core.pb.go
View File

@ -441,8 +441,6 @@ type Authorization struct {
Status *string `protobuf:"bytes,4,opt,name=status" json:"status,omitempty"`
Expires *int64 `protobuf:"varint,5,opt,name=expires" json:"expires,omitempty"`
Challenges []*Challenge `protobuf:"bytes,6,rep,name=challenges" json:"challenges,omitempty"`
Combinations []byte `protobuf:"bytes,7,opt,name=combinations" json:"combinations,omitempty"`
V2 *bool `protobuf:"varint,8,opt,name=v2" json:"v2,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -515,39 +513,20 @@ func (m *Authorization) GetChallenges() []*Challenge {
return nil
}
func (m *Authorization) GetCombinations() []byte {
if m != nil {
return m.Combinations
}
return nil
}
func (m *Authorization) GetV2() bool {
if m != nil && m.V2 != nil {
return *m.V2
}
return false
}
type Order struct {
Id *int64 `protobuf:"varint,1,opt,name=id" json:"id,omitempty"`
RegistrationID *int64 `protobuf:"varint,2,opt,name=registrationID" json:"registrationID,omitempty"`
Expires *int64 `protobuf:"varint,3,opt,name=expires" json:"expires,omitempty"`
Error *ProblemDetails `protobuf:"bytes,4,opt,name=error" json:"error,omitempty"`
CertificateSerial *string `protobuf:"bytes,5,opt,name=certificateSerial" json:"certificateSerial,omitempty"`
// contains only v1 authorization IDs, should be
// deprecated once fully switched to v2 authorizations
// in favor of v2Authorizations.
Authorizations []string `protobuf:"bytes,6,rep,name=authorizations" json:"authorizations,omitempty"`
Status *string `protobuf:"bytes,7,opt,name=status" json:"status,omitempty"`
Names []string `protobuf:"bytes,8,rep,name=names" json:"names,omitempty"`
BeganProcessing *bool `protobuf:"varint,9,opt,name=beganProcessing" json:"beganProcessing,omitempty"`
Created *int64 `protobuf:"varint,10,opt,name=created" json:"created,omitempty"`
// contains only v2 authorization IDs.
V2Authorizations []int64 `protobuf:"varint,11,rep,name=v2Authorizations" json:"v2Authorizations,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
Id *int64 `protobuf:"varint,1,opt,name=id" json:"id,omitempty"`
RegistrationID *int64 `protobuf:"varint,2,opt,name=registrationID" json:"registrationID,omitempty"`
Expires *int64 `protobuf:"varint,3,opt,name=expires" json:"expires,omitempty"`
Error *ProblemDetails `protobuf:"bytes,4,opt,name=error" json:"error,omitempty"`
CertificateSerial *string `protobuf:"bytes,5,opt,name=certificateSerial" json:"certificateSerial,omitempty"`
Status *string `protobuf:"bytes,7,opt,name=status" json:"status,omitempty"`
Names []string `protobuf:"bytes,8,rep,name=names" json:"names,omitempty"`
BeganProcessing *bool `protobuf:"varint,9,opt,name=beganProcessing" json:"beganProcessing,omitempty"`
Created *int64 `protobuf:"varint,10,opt,name=created" json:"created,omitempty"`
V2Authorizations []int64 `protobuf:"varint,11,rep,name=v2Authorizations" json:"v2Authorizations,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Order) Reset() { *m = Order{} }
@ -610,13 +589,6 @@ func (m *Order) GetCertificateSerial() string {
return ""
}
func (m *Order) GetAuthorizations() []string {
if m != nil {
return m.Authorizations
}
return nil
}
func (m *Order) GetStatus() string {
if m != nil && m.Status != nil {
return *m.Status
@ -697,52 +669,51 @@ func init() {
func init() { proto.RegisterFile("core/proto/core.proto", fileDescriptor_80ea9561f1d738ba) }
var fileDescriptor_80ea9561f1d738ba = []byte{
// 748 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0xc1, 0x6e, 0xdb, 0x38,
0x10, 0x85, 0x2c, 0x2b, 0xb6, 0xc6, 0xde, 0xc4, 0x21, 0xb2, 0x81, 0xb0, 0x58, 0x04, 0x82, 0x0e,
0x0b, 0x21, 0x58, 0x24, 0x80, 0xff, 0x20, 0x4d, 0x7a, 0xc8, 0xa9, 0x06, 0x93, 0xf6, 0xd0, 0x9b,
0x22, 0x4d, 0x6d, 0x36, 0xb2, 0x68, 0x90, 0xb4, 0x51, 0xf7, 0x1f, 0xfa, 0x21, 0xfd, 0xb1, 0x1e,
0x7b, 0xef, 0xa5, 0x28, 0x38, 0x94, 0x6d, 0xc9, 0x4e, 0xd1, 0xdb, 0xcc, 0x23, 0x65, 0xce, 0xbc,
0xf7, 0x66, 0x0c, 0x7f, 0xe7, 0x52, 0xe1, 0xf5, 0x42, 0x49, 0x23, 0xaf, 0x6d, 0x78, 0x45, 0x21,
0xeb, 0xda, 0x38, 0xf9, 0xd2, 0x81, 0xf0, 0x76, 0x96, 0x95, 0x25, 0x56, 0x53, 0x64, 0xc7, 0xd0,
0x11, 0x45, 0xe4, 0xc5, 0x5e, 0xea, 0xf3, 0x8e, 0x28, 0x18, 0x83, 0xae, 0x59, 0x2f, 0x30, 0xea,
0xc4, 0x5e, 0x1a, 0x72, 0x8a, 0xd9, 0x39, 0x1c, 0x69, 0x93, 0x99, 0xa5, 0x8e, 0x8e, 0x08, 0xad,
0x33, 0x36, 0x02, 0x7f, 0xa9, 0x44, 0x14, 0x12, 0x68, 0x43, 0x76, 0x06, 0x81, 0x91, 0xcf, 0x58,
0x45, 0x3e, 0x61, 0x2e, 0x61, 0x97, 0x30, 0x7a, 0xc6, 0xf5, 0xcd, 0xd2, 0xcc, 0xa4, 0x12, 0x9f,
0x33, 0x23, 0x64, 0x15, 0x05, 0x74, 0xe1, 0x00, 0x67, 0x77, 0x70, 0xba, 0xca, 0x4a, 0x51, 0x50,
0xa6, 0x30, 0x97, 0xaa, 0xd0, 0x11, 0xc4, 0x7e, 0x3a, 0x18, 0x9f, 0x5f, 0x51, 0x2f, 0xef, 0xb6,
0xc7, 0x9c, 0x8e, 0xf9, 0xe1, 0x07, 0xec, 0x12, 0x02, 0x54, 0x4a, 0xaa, 0xa8, 0x17, 0x7b, 0xe9,
0x60, 0x7c, 0xe6, 0xbe, 0x9c, 0x28, 0xf9, 0x54, 0xe2, 0xfc, 0x0e, 0x4d, 0x26, 0x4a, 0xcd, 0xdd,
0x95, 0xe4, 0xbb, 0x07, 0xa3, 0xfd, 0xdf, 0x64, 0xff, 0x40, 0x7f, 0x26, 0xb5, 0xa9, 0xb2, 0x39,
0x12, 0x39, 0x21, 0xdf, 0xe6, 0x96, 0xa2, 0x85, 0x54, 0x66, 0x43, 0x91, 0x8d, 0xd9, 0xff, 0x70,
0x9a, 0x15, 0x85, 0x42, 0xad, 0x51, 0x73, 0xd4, 0xb2, 0x5c, 0x61, 0x11, 0xf9, 0xb1, 0x9f, 0x0e,
0xf9, 0xe1, 0x01, 0x8b, 0x61, 0x50, 0x83, 0x6f, 0x35, 0x16, 0x51, 0x37, 0xf6, 0xd2, 0x21, 0x6f,
0x42, 0x74, 0xc3, 0xf1, 0x62, 0x04, 0xea, 0x28, 0x88, 0xfd, 0x34, 0xe4, 0x4d, 0xc8, 0x91, 0x5f,
0xd6, 0x8a, 0xd8, 0x90, 0xfd, 0x07, 0xc7, 0xdb, 0xa7, 0x1e, 0x95, 0xc0, 0x22, 0xea, 0x51, 0x01,
0x7b, 0x68, 0xf2, 0x11, 0x8e, 0xdb, 0x4c, 0xd8, 0xd7, 0x16, 0x0e, 0x79, 0xb4, 0xda, 0xbb, 0x86,
0x9b, 0x90, 0xb5, 0x40, 0x41, 0x97, 0xeb, 0xae, 0xeb, 0x8c, 0x5d, 0x00, 0xcc, 0x8c, 0x59, 0x3c,
0x38, 0x7b, 0x58, 0xd5, 0x03, 0xde, 0x40, 0x92, 0xaf, 0x1e, 0x0c, 0x6e, 0x51, 0x19, 0xf1, 0x41,
0xe4, 0x99, 0x41, 0x5b, 0xa3, 0xc2, 0xa9, 0xd0, 0x46, 0x11, 0xdb, 0xf7, 0x77, 0xb5, 0xf5, 0xf6,
0x50, 0xb2, 0x1c, 0x2a, 0x91, 0x6d, 0xdf, 0x73, 0x19, 0xd5, 0x21, 0xa6, 0xa8, 0x4d, 0xed, 0xb0,
0x3a, 0xb3, 0x6c, 0x14, 0xa8, 0x6a, 0x26, 0x6d, 0x68, 0x6f, 0x0a, 0xad, 0x97, 0x58, 0x90, 0xd5,
0x7c, 0x5e, 0x67, 0x2c, 0x82, 0x1e, 0x7e, 0x5a, 0x08, 0x85, 0xce, 0xcd, 0x3e, 0xdf, 0xa4, 0xc9,
0x37, 0x0f, 0x86, 0xbc, 0x51, 0xc6, 0xc1, 0x6c, 0x8c, 0xc0, 0x7f, 0xc6, 0x35, 0x55, 0x34, 0xe4,
0x36, 0xb4, 0x3f, 0x96, 0xcb, 0xca, 0x64, 0xb9, 0x21, 0xb1, 0x43, 0xbe, 0x49, 0x59, 0x0a, 0x27,
0x75, 0xa8, 0x27, 0x0a, 0x35, 0x56, 0x86, 0x8a, 0xeb, 0xf3, 0x7d, 0x98, 0xfd, 0x0b, 0x61, 0x36,
0x55, 0x88, 0x73, 0x7b, 0xc7, 0x8d, 0xc5, 0x0e, 0xb0, 0xa7, 0xa2, 0x12, 0x46, 0x64, 0xe5, 0xfd,
0x84, 0x0a, 0x1e, 0xf2, 0x1d, 0x60, 0x4f, 0x73, 0x85, 0x99, 0xc1, 0xe2, 0xc6, 0x90, 0xd7, 0x7d,
0xbe, 0x03, 0x1a, 0x73, 0xdb, 0x6f, 0xce, 0x6d, 0xf2, 0xd3, 0x83, 0xbf, 0xda, 0x53, 0xb7, 0xeb,
0x34, 0xa4, 0x4e, 0x2f, 0x00, 0x44, 0x81, 0x95, 0x95, 0x0d, 0x55, 0x2d, 0x41, 0x03, 0x79, 0x41,
0x46, 0xff, 0xb7, 0x32, 0xba, 0x0a, 0xba, 0xad, 0xcd, 0xd1, 0x10, 0x21, 0x68, 0x89, 0xc0, 0xae,
0x01, 0xf2, 0xcd, 0x72, 0xb2, 0x0a, 0xd9, 0xc1, 0x3f, 0x71, 0xe3, 0xbb, 0x5d, 0x5a, 0xbc, 0x71,
0x85, 0x25, 0x30, 0xcc, 0xe5, 0xfc, 0x49, 0x54, 0xf4, 0xa6, 0x26, 0x16, 0x86, 0xbc, 0x85, 0xd9,
0xf6, 0x56, 0x63, 0x22, 0xa1, 0xcf, 0x3b, 0xab, 0x71, 0xf2, 0xa3, 0x03, 0xc1, 0x1b, 0x65, 0x5d,
0xb2, 0x2f, 0xf1, 0x61, 0x63, 0x9d, 0x17, 0x1b, 0x6b, 0x34, 0xe0, 0xb7, 0x1b, 0xd8, 0xae, 0x9e,
0xee, 0x1f, 0x57, 0x8f, 0xdd, 0x1a, 0xf9, 0x6e, 0x38, 0x1e, 0x9c, 0xe1, 0x9d, 0x05, 0x0e, 0x0f,
0x68, 0xbe, 0x9b, 0xaa, 0x39, 0x7a, 0x42, 0xbe, 0x87, 0x36, 0x48, 0xef, 0xb5, 0x48, 0x3f, 0x83,
0xc0, 0xee, 0x2f, 0xeb, 0x06, 0xfb, 0x99, 0x4b, 0xac, 0x51, 0x9f, 0x70, 0x9a, 0x55, 0x13, 0x25,
0x73, 0xd4, 0x5a, 0x54, 0x53, 0x5a, 0xe8, 0x7d, 0xbe, 0x0f, 0x93, 0xd9, 0x9d, 0xb7, 0x22, 0x70,
0x3d, 0xd7, 0xa9, 0x5d, 0xf0, 0xab, 0xf1, 0x4d, 0xbb, 0xb6, 0x41, 0xec, 0xa7, 0x3e, 0x3f, 0xc0,
0x93, 0x1e, 0x04, 0xaf, 0xe7, 0x0b, 0xb3, 0x7e, 0xd5, 0x7b, 0x1f, 0xd0, 0xdf, 0xd2, 0xaf, 0x00,
0x00, 0x00, 0xff, 0xff, 0x0a, 0x30, 0x02, 0xc8, 0xae, 0x06, 0x00, 0x00,
// 730 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0x41, 0x6e, 0xdb, 0x3a,
0x10, 0x85, 0x4c, 0x29, 0x92, 0xc6, 0xfe, 0x89, 0x43, 0xe4, 0x07, 0x44, 0x51, 0x04, 0x82, 0x16,
0x85, 0x10, 0x14, 0x09, 0x90, 0x1b, 0xa4, 0x49, 0x17, 0xc9, 0xa6, 0x06, 0x93, 0x76, 0xd1, 0x9d,
0x22, 0x4d, 0x6d, 0x36, 0xb2, 0x64, 0x90, 0x74, 0x50, 0xf7, 0x0e, 0x3d, 0x48, 0x2f, 0xd4, 0xde,
0xa0, 0xcb, 0x9e, 0xa1, 0x20, 0x29, 0xdb, 0xb2, 0x9d, 0xa2, 0xbb, 0x99, 0xc7, 0xb1, 0xf8, 0x38,
0xef, 0xcd, 0x18, 0xfe, 0x2f, 0x1a, 0x89, 0xe7, 0x33, 0xd9, 0xe8, 0xe6, 0xdc, 0x84, 0x67, 0x36,
0xa4, 0xbe, 0x89, 0xd3, 0x6f, 0x3d, 0x88, 0xaf, 0x26, 0x79, 0x55, 0x61, 0x3d, 0x46, 0xba, 0x0f,
0x3d, 0x51, 0x32, 0x2f, 0xf1, 0x32, 0xc2, 0x7b, 0xa2, 0xa4, 0x14, 0x7c, 0xbd, 0x98, 0x21, 0xeb,
0x25, 0x5e, 0x16, 0x73, 0x1b, 0xd3, 0x63, 0xd8, 0x53, 0x3a, 0xd7, 0x73, 0xc5, 0xf6, 0x2c, 0xda,
0x66, 0x74, 0x08, 0x64, 0x2e, 0x05, 0x8b, 0x2d, 0x68, 0x42, 0x7a, 0x04, 0x81, 0x6e, 0x1e, 0xb1,
0x66, 0xc4, 0x62, 0x2e, 0xa1, 0xa7, 0x30, 0x7c, 0xc4, 0xc5, 0xe5, 0x5c, 0x4f, 0x1a, 0x29, 0xbe,
0xe6, 0x5a, 0x34, 0x35, 0x0b, 0x6c, 0xc1, 0x0e, 0x4e, 0xaf, 0xe1, 0xf0, 0x29, 0xaf, 0x44, 0x69,
0x33, 0x89, 0x45, 0x23, 0x4b, 0xc5, 0x20, 0x21, 0x59, 0xff, 0xe2, 0xf8, 0xcc, 0xbe, 0xe5, 0xc3,
0xea, 0x98, 0xdb, 0x63, 0xbe, 0xfb, 0x03, 0x7a, 0x0a, 0x01, 0x4a, 0xd9, 0x48, 0x16, 0x26, 0x5e,
0xd6, 0xbf, 0x38, 0x72, 0xbf, 0x1c, 0xc9, 0xe6, 0xa1, 0xc2, 0xe9, 0x35, 0xea, 0x5c, 0x54, 0x8a,
0xbb, 0x92, 0xf4, 0xb7, 0x07, 0xc3, 0xed, 0x6f, 0xd2, 0x17, 0x10, 0x4d, 0x1a, 0xa5, 0xeb, 0x7c,
0x8a, 0xb6, 0x39, 0x31, 0x5f, 0xe5, 0xa6, 0x45, 0xb3, 0x46, 0xea, 0x65, 0x8b, 0x4c, 0x4c, 0x5f,
0xc3, 0x61, 0x5e, 0x96, 0x12, 0x95, 0x42, 0xc5, 0x51, 0x35, 0xd5, 0x13, 0x96, 0x8c, 0x24, 0x24,
0x1b, 0xf0, 0xdd, 0x03, 0x9a, 0x40, 0xbf, 0x05, 0xdf, 0x2b, 0x2c, 0x99, 0x9f, 0x78, 0xd9, 0x80,
0x77, 0x21, 0x5b, 0xe1, 0xfa, 0xa2, 0x05, 0x2a, 0x16, 0x24, 0x24, 0x8b, 0x79, 0x17, 0x72, 0xcd,
0xaf, 0x5a, 0x45, 0x4c, 0x48, 0x5f, 0xc1, 0xfe, 0xea, 0xaa, 0x7b, 0x29, 0xb0, 0x64, 0xa1, 0x25,
0xb0, 0x85, 0xa6, 0x9f, 0x61, 0x7f, 0xb3, 0x13, 0xe6, 0xb6, 0x99, 0x43, 0xee, 0x8d, 0xf6, 0xee,
0xc1, 0x5d, 0xc8, 0x58, 0xa0, 0xb4, 0xc5, 0xed, 0xab, 0xdb, 0x8c, 0x9e, 0x00, 0x4c, 0xb4, 0x9e,
0xdd, 0x39, 0x7b, 0x18, 0xd5, 0x03, 0xde, 0x41, 0xd2, 0xef, 0x1e, 0xf4, 0xaf, 0x50, 0x6a, 0xf1,
0x49, 0x14, 0xb9, 0x46, 0xc3, 0x51, 0xe2, 0x58, 0x28, 0x2d, 0x6d, 0xb7, 0x6f, 0xae, 0x5b, 0xeb,
0x6d, 0xa1, 0xd6, 0x72, 0x28, 0x45, 0xbe, 0xba, 0xcf, 0x65, 0x96, 0x87, 0x18, 0xa3, 0xd2, 0xad,
0xc3, 0xda, 0xcc, 0x74, 0xa3, 0x44, 0xd9, 0x76, 0xd2, 0x84, 0xa6, 0x52, 0x28, 0x35, 0xc7, 0xd2,
0x5a, 0x8d, 0xf0, 0x36, 0xa3, 0x0c, 0x42, 0xfc, 0x32, 0x13, 0x12, 0x9d, 0x9b, 0x09, 0x5f, 0xa6,
0xe9, 0x2f, 0x0f, 0x06, 0xbc, 0x43, 0x63, 0x67, 0x36, 0x86, 0x40, 0x1e, 0x71, 0x61, 0x19, 0x0d,
0xb8, 0x09, 0xcd, 0xc7, 0x8a, 0xa6, 0xd6, 0x79, 0xa1, 0xad, 0xd8, 0x31, 0x5f, 0xa6, 0x34, 0x83,
0x83, 0x36, 0x54, 0x23, 0x89, 0x0a, 0x6b, 0x6d, 0xc9, 0x45, 0x7c, 0x1b, 0xa6, 0x2f, 0x21, 0xce,
0xc7, 0x12, 0x71, 0x6a, 0x6a, 0xdc, 0x58, 0xac, 0x01, 0x73, 0x2a, 0x6a, 0xa1, 0x45, 0x5e, 0xdd,
0x8c, 0x2c, 0xe1, 0x01, 0x5f, 0x03, 0xe6, 0xb4, 0x90, 0x98, 0x6b, 0x2c, 0x2f, 0xb5, 0xf5, 0x3a,
0xe1, 0x6b, 0xa0, 0x33, 0xb7, 0x51, 0x77, 0x6e, 0xd3, 0x1f, 0x1e, 0xfc, 0xb7, 0x39, 0x75, 0xeb,
0x97, 0xc6, 0xf6, 0xa5, 0x27, 0x00, 0xa2, 0xc4, 0xda, 0xc8, 0x86, 0xb2, 0x95, 0xa0, 0x83, 0x3c,
0x23, 0x23, 0xf9, 0xab, 0x8c, 0x8e, 0x81, 0xbf, 0xb1, 0x39, 0x3a, 0x22, 0x04, 0x1b, 0x22, 0xd0,
0x73, 0x80, 0x62, 0xb9, 0x9c, 0x8c, 0x42, 0x66, 0xf0, 0x0f, 0xdc, 0xf8, 0xae, 0x96, 0x16, 0xef,
0x94, 0xdc, 0xfa, 0x51, 0x38, 0x8c, 0x6e, 0xfd, 0x28, 0x1a, 0xc6, 0xe9, 0xcf, 0x1e, 0x04, 0xef,
0xa4, 0x51, 0x7f, 0x5b, 0xba, 0x5d, 0xc2, 0xbd, 0x67, 0x09, 0x77, 0x88, 0x91, 0x4d, 0x62, 0xab,
0x95, 0xe2, 0xff, 0x73, 0xa5, 0x98, 0x6d, 0x50, 0xac, 0x4d, 0x7f, 0xe7, 0x8c, 0xec, 0xa4, 0xdd,
0x3d, 0xe8, 0x34, 0x29, 0xdc, 0x68, 0xd2, 0x11, 0x04, 0x66, 0xdf, 0x18, 0xf5, 0x8c, 0xb5, 0x5c,
0x62, 0x8c, 0xf5, 0x80, 0xe3, 0xbc, 0x1e, 0xc9, 0xa6, 0x40, 0xa5, 0x44, 0x3d, 0xb6, 0x0b, 0x38,
0xe2, 0xdb, 0xb0, 0x35, 0xa7, 0xf3, 0x02, 0x03, 0xf7, 0x96, 0x36, 0x35, 0x0b, 0xf9, 0xe9, 0x62,
0xc3, 0x01, 0x8a, 0xf5, 0x13, 0x92, 0x11, 0xbe, 0x83, 0xdf, 0xfa, 0xd1, 0xde, 0x30, 0x4c, 0x43,
0x08, 0xde, 0x4e, 0x67, 0x7a, 0xf1, 0x26, 0xfc, 0x18, 0xd8, 0x3f, 0x93, 0x3f, 0x01, 0x00, 0x00,
0xff, 0xff, 0x9d, 0x5e, 0xf8, 0x60, 0x64, 0x06, 0x00, 0x00,
}

10
core/proto/core.proto
View File

@ -61,8 +61,8 @@ message Authorization {
optional string status = 4;
optional int64 expires = 5; // Unix timestamp (nanoseconds)
repeated core.Challenge challenges = 6;
optional bytes combinations = 7; // deprecated
optional bool v2 = 8;
reserved 7; // previously combinations
reserved 8; // previously v2
}
message Order {
@ -71,15 +71,11 @@ message Order {
optional int64 expires = 3;
optional ProblemDetails error = 4;
optional string certificateSerial = 5;
// contains only v1 authorization IDs, should be
// deprecated once fully switched to v2 authorizations
// in favor of v2Authorizations.
repeated string authorizations = 6;
reserved 6; // previously authorizations, deprecated in favor of v2Authorizations
optional string status = 7;
repeated string names = 8;
optional bool beganProcessing = 9;
optional int64 created = 10;
// contains only v2 authorization IDs.
repeated int64 v2Authorizations = 11;
}

2
grpc/pb-marshalling.go
View File

@ -357,9 +357,7 @@ func AuthzToPB(authz core.Authorization) (*corepb.Authorization, error) {
if authz.Expires != nil {
expires = authz.Expires.UTC().UnixNano()
}
v2 := true
return &corepb.Authorization{
V2: &v2,
Id: &authz.ID,
Identifier: &authz.Identifier.Value,
RegistrationID: &authz.RegistrationID,

330
grpc/sa-wrappers.go
View File

@ -59,49 +59,6 @@ func (sac StorageAuthorityClientWrapper) GetRegistrationByKey(ctx context.Contex
return pbToRegistration(response)
}
func (sac StorageAuthorityClientWrapper) GetAuthorization(ctx context.Context, authID string) (core.Authorization, error) {
response, err := sac.inner.GetAuthorization(ctx, &sapb.AuthorizationID{Id: &authID})
if err != nil {
return core.Authorization{}, err
}
if response == nil || !authorizationValid(response) {
return core.Authorization{}, errIncompleteResponse
}
return PBToAuthz(response)
}
func (sac StorageAuthorityClientWrapper) GetValidAuthorizations(ctx context.Context, regID int64, domains []string, now time.Time) (map[string]*core.Authorization, error) {
nowUnix := now.UnixNano()
response, err := sac.inner.GetValidAuthorizations(ctx, &sapb.GetValidAuthorizationsRequest{
RegistrationID: &regID,
Domains: domains,
Now: &nowUnix,
})
if err != nil {
return nil, err
}
if response == nil {
return nil, errIncompleteResponse
}
auths := make(map[string]*core.Authorization, len(response.Valid))
for _, element := range response.Valid {
if element == nil || element.Domain == nil || !authorizationValid(element.Authz) {
return nil, errIncompleteResponse
}
authz, err := PBToAuthz(element.Authz)
if err != nil {
return nil, err
}
auths[*element.Domain] = &authz
}
return auths, nil
}
func (sac StorageAuthorityClientWrapper) GetCertificate(ctx context.Context, serial string) (core.Certificate, error) {
response, err := sac.inner.GetCertificate(ctx, &sapb.Serial{Serial: &serial})
if err != nil {
@ -211,19 +168,6 @@ func (sac StorageAuthorityClientWrapper) CountRegistrationsByIPRange(ctx context
return int(*response.Count), nil
}
func (sac StorageAuthorityClientWrapper) CountPendingAuthorizations(ctx context.Context, regID int64) (int, error) {
response, err := sac.inner.CountPendingAuthorizations(ctx, &sapb.RegistrationID{Id: &regID})
if err != nil {
return 0, err
}
if response == nil || response.Count == nil {
return 0, errIncompleteResponse
}
return int(*response.Count), nil
}
func (sac StorageAuthorityClientWrapper) CountOrders(ctx context.Context, acctID int64, earliest, latest time.Time) (int, error) {
earliestNano := earliest.UnixNano()
latestNano := latest.UnixNano()
@ -246,22 +190,6 @@ func (sac StorageAuthorityClientWrapper) CountOrders(ctx context.Context, acctID
return int(*response.Count), nil
}
func (sac StorageAuthorityClientWrapper) CountInvalidAuthorizations(ctx context.Context, request *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error) {
return sac.inner.CountInvalidAuthorizations(ctx, request)
}
func (sac StorageAuthorityClientWrapper) GetPendingAuthorization(ctx context.Context, request *sapb.GetPendingAuthorizationRequest) (*core.Authorization, error) {
authzPB, err := sac.inner.GetPendingAuthorization(ctx, request)
if err != nil {
return nil, err
}
authz, err := PBToAuthz(authzPB)
if err != nil {
return nil, err
}
return &authz, nil
}
func (sac StorageAuthorityClientWrapper) CountFQDNSets(ctx context.Context, window time.Duration, domains []string) (int64, error) {
windowNanos := window.Nanoseconds()
@ -367,38 +295,6 @@ func (sac StorageAuthorityClientWrapper) UpdateRegistration(ctx context.Context,
return nil
}
func (sac StorageAuthorityClientWrapper) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (core.Authorization, error) {
authPB, err := AuthzToPB(authz)
if err != nil {
return core.Authorization{}, err
}
response, err := sac.inner.NewPendingAuthorization(ctx, authPB)
if err != nil {
return core.Authorization{}, err
}
if response == nil || !authorizationValid(response) {
return core.Authorization{}, errIncompleteResponse
}
return PBToAuthz(response)
}
func (sac StorageAuthorityClientWrapper) FinalizeAuthorization(ctx context.Context, authz core.Authorization) error {
authPB, err := AuthzToPB(authz)
if err != nil {
return err
}
_, err = sac.inner.FinalizeAuthorization(ctx, authPB)
if err != nil {
return err
}
return nil
}
func (sac StorageAuthorityClientWrapper) AddCertificate(
ctx context.Context,
der []byte,
@ -435,15 +331,6 @@ func (sac StorageAuthorityClientWrapper) DeactivateRegistration(ctx context.Cont
return nil
}
func (sac StorageAuthorityClientWrapper) DeactivateAuthorization(ctx context.Context, id string) error {
_, err := sac.inner.DeactivateAuthorization(ctx, &sapb.AuthorizationID{Id: &id})
if err != nil {
return err
}
return nil
}
func (sas StorageAuthorityClientWrapper) NewOrder(ctx context.Context, request *corepb.Order) (*corepb.Order, error) {
resp, err := sas.inner.NewOrder(ctx, request)
if err != nil {
@ -499,65 +386,6 @@ func (sas StorageAuthorityClientWrapper) GetOrderForNames(
return resp, nil
}
func (sas StorageAuthorityClientWrapper) GetValidOrderAuthorizations(
ctx context.Context,
request *sapb.GetValidOrderAuthorizationsRequest) (map[string]*core.Authorization, error) {
resp, err := sas.inner.GetValidOrderAuthorizations(ctx, request)
if err != nil {
return nil, err
}
if resp == nil {
return nil, errIncompleteResponse
}
// If there were no authorizations, return nil
if resp.Authz == nil {
return nil, nil
}
// Otherwise check the authorizations are valid and convert them from protobuf
// form before returning a map of results to the caller
auths := make(map[string]*core.Authorization, len(resp.Authz))
for _, element := range resp.Authz {
if element == nil || element.Domain == nil || !authorizationValid(element.Authz) {
return nil, errIncompleteResponse
}
authz, err := PBToAuthz(element.Authz)
if err != nil {
return nil, err
}
auths[*element.Domain] = &authz
}
return auths, nil
}
func (sas StorageAuthorityClientWrapper) GetAuthorizations(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error) {
resp, err := sas.inner.GetAuthorizations(ctx, req)
if err != nil {
return nil, err
}
if resp == nil {
return nil, errIncompleteResponse
}
for _, element := range resp.Authz {
if element == nil || element.Domain == nil || !authorizationValid(element.Authz) {
return nil, errIncompleteResponse
}
}
return resp, nil
}
func (sas StorageAuthorityClientWrapper) AddPendingAuthorizations(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error) {
resp, err := sas.inner.AddPendingAuthorizations(ctx, req)
if err != nil {
return nil, err
}
if resp == nil || resp.Ids == nil {
return nil, errIncompleteResponse
}
return resp, nil
}
func (sas StorageAuthorityClientWrapper) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error) {
resp, err := sas.inner.GetAuthorization2(ctx, req)
if err != nil {
@ -704,43 +532,6 @@ func (sas StorageAuthorityServerWrapper) GetRegistrationByKey(ctx context.Contex
return registrationToPB(reg)
}
func (sas StorageAuthorityServerWrapper) GetAuthorization(ctx context.Context, request *sapb.AuthorizationID) (*corepb.Authorization, error) {
if request == nil || request.Id == nil {
return nil, errIncompleteRequest
}
authz, err := sas.inner.GetAuthorization(ctx, *request.Id)
if err != nil {
return nil, err
}
return AuthzToPB(authz)
}
func (sas StorageAuthorityServerWrapper) GetValidAuthorizations(ctx context.Context, request *sapb.GetValidAuthorizationsRequest) (*sapb.ValidAuthorizations, error) {
if request == nil || request.RegistrationID == nil || request.Domains == nil || request.Now == nil {
return nil, errIncompleteRequest
}
valid, err := sas.inner.GetValidAuthorizations(ctx, *request.RegistrationID, request.Domains, time.Unix(0, *request.Now))
if err != nil {
return nil, err
}
resp := &sapb.ValidAuthorizations{}
for k, v := range valid {
authzPB, err := AuthzToPB(*v)
if err != nil {
return nil, err
}
// Make a copy of k because it will be reassigned with each loop.
kCopy := k
resp.Valid = append(resp.Valid, &sapb.ValidAuthorizations_MapElement{Domain: &kCopy, Authz: authzPB})
}
return resp, nil
}
func (sas StorageAuthorityServerWrapper) GetCertificate(ctx context.Context, request *sapb.Serial) (*corepb.Certificate, error) {
if request == nil || request.Serial == nil {
return nil, errIncompleteRequest
@ -840,20 +631,6 @@ func (sas StorageAuthorityServerWrapper) CountRegistrationsByIPRange(ctx context
return &sapb.Count{Count: &castedCount}, nil
}
func (sas StorageAuthorityServerWrapper) CountPendingAuthorizations(ctx context.Context, request *sapb.RegistrationID) (*sapb.Count, error) {
if request == nil || request.Id == nil {
return nil, errIncompleteRequest
}
count, err := sas.inner.CountPendingAuthorizations(ctx, *request.Id)
if err != nil {
return nil, err
}
castedCount := int64(count)
return &sapb.Count{Count: &castedCount}, nil
}
func (sas StorageAuthorityServerWrapper) CountOrders(ctx context.Context, request *sapb.CountOrdersRequest) (*sapb.Count, error) {
if request == nil || request.AccountID == nil || request.Range == nil || request.Range.Earliest == nil || request.Range.Latest == nil {
return nil, errIncompleteRequest
@ -872,22 +649,6 @@ func (sas StorageAuthorityServerWrapper) CountOrders(ctx context.Context, reques
return &sapb.Count{Count: &castedCount}, nil
}
func (sas StorageAuthorityServerWrapper) CountInvalidAuthorizations(ctx context.Context, request *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error) {
return sas.inner.CountInvalidAuthorizations(ctx, request)
}
func (sas StorageAuthorityServerWrapper) GetPendingAuthorization(ctx context.Context, request *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error) {
authz, err := sas.inner.GetPendingAuthorization(ctx, request)
if err != nil {
return nil, err
}
authzPB, err := AuthzToPB(*authz)
if err != nil {
return nil, err
}
return authzPB, err
}
func (sas StorageAuthorityServerWrapper) CountFQDNSets(ctx context.Context, request *sapb.CountFQDNSetsRequest) (*sapb.Count, error) {
if request == nil || request.Window == nil || request.Domains == nil {
return nil, errIncompleteRequest
@ -963,42 +724,6 @@ func (sas StorageAuthorityServerWrapper) UpdateRegistration(ctx context.Context,
return &corepb.Empty{}, nil
}
func (sas StorageAuthorityServerWrapper) NewPendingAuthorization(ctx context.Context, request *corepb.Authorization) (*corepb.Authorization, error) {
if request == nil || !authorizationValid(request) {
return nil, errIncompleteRequest
}
authz, err := PBToAuthz(request)
if err != nil {
return nil, err
}
newAuthz, err := sas.inner.NewPendingAuthorization(ctx, authz)
if err != nil {
return nil, err
}
return AuthzToPB(newAuthz)
}
func (sas StorageAuthorityServerWrapper) FinalizeAuthorization(ctx context.Context, request *corepb.Authorization) (*corepb.Empty, error) {
if request == nil || !authorizationValid(request) {
return nil, errIncompleteRequest
}
authz, err := PBToAuthz(request)
if err != nil {
return nil, err
}
err = sas.inner.FinalizeAuthorization(ctx, authz)
if err != nil {
return nil, err
}
return &corepb.Empty{}, nil
}
func (sas StorageAuthorityServerWrapper) AddCertificate(ctx context.Context, request *sapb.AddCertificateRequest) (*sapb.AddCertificateResponse, error) {
if request == nil || request.Der == nil || request.RegID == nil || request.Issued == nil {
return nil, errIncompleteRequest
@ -1026,19 +751,6 @@ func (sas StorageAuthorityServerWrapper) DeactivateRegistration(ctx context.Cont
return &corepb.Empty{}, nil
}
func (sas StorageAuthorityServerWrapper) DeactivateAuthorization(ctx context.Context, request *sapb.AuthorizationID) (*corepb.Empty, error) {
if request == nil || request.Id == nil {
return nil, errIncompleteRequest
}
err := sas.inner.DeactivateAuthorization(ctx, *request.Id)
if err != nil {
return nil, err
}
return &corepb.Empty{}, nil
}
func (sas StorageAuthorityServerWrapper) NewOrder(ctx context.Context, request *corepb.Order) (*corepb.Order, error) {
if request == nil || !newOrderValid(request) {
return nil, errIncompleteRequest
@ -1100,48 +812,6 @@ func (sas StorageAuthorityServerWrapper) GetOrderForNames(
return sas.inner.GetOrderForNames(ctx, request)
}
func (sas StorageAuthorityServerWrapper) GetValidOrderAuthorizations(
ctx context.Context,
request *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error) {
if request == nil || request.Id == nil || request.AcctID == nil {
return nil, errIncompleteRequest
}
authzs, err := sas.inner.GetValidOrderAuthorizations(ctx, request)
if err != nil {
return nil, err
}
resp := &sapb.Authorizations{}
for k, v := range authzs {
authzPB, err := AuthzToPB(*v)
if err != nil {
return nil, err
}
// Make a copy of k because it will be reassigned with each loop.
kCopy := k
resp.Authz = append(resp.Authz, &sapb.Authorizations_MapElement{Domain: &kCopy, Authz: authzPB})
}
return resp, nil
}
func (sas StorageAuthorityServerWrapper) GetAuthorizations(ctx context.Context, request *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error) {
if request == nil || request.RegistrationID == nil || request.Domains == nil || request.Now == nil || request.RequireV2Authzs == nil {
return nil, errIncompleteRequest
}
return sas.inner.GetAuthorizations(ctx, request)
}
func (sas StorageAuthorityServerWrapper) AddPendingAuthorizations(ctx context.Context, request *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error) {
if request == nil || request.Authz == nil {
return nil, errIncompleteRequest
}
return sas.inner.AddPendingAuthorizations(ctx, request)
}
func (sas StorageAuthorityServerWrapper) GetAuthorization2(ctx context.Context, request *sapb.AuthorizationID2) (*corepb.Authorization, error) {
if request == nil || request.Id == nil {
return nil, errIncompleteRequest

2
ra/ra.go
View File

@ -2001,9 +2001,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
func (ra *RegistrationAuthorityImpl) createPendingAuthz(ctx context.Context, reg int64, identifier identifier.ACMEIdentifier) (*corepb.Authorization, error) {
expires := ra.clk.Now().Add(ra.pendingAuthorizationLifetime).Truncate(time.Second).UnixNano()
status := string(core.StatusPending)
v2 := true
authz := &corepb.Authorization{
V2: &v2,
Identifier: &identifier.Value,
RegistrationID: &reg,
Status: &status,

8
ra/ra_test.go
View File

@ -77,8 +77,6 @@ func createPendingAuthorization(t *testing.T, sa core.StorageAuthority, domain s
}
authzPB, err := bgrpc.AuthzToPB(authz)
test.AssertNotError(t, err, "AuthzToPB failed")
v2 := true
authzPB.V2 = &v2
ids, err := sa.NewAuthorizations2(context.Background(), &sapb.AddPendingAuthorizationsRequest{
Authz: []*corepb.Authorization{authzPB},
})
@ -2268,8 +2266,7 @@ func TestNewOrderReuseInvalidAuthz(t *testing.T) {
test.AssertNotError(t, err, "FinalizeAuthorization2 failed")
// The order associated with the authz should now be invalid
useV2 := true
updatedOrder, err := ra.SA.GetOrder(ctx, &sapb.OrderRequest{Id: order.Id, UseV2Authorizations: &useV2})
updatedOrder, err := ra.SA.GetOrder(ctx, &sapb.OrderRequest{Id: order.Id})
test.AssertNotError(t, err, "Error getting order to check status")
test.AssertEquals(t, *updatedOrder.Status, "invalid")
@ -2999,10 +2996,9 @@ func TestFinalizeOrder(t *testing.T) {
// Otherwise we expect an issuance and no error
test.AssertNotError(t, result, fmt.Sprintf("FinalizeOrder result was %#v, expected nil", result))
// Check that the order now has a serial for the issued certificate
useV2 := true
updatedOrder, err := sa.GetOrder(
context.Background(),
&sapb.OrderRequest{Id: tc.OrderReq.Order.Id, UseV2Authorizations: &useV2})
&sapb.OrderRequest{Id: tc.OrderReq.Order.Id})
test.AssertNotError(t, err, "Error getting order to check serial")
test.AssertNotEquals(t, *updatedOrder.CertificateSerial, "")
test.AssertEquals(t, *updatedOrder.Status, "valid")

621
sa/proto/sa.pb.go
View File

@ -1838,122 +1838,115 @@ func init() {
func init() { proto.RegisterFile("sa/proto/sa.proto", fileDescriptor_099fb35e782a48a6) }
var fileDescriptor_099fb35e782a48a6 = []byte{
// 1835 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x59, 0x5f, 0x73, 0xdb, 0xc6,
0x11, 0xe7, 0x1f, 0x53, 0x26, 0x57, 0xb2, 0xfe, 0x9c, 0x25, 0x1a, 0x81, 0x65, 0x9b, 0xbe, 0x3a,
0x1e, 0x65, 0x3a, 0xa3, 0xb8, 0x68, 0x26, 0xe9, 0x8c, 0x1a, 0xa7, 0x72, 0x24, 0xcb, 0x4a, 0x1d,
0x99, 0x01, 0x63, 0xa5, 0xd3, 0xf6, 0x05, 0x21, 0x2e, 0x32, 0x6a, 0x0a, 0x60, 0xee, 0x8e, 0x52,
0xa4, 0xe7, 0xce, 0xb4, 0x9f, 0xa0, 0xd3, 0xc7, 0x7e, 0x86, 0x3e, 0xf6, 0x4b, 0xf4, 0x2b, 0x75,
0x6e, 0xef, 0x00, 0x02, 0xe0, 0x81, 0xf2, 0x9f, 0x4e, 0xde, 0xb0, 0x7b, 0xbb, 0x7b, 0x7b, 0x77,
0xfb, 0xe7, 0xb7, 0x24, 0xac, 0x89, 0xe0, 0xe3, 0x31, 0x4f, 0x64, 0xf2, 0xb1, 0x08, 0xb6, 0xf1,
0x83, 0x34, 0x44, 0xe0, 0x6e, 0x0c, 0x13, 0xce, 0xcc, 0x82, 0xfa, 0xd4, 0x4b, 0xb4, 0x07, 0xcb,
0x3e, 0x3b, 0x89, 0x84, 0xe4, 0x81, 0x8c, 0x92, 0xf8, 0x70, 0x8f, 0x2c, 0x43, 0x23, 0x0a, 0x9d,
0x7a, 0xaf, 0xbe, 0xd5, 0xf4, 0x1b, 0x51, 0x48, 0xef, 0x02, 0x7c, 0x35, 0x78, 0x71, 0xf4, 0x1d,
0xfb, 0xfe, 0xf7, 0xec, 0x82, 0xac, 0x42, 0xf3, 0x2f, 0xe7, 0xaf, 0x71, 0x79, 0xc9, 0x57, 0x9f,
0xf4, 0x3e, 0xac, 0xec, 0x4e, 0xe4, 0xab, 0x84, 0x47, 0x97, 0xb3, 0x26, 0x3a, 0x68, 0xe2, 0x3f,
0x75, 0xb8, 0x7b, 0xc0, 0x64, 0x9f, 0xc5, 0x61, 0x14, 0x9f, 0x14, 0xa4, 0x7d, 0xf6, 0xe3, 0x84,
0x09, 0x49, 0x1e, 0xc2, 0x32, 0x2f, 0xf8, 0x61, 0x3c, 0x28, 0x71, 0x95, 0x5c, 0x14, 0xb2, 0x58,
0x46, 0x3f, 0x44, 0x8c, 0x7f, 0x7b, 0x31, 0x66, 0x4e, 0x03, 0xb7, 0x29, 0x71, 0xc9, 0x16, 0xac,
0x4c, 0x39, 0xc7, 0xc1, 0x68, 0xc2, 0x9c, 0x26, 0x0a, 0x96, 0xd9, 0xe4, 0x2e, 0xc0, 0x59, 0x30,
0x8a, 0xc2, 0x97, 0xb1, 0x8c, 0x46, 0xce, 0x35, 0xdc, 0x35, 0xc7, 0xa1, 0x02, 0xee, 0x1c, 0x30,
0x79, 0xac, 0x18, 0x05, 0xcf, 0xc5, 0xdb, 0xba, 0xee, 0xc0, 0xf5, 0x30, 0x39, 0x0d, 0xa2, 0x58,
0x38, 0x8d, 0x5e, 0x73, 0xab, 0xe3, 0xa7, 0xa4, 0xba, 0xd4, 0x38, 0x39, 0x47, 0x07, 0x9b, 0xbe,
0xfa, 0xa4, 0xff, 0xaa, 0xc3, 0x4d, 0xcb, 0x96, 0xe4, 0x37, 0xd0, 0x42, 0xd7, 0x9c, 0x7a, 0xaf,
0xb9, 0xb5, 0xe8, 0xd1, 0x6d, 0x11, 0x6c, 0x5b, 0xe4, 0xb6, 0xbf, 0x0e, 0xc6, 0xfb, 0x23, 0x76,
0xca, 0x62, 0xe9, 0x6b, 0x05, 0xf7, 0x05, 0xc0, 0x94, 0x49, 0xba, 0xb0, 0xa0, 0x37, 0x37, 0xaf,
0x64, 0x28, 0xf2, 0x11, 0xb4, 0x82, 0x89, 0x7c, 0x75, 0x89, 0xb7, 0xba, 0xe8, 0xdd, 0xdc, 0xc6,
0x50, 0x29, 0xbe, 0x98, 0x96, 0xa0, 0xff, 0x6d, 0xc0, 0xda, 0x97, 0x8c, 0xab, 0xab, 0x1c, 0x06,
0x92, 0x0d, 0x64, 0x20, 0x27, 0x42, 0x19, 0x16, 0x8c, 0x47, 0xc1, 0x28, 0x35, 0xac, 0x29, 0xe4,
0xa3, 0x84, 0x79, 0x06, 0x43, 0xa9, 0x77, 0x4a, 0x86, 0x62, 0xfc, 0x3c, 0x10, 0xf2, 0xe5, 0x38,
0x0c, 0x24, 0x0b, 0xcd, 0x13, 0x94, 0xd9, 0xa4, 0x07, 0x8b, 0x9c, 0x9d, 0x25, 0xaf, 0x59, 0xb8,
0x17, 0x48, 0xe6, 0xb4, 0x50, 0x2a, 0xcf, 0x22, 0x0f, 0xe0, 0x86, 0x21, 0x7d, 0x16, 0x88, 0x24,
0x76, 0x16, 0x50, 0xa6, 0xc8, 0x24, 0x9f, 0xc0, 0xc6, 0x28, 0x10, 0x72, 0xff, 0xa7, 0x71, 0xa4,
0x9f, 0xe6, 0x28, 0x38, 0x19, 0xb0, 0x58, 0x3a, 0xd7, 0x51, 0xda, 0xbe, 0x48, 0x28, 0x2c, 0x29,
0x87, 0x7c, 0x26, 0xc6, 0x49, 0x2c, 0x98, 0xd3, 0xc6, 0x04, 0x28, 0xf0, 0x88, 0x0b, 0xed, 0x38,
0x91, 0xbb, 0x3f, 0x48, 0xc6, 0x9d, 0x0e, 0x1a, 0xcb, 0x68, 0xb2, 0x09, 0x9d, 0x48, 0xa0, 0x59,
0x16, 0x3a, 0xd0, 0xab, 0x6f, 0xb5, 0xfd, 0x29, 0xe3, 0xab, 0x6b, 0xed, 0xc6, 0x6a, 0x93, 0xf6,
0x60, 0x61, 0x30, 0xbd, 0x2d, 0xcb, 0x2d, 0xd2, 0x1d, 0x68, 0xf9, 0x41, 0x7c, 0x82, 0x5b, 0xb1,
0x80, 0x8f, 0x22, 0x26, 0xa4, 0x89, 0xb6, 0x8c, 0x56, 0xca, 0xa3, 0x40, 0xaa, 0x95, 0x06, 0xae,
0x18, 0x8a, 0xde, 0x81, 0xd6, 0x97, 0xc9, 0x24, 0x96, 0x64, 0x1d, 0x5a, 0x43, 0xf5, 0x61, 0x34,
0x35, 0x41, 0xff, 0x00, 0xf7, 0x70, 0x39, 0xf7, 0xa6, 0xe2, 0xc9, 0xc5, 0x51, 0x70, 0xca, 0xb2,
0x48, 0xbf, 0x07, 0x2d, 0xae, 0xb6, 0x47, 0xc5, 0x45, 0xaf, 0xa3, 0xa2, 0x0f, 0xfd, 0xf1, 0x35,
0x5f, 0x59, 0x8e, 0x95, 0x82, 0x09, 0x70, 0x4d, 0xd0, 0xbf, 0xd5, 0x61, 0x09, 0x4d, 0x1b, 0x73,
0xe4, 0x0b, 0x58, 0x1a, 0xe6, 0x68, 0x13, 0xcc, 0xb7, 0x95, 0xb9, 0xbc, 0x5c, 0x3e, 0x8a, 0x0b,
0x0a, 0xee, 0xa7, 0x85, 0x60, 0x26, 0x70, 0x4d, 0x6d, 0x64, 0xee, 0x0a, 0xbf, 0xa7, 0x67, 0x6c,
0xe4, 0xcf, 0xd8, 0x87, 0x3b, 0xb8, 0x41, 0xbe, 0xe4, 0x89, 0x27, 0x17, 0x87, 0xfd, 0xf4, 0x84,
0xaa, 0x72, 0x8d, 0x4d, 0x75, 0x6b, 0x44, 0xe3, 0xe9, 0x89, 0x1b, 0xf6, 0x13, 0xd3, 0xbf, 0xd7,
0xe1, 0x3e, 0x9a, 0x3c, 0x8c, 0xcf, 0xde, 0xbf, 0x44, 0xb8, 0xd0, 0x7e, 0x95, 0x08, 0x89, 0xa7,
0xd1, 0x75, 0x2d, 0xa3, 0xa7, 0xae, 0x34, 0x2b, 0x5c, 0x19, 0x00, 0x41, 0x4f, 0x5e, 0xf0, 0x90,
0xf1, 0x6c, 0xeb, 0x4d, 0xe8, 0x04, 0x43, 0x3c, 0x7d, 0xb6, 0xeb, 0x94, 0x71, 0xf5, 0xf9, 0x9e,
0xc1, 0x3a, 0x1a, 0x7d, 0xfa, 0xcd, 0xde, 0xd1, 0x80, 0xc9, 0xcc, 0x6c, 0x17, 0x16, 0xce, 0xa3,
0x38, 0x4c, 0xce, 0x8d, 0x4d, 0x43, 0x55, 0x17, 0x39, 0xfa, 0x08, 0xd6, 0x8d, 0x91, 0xfd, 0x9f,
0x22, 0x31, 0xb5, 0x94, 0xd3, 0xa8, 0x17, 0x35, 0xfa, 0xd0, 0xeb, 0x73, 0x76, 0x16, 0x25, 0x13,
0x91, 0x0b, 0xca, 0xa2, 0x76, 0x55, 0x21, 0x5b, 0x87, 0x16, 0x67, 0x27, 0x87, 0x7b, 0xe9, 0xfb,
0x23, 0xa1, 0x32, 0x4c, 0xab, 0x2b, 0x3d, 0x86, 0x5f, 0xa8, 0xd7, 0xf6, 0x0d, 0x45, 0x25, 0xac,
0xee, 0x86, 0xa1, 0x4e, 0xc3, 0x74, 0x8f, 0xcc, 0x56, 0x3d, 0x67, 0x2b, 0x97, 0xa3, 0x8d, 0x42,
0xa5, 0x73, 0xe0, 0xfa, 0x90, 0x33, 0xac, 0x64, 0xba, 0xa0, 0xa7, 0xa4, 0x5a, 0x61, 0x98, 0xf0,
0xc2, 0xd4, 0xb8, 0x94, 0xa4, 0xaf, 0x61, 0x63, 0x37, 0x0c, 0x73, 0x87, 0x4c, 0xb7, 0x5e, 0x85,
0x66, 0xc8, 0x78, 0xda, 0x6e, 0x43, 0xc6, 0xed, 0x07, 0x53, 0x29, 0xa0, 0x4a, 0x11, 0xee, 0xb8,
0xe4, 0xe3, 0xb7, 0x72, 0x30, 0x12, 0x62, 0x92, 0x55, 0x54, 0x43, 0xd1, 0x47, 0xd0, 0x2d, 0x6f,
0x66, 0x0a, 0x98, 0xba, 0xcc, 0xe8, 0x24, 0xad, 0x29, 0xea, 0x32, 0x91, 0xa2, 0x7d, 0x58, 0xc2,
0xa0, 0xca, 0x67, 0x49, 0x0e, 0x22, 0x90, 0x47, 0x70, 0x73, 0x22, 0xd8, 0xb1, 0x57, 0x0c, 0x7e,
0xf4, 0xb0, 0xed, 0xdb, 0x96, 0xe8, 0x73, 0xa0, 0x69, 0x53, 0x45, 0xcb, 0xf6, 0xb4, 0x29, 0xef,
0xd3, 0x85, 0x85, 0x60, 0x38, 0x94, 0xd9, 0xe1, 0x0d, 0x45, 0x2f, 0xe0, 0xd6, 0x01, 0xd3, 0x71,
0xff, 0x34, 0xe1, 0x85, 0x92, 0x35, 0x55, 0xa9, 0xe7, 0x55, 0xec, 0x95, 0xaa, 0xea, 0x20, 0xcd,
0xea, 0x83, 0xfc, 0xb3, 0x0e, 0xce, 0x01, 0x93, 0x3f, 0x1b, 0x32, 0x50, 0x0d, 0x93, 0xb3, 0x1f,
0x27, 0x11, 0x37, 0xbe, 0x5c, 0xea, 0x60, 0x6a, 0xfb, 0x65, 0x36, 0xfd, 0x47, 0x1d, 0x96, 0x4b,
0xf0, 0xe1, 0xd7, 0x69, 0x7b, 0xd7, 0x15, 0xf7, 0x8e, 0x4a, 0xf7, 0x39, 0xc8, 0x01, 0x65, 0xff,
0xff, 0xc8, 0xe1, 0x39, 0xdc, 0xdb, 0x0d, 0x43, 0x1b, 0x1a, 0xcc, 0x6e, 0xee, 0xa3, 0xa2, 0xa3,
0xf3, 0xac, 0x3d, 0x80, 0xd5, 0x12, 0xfe, 0xc4, 0x6b, 0x8b, 0xc2, 0xb4, 0x9e, 0xa8, 0x4f, 0x4a,
0x67, 0xa4, 0xbc, 0x19, 0xa4, 0xfb, 0x21, 0xac, 0x15, 0x64, 0xbc, 0x92, 0xa9, 0xa6, 0x36, 0x75,
0x09, 0x8e, 0x8f, 0x88, 0xc2, 0x92, 0xaf, 0x73, 0xe0, 0x0f, 0xd7, 0x98, 0xc4, 0x44, 0xae, 0xa6,
0x54, 0xde, 0x2a, 0x74, 0x63, 0x1e, 0x18, 0xbf, 0x55, 0x13, 0xe0, 0x29, 0xcc, 0xb8, 0x86, 0xf9,
0x9c, 0xd1, 0xf4, 0xaf, 0x0d, 0xd8, 0x7c, 0x1a, 0xc5, 0xc1, 0x28, 0xba, 0x64, 0x56, 0x1c, 0x6d,
0x49, 0x19, 0x83, 0xbb, 0x1a, 0x05, 0xdc, 0x95, 0xab, 0x45, 0xcd, 0x42, 0x2d, 0xc2, 0x86, 0x21,
0x25, 0x3b, 0x1d, 0xa7, 0x58, 0xac, 0xe3, 0x4f, 0x19, 0x64, 0x0f, 0xd6, 0xb0, 0xcf, 0x99, 0x4d,
0x87, 0x09, 0x0f, 0x85, 0xd3, 0xc2, 0x47, 0xea, 0xea, 0x47, 0x3a, 0x2e, 0x2d, 0xfb, 0xb3, 0x0a,
0xe4, 0x31, 0xac, 0x4c, 0x99, 0xfb, 0x9c, 0x27, 0x1c, 0xb1, 0xda, 0xa2, 0xb7, 0xae, 0x6d, 0xf4,
0x79, 0xf2, 0xfd, 0x88, 0x9d, 0xee, 0x31, 0x19, 0x44, 0x23, 0xe1, 0x97, 0x85, 0xbd, 0x7f, 0x3b,
0xb0, 0x3a, 0x90, 0x09, 0x0f, 0x4e, 0xd2, 0x5b, 0x90, 0x17, 0x64, 0x07, 0x56, 0x0e, 0x58, 0xa1,
0xb5, 0x13, 0x82, 0xfd, 0xac, 0x90, 0x6c, 0x2e, 0xd1, 0x5b, 0xe4, 0xb9, 0xb4, 0x46, 0x7e, 0x0b,
0xeb, 0x25, 0xe5, 0x27, 0x17, 0x6a, 0xde, 0x59, 0x56, 0x16, 0xa6, 0xf3, 0x4f, 0x85, 0xf6, 0x63,
0x58, 0x2d, 0x17, 0x01, 0x72, 0x73, 0x26, 0xb9, 0x0e, 0xf7, 0x5c, 0x5b, 0x20, 0xd3, 0x1a, 0xf9,
0x16, 0x0b, 0x98, 0x2d, 0x23, 0x08, 0x42, 0xfc, 0xf9, 0xc3, 0x53, 0x95, 0xd5, 0x63, 0xe8, 0xda,
0x27, 0x17, 0x72, 0xdf, 0x18, 0xad, 0x9e, 0x6a, 0xdc, 0x5b, 0x15, 0xa3, 0x05, 0xad, 0x91, 0x5f,
0xc1, 0xf2, 0x01, 0xcb, 0xe3, 0x44, 0x02, 0x4a, 0x58, 0x37, 0x4d, 0x77, 0x4d, 0x3b, 0x93, 0x5b,
0xa6, 0x35, 0xf2, 0x09, 0xac, 0xa9, 0x33, 0x70, 0x36, 0x7c, 0x1b, 0xad, 0x1d, 0x7c, 0x94, 0xd9,
0x21, 0x23, 0xaf, 0xb8, 0x81, 0xa8, 0xb1, 0x2c, 0x42, 0x6b, 0x64, 0x00, 0x4e, 0x15, 0x9e, 0x25,
0xbf, 0xc8, 0xa0, 0x66, 0x35, 0xda, 0x75, 0x57, 0xcb, 0x78, 0x94, 0xd6, 0xc8, 0x33, 0xe8, 0xda,
0x01, 0xa4, 0xbe, 0xd2, 0xb9, 0xe0, 0xd2, 0xed, 0x64, 0x22, 0xb4, 0x46, 0xbe, 0x86, 0xdb, 0x15,
0xd2, 0x88, 0xa4, 0xdf, 0xd6, 0xdc, 0xe7, 0xe0, 0xe2, 0xa7, 0xb5, 0xaa, 0x5a, 0xf3, 0xa0, 0xa0,
0xee, 0xc1, 0x62, 0x0e, 0x3b, 0x92, 0x6e, 0xb6, 0x56, 0x00, 0x93, 0x45, 0x9d, 0xbe, 0xd9, 0xd2,
0x8a, 0x7c, 0xc9, 0x87, 0x99, 0xe8, 0x3c, 0x64, 0x5c, 0xb4, 0xf8, 0x29, 0xdc, 0x28, 0x80, 0x4d,
0xe2, 0x64, 0xab, 0x25, 0xfc, 0x59, 0xd4, 0xfb, 0x0c, 0x6e, 0x14, 0xa0, 0xa5, 0xd6, 0xb3, 0xa1,
0x4d, 0x17, 0x43, 0x47, 0xb3, 0x68, 0x8d, 0xbc, 0x80, 0x0f, 0x2a, 0x11, 0x26, 0x79, 0xa0, 0x44,
0xaf, 0x02, 0xa0, 0x25, 0x83, 0xbf, 0xc3, 0x38, 0x2f, 0x76, 0x11, 0xb2, 0x6e, 0xa9, 0x04, 0x5e,
0x55, 0xd2, 0x3e, 0x03, 0x32, 0x83, 0x27, 0x3c, 0xb2, 0x69, 0x12, 0xd6, 0x7e, 0x89, 0x64, 0xb6,
0x8f, 0xd3, 0x1a, 0x79, 0x89, 0xc8, 0xc4, 0x16, 0x10, 0xde, 0xfb, 0x54, 0x95, 0xc7, 0x26, 0x70,
0xad, 0x91, 0xe6, 0x5d, 0x1d, 0x6a, 0x7f, 0x86, 0xcd, 0x39, 0xd0, 0xcf, 0x23, 0x0f, 0xf3, 0xb5,
0xa9, 0x1a, 0x1c, 0x56, 0x1c, 0xfa, 0x1b, 0xe3, 0x9d, 0x35, 0xe8, 0xbc, 0x77, 0x8a, 0x4a, 0x1f,
0x8b, 0xf3, 0xb1, 0xcd, 0xdc, 0x1b, 0xd4, 0x51, 0xbb, 0x9b, 0x3b, 0xb0, 0x72, 0xc4, 0xce, 0x4b,
0xbd, 0x6a, 0xa6, 0xb3, 0x54, 0x74, 0x9b, 0xcf, 0x80, 0xe8, 0x1f, 0x45, 0xae, 0xd4, 0x5f, 0xd4,
0xbc, 0xfd, 0xd3, 0xb1, 0xbc, 0xa0, 0x35, 0xb2, 0x0f, 0xb7, 0x8e, 0xd8, 0xb9, 0xb5, 0xcd, 0xd8,
0x1e, 0xbb, 0x2a, 0x02, 0x76, 0x60, 0xc3, 0x8a, 0x41, 0xec, 0x46, 0x4a, 0x3e, 0x1c, 0xc2, 0x72,
0x71, 0xfa, 0x20, 0x1f, 0xe0, 0x0d, 0xd9, 0xc6, 0x1f, 0xd7, 0xb5, 0x2d, 0x19, 0x28, 0xa4, 0x6a,
0xde, 0x9a, 0xc2, 0x91, 0xc5, 0xa6, 0x32, 0xc7, 0x5a, 0xc9, 0x93, 0x47, 0xd0, 0xc9, 0x46, 0x3d,
0x93, 0xa3, 0xa5, 0xc9, 0xaf, 0xac, 0xb1, 0x03, 0xdd, 0x3d, 0x16, 0x0c, 0x65, 0x74, 0x36, 0x7b,
0xf9, 0xb3, 0x51, 0x5f, 0x52, 0xfe, 0x1c, 0x6e, 0x4d, 0x95, 0xdf, 0x00, 0x2a, 0x94, 0xd4, 0x1f,
0x42, 0xfb, 0x88, 0x9d, 0x63, 0x3e, 0x10, 0xb3, 0x84, 0x84, 0x9b, 0x27, 0xf0, 0x54, 0x64, 0x60,
0x66, 0xa1, 0x3e, 0x4f, 0x86, 0x4c, 0x88, 0x28, 0x3e, 0xb1, 0x6a, 0xa4, 0x96, 0x7f, 0x09, 0x37,
0x52, 0x0d, 0x44, 0x57, 0x57, 0x09, 0xa7, 0x6f, 0x5f, 0xed, 0xcb, 0x54, 0xb8, 0x9d, 0xce, 0x65,
0x04, 0xbb, 0x69, 0x7e, 0x8a, 0x2c, 0x3b, 0xfe, 0x27, 0xb8, 0x3d, 0x27, 0xeb, 0xdf, 0xb3, 0x2c,
0x68, 0x80, 0x56, 0x98, 0x10, 0xc9, 0x6d, 0x63, 0xd1, 0x36, 0x37, 0x96, 0x9d, 0x3b, 0x98, 0xad,
0xeb, 0xe2, 0x9d, 0x8a, 0xf2, 0x77, 0xe0, 0x54, 0xcd, 0x3e, 0x1a, 0x95, 0x5c, 0x31, 0x19, 0xb9,
0xb6, 0x66, 0x62, 0x3a, 0xcf, 0xcc, 0x54, 0xa2, 0x3d, 0xac, 0x1a, 0x56, 0xca, 0xaf, 0xe5, 0x03,
0x39, 0x62, 0xe7, 0xe5, 0x12, 0xf7, 0x46, 0x4e, 0x6d, 0xcc, 0x38, 0xe5, 0x69, 0xaf, 0x0e, 0xa1,
0x6b, 0x2d, 0x15, 0x1e, 0xe9, 0x61, 0x8b, 0x9e, 0x33, 0xca, 0x94, 0xdd, 0xfb, 0x02, 0x9c, 0x8a,
0xfc, 0xa9, 0xea, 0xb0, 0x45, 0x03, 0x4f, 0xae, 0xff, 0xb1, 0x85, 0xff, 0x79, 0xfc, 0x2f, 0x00,
0x00, 0xff, 0xff, 0x50, 0xdd, 0x35, 0xd0, 0x22, 0x19, 0x00, 0x00,
// 1717 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0xdd, 0x6e, 0xdb, 0xc8,
0x15, 0xd6, 0x8f, 0x65, 0x4b, 0xc7, 0x7f, 0xd2, 0xc4, 0x56, 0xb9, 0x8a, 0x9d, 0xc8, 0xb3, 0xd9,
0xc0, 0x8b, 0x02, 0x5e, 0x97, 0x5d, 0xec, 0x16, 0x70, 0x9b, 0xc4, 0x8e, 0x1c, 0xc7, 0x69, 0x62,
0x2b, 0x54, 0xe3, 0x16, 0x45, 0x6f, 0x18, 0x71, 0xa2, 0xb0, 0x91, 0x49, 0x65, 0x66, 0x64, 0x47,
0xbe, 0x2e, 0xd0, 0x3e, 0x41, 0xd1, 0xcb, 0x3e, 0x47, 0x5f, 0xa2, 0xcf, 0xd2, 0x37, 0x28, 0xe6,
0x70, 0x48, 0x91, 0x14, 0x29, 0xd7, 0x68, 0xd1, 0xbb, 0x39, 0x67, 0xce, 0xdf, 0xcc, 0x9c, 0x9f,
0x8f, 0x84, 0x86, 0xb0, 0xbf, 0x1b, 0x71, 0x5f, 0xfa, 0xdf, 0x09, 0x7b, 0x0f, 0x17, 0xa4, 0x24,
0xec, 0xd6, 0x66, 0xdf, 0xe7, 0x4c, 0x6f, 0xa8, 0x65, 0xb0, 0x45, 0xdb, 0xb0, 0x66, 0xb1, 0x81,
0x2b, 0x24, 0xb7, 0xa5, 0xeb, 0x7b, 0xa7, 0x1d, 0xb2, 0x06, 0x25, 0xd7, 0x31, 0x8a, 0xed, 0xe2,
0x6e, 0xd9, 0x2a, 0xb9, 0x0e, 0x7d, 0x00, 0xf0, 0xaa, 0x77, 0x7e, 0xf6, 0x5b, 0xf6, 0xfe, 0xd7,
0x6c, 0x42, 0xea, 0x50, 0xfe, 0xe3, 0xf5, 0x27, 0xdc, 0x5e, 0xb1, 0xd4, 0x92, 0xee, 0xc0, 0xfa,
0xe1, 0x58, 0x7e, 0xf4, 0xb9, 0x7b, 0x33, 0x6b, 0xa2, 0x86, 0x26, 0xfe, 0x51, 0x84, 0x07, 0x27,
0x4c, 0x76, 0x99, 0xe7, 0xb8, 0xde, 0x20, 0x21, 0x6d, 0xb1, 0xcf, 0x63, 0x26, 0x24, 0x79, 0x0c,
0x6b, 0x3c, 0x11, 0x87, 0x8e, 0x20, 0xc5, 0x55, 0x72, 0xae, 0xc3, 0x3c, 0xe9, 0x7e, 0x70, 0x19,
0xff, 0xcd, 0x64, 0xc4, 0x8c, 0x12, 0xba, 0x49, 0x71, 0xc9, 0x2e, 0xac, 0x4f, 0x39, 0x17, 0xf6,
0x70, 0xcc, 0x8c, 0x32, 0x0a, 0xa6, 0xd9, 0xe4, 0x01, 0xc0, 0x95, 0x3d, 0x74, 0x9d, 0x77, 0x9e,
0x74, 0x87, 0xc6, 0x02, 0x7a, 0x8d, 0x71, 0xa8, 0x80, 0xed, 0x13, 0x26, 0x2f, 0x14, 0x23, 0x11,
0xb9, 0xb8, 0x6b, 0xe8, 0x06, 0x2c, 0x39, 0xfe, 0xa5, 0xed, 0x7a, 0xc2, 0x28, 0xb5, 0xcb, 0xbb,
0x35, 0x2b, 0x24, 0xd5, 0xa5, 0x7a, 0xfe, 0x35, 0x06, 0x58, 0xb6, 0xd4, 0x92, 0xfe, 0xbd, 0x08,
0xf7, 0x32, 0x5c, 0x92, 0x5f, 0x40, 0x05, 0x43, 0x33, 0x8a, 0xed, 0xf2, 0xee, 0xb2, 0x49, 0xf7,
0x84, 0xbd, 0x97, 0x21, 0xb7, 0xf7, 0xc6, 0x1e, 0x1d, 0x0f, 0xd9, 0x25, 0xf3, 0xa4, 0x15, 0x28,
0xb4, 0xce, 0x01, 0xa6, 0x4c, 0xd2, 0x84, 0xc5, 0xc0, 0xb9, 0x7e, 0x25, 0x4d, 0x91, 0x6f, 0xa1,
0x62, 0x8f, 0xe5, 0xc7, 0x1b, 0xbc, 0xd5, 0x65, 0xf3, 0xde, 0x1e, 0xa6, 0x4a, 0xf2, 0xc5, 0x02,
0x09, 0xfa, 0xcf, 0x12, 0x34, 0x9e, 0x33, 0xae, 0xae, 0xb2, 0x6f, 0x4b, 0xd6, 0x93, 0xb6, 0x1c,
0x0b, 0x65, 0x58, 0x30, 0xee, 0xda, 0xc3, 0xd0, 0x70, 0x40, 0x21, 0x1f, 0x25, 0xf4, 0x33, 0x68,
0x4a, 0xbd, 0x93, 0xdf, 0x17, 0xa3, 0xd7, 0xb6, 0x90, 0xef, 0x46, 0x8e, 0x2d, 0x99, 0xa3, 0x9f,
0x20, 0xcd, 0x26, 0x6d, 0x58, 0xe6, 0xec, 0xca, 0xff, 0xc4, 0x9c, 0x8e, 0x2d, 0x99, 0x51, 0x41,
0xa9, 0x38, 0x8b, 0x3c, 0x82, 0x55, 0x4d, 0x5a, 0xcc, 0x16, 0xbe, 0x67, 0x2c, 0xa2, 0x4c, 0x92,
0x49, 0xbe, 0x87, 0xcd, 0xa1, 0x2d, 0xe4, 0xf1, 0x97, 0x91, 0x1b, 0x3c, 0xcd, 0x99, 0x3d, 0xe8,
0x31, 0x4f, 0x1a, 0x4b, 0x28, 0x9d, 0xbd, 0x49, 0x28, 0xac, 0xa8, 0x80, 0x2c, 0x26, 0x46, 0xbe,
0x27, 0x98, 0x51, 0xc5, 0x02, 0x48, 0xf0, 0x48, 0x0b, 0xaa, 0x9e, 0x2f, 0x0f, 0x3f, 0x48, 0xc6,
0x8d, 0x1a, 0x1a, 0x8b, 0x68, 0xb2, 0x05, 0x35, 0x57, 0xa0, 0x59, 0xe6, 0x18, 0xd0, 0x2e, 0xee,
0x56, 0xad, 0x29, 0xe3, 0xd5, 0x42, 0xb5, 0x54, 0x2f, 0xd3, 0x36, 0x2c, 0xf6, 0xa6, 0xb7, 0x95,
0x71, 0x8b, 0xf4, 0x00, 0x2a, 0x96, 0xed, 0x0d, 0xd0, 0x15, 0xb3, 0xf9, 0xd0, 0x65, 0x42, 0xea,
0x6c, 0x8b, 0x68, 0xa5, 0x3c, 0xb4, 0xa5, 0xda, 0x29, 0xe1, 0x8e, 0xa6, 0xe8, 0x36, 0x54, 0x9e,
0xfb, 0x63, 0x4f, 0x92, 0x0d, 0xa8, 0xf4, 0xd5, 0x42, 0x6b, 0x06, 0x04, 0xfd, 0x1d, 0x3c, 0xc4,
0xed, 0xd8, 0x9b, 0x8a, 0xa3, 0xc9, 0x99, 0x7d, 0xc9, 0xa2, 0x4c, 0x7f, 0x08, 0x15, 0xae, 0xdc,
0xa3, 0xe2, 0xb2, 0x59, 0x53, 0xd9, 0x87, 0xf1, 0x58, 0x01, 0x5f, 0x59, 0xf6, 0x94, 0x82, 0x4e,
0xf0, 0x80, 0xa0, 0x7f, 0x2e, 0xc2, 0x0a, 0x9a, 0xd6, 0xe6, 0xc8, 0x53, 0x58, 0xe9, 0xc7, 0x68,
0x9d, 0xcc, 0xf7, 0x95, 0xb9, 0xb8, 0x5c, 0x3c, 0x8b, 0x13, 0x0a, 0xad, 0x1f, 0x12, 0xc9, 0x4c,
0x60, 0x41, 0x39, 0xd2, 0x77, 0x85, 0xeb, 0xe9, 0x19, 0x4b, 0xf1, 0x33, 0x76, 0x61, 0x1b, 0x1d,
0xc4, 0x5b, 0x9e, 0x38, 0x9a, 0x9c, 0x76, 0xc3, 0x13, 0xaa, 0xce, 0x35, 0xd2, 0xdd, 0xad, 0xe4,
0x8e, 0xa6, 0x27, 0x2e, 0x65, 0x9f, 0x98, 0xfe, 0xa5, 0x08, 0x3b, 0x68, 0xf2, 0xd4, 0xbb, 0xfa,
0xef, 0x5b, 0x44, 0x0b, 0xaa, 0x1f, 0x7d, 0x21, 0xf1, 0x34, 0x41, 0x5f, 0x8b, 0xe8, 0x69, 0x28,
0xe5, 0x9c, 0x50, 0x7a, 0x40, 0x30, 0x92, 0x73, 0xee, 0x30, 0x1e, 0xb9, 0xde, 0x82, 0x9a, 0xdd,
0xc7, 0xd3, 0x47, 0x5e, 0xa7, 0x8c, 0xdb, 0xcf, 0xf7, 0x12, 0x36, 0xd0, 0xe8, 0x8b, 0xb7, 0x9d,
0xb3, 0x1e, 0x93, 0x91, 0xd9, 0x26, 0x2c, 0x5e, 0xbb, 0x9e, 0xe3, 0x5f, 0x6b, 0x9b, 0x9a, 0xca,
0x6f, 0x72, 0x74, 0x1f, 0x36, 0xb4, 0x91, 0xe3, 0x2f, 0xae, 0x98, 0x5a, 0x8a, 0x69, 0x14, 0x93,
0x1a, 0x5d, 0x68, 0x77, 0x39, 0xbb, 0x72, 0xfd, 0xb1, 0x88, 0x25, 0x65, 0x52, 0x3b, 0xaf, 0x91,
0x6d, 0x40, 0x85, 0xb3, 0xc1, 0x69, 0x27, 0x7c, 0x7f, 0x24, 0x54, 0x85, 0x05, 0xea, 0x4a, 0x8f,
0xe1, 0x0a, 0xf5, 0xaa, 0x96, 0xa6, 0xa8, 0x84, 0xfa, 0xa1, 0xe3, 0x04, 0x65, 0x18, 0xfa, 0x88,
0x6c, 0x15, 0x63, 0xb6, 0x62, 0x35, 0x5a, 0x4a, 0x74, 0x3a, 0x03, 0x96, 0xfa, 0x9c, 0x61, 0x27,
0x0b, 0x1a, 0x7a, 0x48, 0xaa, 0x1d, 0x86, 0x05, 0x2f, 0x74, 0x8f, 0x0b, 0x49, 0xfa, 0x09, 0x36,
0x0f, 0x1d, 0x27, 0x76, 0xc8, 0xd0, 0x75, 0x1d, 0xca, 0x0e, 0xe3, 0xe1, 0xb8, 0x75, 0x18, 0xcf,
0x3e, 0x98, 0x2a, 0x01, 0xd5, 0x8a, 0xd0, 0xe3, 0x8a, 0x85, 0x6b, 0x15, 0xa0, 0x2b, 0xc4, 0x38,
0xea, 0xa8, 0x9a, 0xa2, 0xfb, 0xd0, 0x4c, 0x3b, 0xd3, 0x0d, 0x4c, 0x5d, 0xa6, 0x3b, 0x08, 0x7b,
0x8a, 0xba, 0x4c, 0xa4, 0x68, 0x17, 0x56, 0x30, 0xa9, 0xe2, 0x55, 0x12, 0x83, 0x08, 0x64, 0x1f,
0xee, 0x8d, 0x05, 0xbb, 0x30, 0x93, 0xc9, 0x8f, 0x11, 0x56, 0xad, 0xac, 0x2d, 0xfa, 0x1a, 0x68,
0x38, 0x54, 0xd1, 0x72, 0x76, 0xd9, 0xa4, 0xfd, 0x34, 0x61, 0xd1, 0xee, 0xf7, 0x65, 0x74, 0x78,
0x4d, 0xd1, 0x09, 0xfc, 0xe4, 0x84, 0x05, 0x79, 0xff, 0xc2, 0xe7, 0x89, 0x96, 0x35, 0x55, 0x29,
0xc6, 0x55, 0xb2, 0x3b, 0x55, 0xde, 0x41, 0xca, 0xf9, 0x07, 0xf9, 0x5b, 0x11, 0x8c, 0x13, 0x26,
0xff, 0x6f, 0xc8, 0x40, 0x0d, 0x4c, 0xce, 0x3e, 0x8f, 0x5d, 0xae, 0x63, 0xb9, 0x09, 0x92, 0xa9,
0x6a, 0xa5, 0xd9, 0xf4, 0xaf, 0x45, 0x58, 0x4b, 0xc1, 0x87, 0x9f, 0x87, 0xe3, 0x3d, 0xe8, 0xb8,
0xdb, 0xaa, 0xdc, 0xe7, 0x20, 0x07, 0x94, 0xfd, 0xdf, 0x23, 0x87, 0xd7, 0xf0, 0xf0, 0xd0, 0x71,
0xb2, 0xd0, 0x60, 0x74, 0x73, 0xdf, 0x26, 0x03, 0x9d, 0x67, 0xed, 0x11, 0xd4, 0x53, 0xf8, 0x13,
0xaf, 0xcd, 0x75, 0xc2, 0x7e, 0xa2, 0x96, 0x94, 0xce, 0x48, 0x99, 0x33, 0x48, 0xf7, 0x1b, 0x68,
0x24, 0x64, 0xcc, 0x94, 0xa9, 0x72, 0x60, 0xea, 0x06, 0x0c, 0x0b, 0x11, 0x45, 0x46, 0xbd, 0xce,
0x81, 0x3f, 0x3c, 0xc0, 0x24, 0x3a, 0x73, 0x03, 0x4a, 0xd5, 0xad, 0x42, 0x37, 0xfa, 0x81, 0x71,
0xad, 0x86, 0x00, 0x0f, 0x61, 0xc6, 0x02, 0xd6, 0x73, 0x44, 0xd3, 0x3f, 0x95, 0x60, 0xeb, 0x85,
0xeb, 0xd9, 0x43, 0xf7, 0x86, 0x65, 0xe2, 0xe8, 0x8c, 0x92, 0xd1, 0xb8, 0xab, 0x94, 0xc0, 0x5d,
0xb1, 0x5e, 0x54, 0x4e, 0xf4, 0x22, 0x1c, 0x18, 0x52, 0xb2, 0xcb, 0x51, 0x88, 0xc5, 0x6a, 0xd6,
0x94, 0x41, 0x3a, 0xd0, 0xc0, 0x39, 0xa7, 0x9d, 0xf6, 0x7d, 0xee, 0x08, 0xa3, 0x82, 0x8f, 0xd4,
0x0c, 0x1e, 0xe9, 0x22, 0xb5, 0x6d, 0xcd, 0x2a, 0x90, 0x27, 0xb0, 0x3e, 0x65, 0x1e, 0x73, 0xee,
0x73, 0xc4, 0x6a, 0xcb, 0xe6, 0x46, 0x60, 0xa3, 0xcb, 0xfd, 0xf7, 0x43, 0x76, 0xd9, 0x61, 0xd2,
0x76, 0x87, 0xc2, 0x4a, 0x0b, 0x9b, 0xff, 0x6a, 0x40, 0xbd, 0x27, 0x7d, 0x6e, 0x0f, 0xc2, 0x5b,
0x90, 0x13, 0x72, 0x00, 0xeb, 0x27, 0x2c, 0x31, 0xda, 0x09, 0xc1, 0x79, 0x96, 0x28, 0xb6, 0x16,
0x09, 0x5c, 0xc4, 0xb9, 0xb4, 0x40, 0x7e, 0x09, 0x1b, 0x29, 0xe5, 0xa3, 0x89, 0xfa, 0xde, 0x59,
0x53, 0x16, 0xa6, 0xdf, 0x3f, 0x39, 0xda, 0x3f, 0x83, 0xb5, 0x13, 0x16, 0x47, 0x4e, 0x04, 0x94,
0x5e, 0x30, 0x46, 0x5a, 0x8d, 0x40, 0x27, 0xb6, 0x4d, 0x0b, 0xe4, 0x7b, 0x68, 0xa8, 0x4f, 0x22,
0xce, 0xfa, 0x77, 0xd1, 0x3a, 0xc0, 0x30, 0x67, 0x61, 0x77, 0x5c, 0x71, 0x13, 0x71, 0x54, 0x5a,
0x84, 0x16, 0x48, 0x0f, 0x8c, 0x3c, 0x84, 0x47, 0xbe, 0x8e, 0xc0, 0x57, 0x3e, 0xfe, 0x6b, 0xd5,
0xd3, 0x08, 0x8d, 0x16, 0xc8, 0x4b, 0x68, 0x66, 0x43, 0x2a, 0xb2, 0x13, 0x49, 0xe7, 0xc1, 0xad,
0x56, 0x2d, 0x12, 0xa1, 0x05, 0xf2, 0x06, 0xee, 0xe7, 0x48, 0x23, 0xb6, 0xbc, 0xab, 0x39, 0x13,
0x96, 0x63, 0x70, 0x88, 0x34, 0xa3, 0xbd, 0x04, 0x3e, 0x4a, 0xea, 0xfc, 0x00, 0xab, 0x09, 0xb4,
0x43, 0x8c, 0x68, 0x37, 0x05, 0x80, 0x92, 0x7a, 0x3f, 0xc2, 0x6a, 0x02, 0xdb, 0x04, 0x7a, 0x59,
0x70, 0xa7, 0x85, 0x2f, 0x15, 0xb0, 0x68, 0x81, 0x9c, 0xc3, 0x57, 0xb9, 0x10, 0x87, 0x3c, 0x52,
0xa2, 0xb7, 0x21, 0xa0, 0x94, 0xc1, 0x67, 0x98, 0x56, 0xc9, 0x36, 0x46, 0x36, 0x66, 0xfa, 0xfc,
0x69, 0xc7, 0x6c, 0x65, 0x35, 0x55, 0x7c, 0x50, 0x32, 0x33, 0xd0, 0x4c, 0xb2, 0xa5, 0x4c, 0xe4,
0x0d, 0xba, 0x16, 0x99, 0x1d, 0x24, 0xb4, 0x40, 0xde, 0xe1, 0x68, 0xcc, 0xea, 0xf3, 0x26, 0xa1,
0xda, 0xde, 0x9c, 0x7f, 0x02, 0x79, 0x01, 0x3e, 0xd1, 0x79, 0x92, 0x39, 0x40, 0xcc, 0xcc, 0x9a,
0x4f, 0x3c, 0xd6, 0x1f, 0x60, 0x6b, 0x0e, 0xf6, 0x30, 0xc9, 0x63, 0x1d, 0xda, 0x2d, 0xe8, 0x24,
0xe7, 0xd0, 0x6f, 0x75, 0x74, 0x99, 0xdf, 0x03, 0x26, 0xf9, 0x26, 0x8a, 0x64, 0xde, 0x07, 0x43,
0x32, 0x60, 0x0b, 0xe1, 0xcd, 0x45, 0x96, 0xb9, 0x9d, 0x78, 0xac, 0x77, 0x09, 0xf3, 0x00, 0xd6,
0xcf, 0xd8, 0x75, 0xaa, 0x59, 0xce, 0xb4, 0xb6, 0x9c, 0x76, 0xf7, 0x23, 0x90, 0xe0, 0xab, 0xfc,
0x56, 0xfd, 0xe5, 0x80, 0x77, 0x7c, 0x39, 0x92, 0x13, 0x5a, 0x20, 0xa7, 0xb0, 0x96, 0x84, 0x9e,
0xe4, 0x2b, 0x8c, 0x2e, 0x0b, 0xfb, 0xb6, 0x5a, 0x59, 0x5b, 0x7a, 0x0e, 0x16, 0xc8, 0xaf, 0xa0,
0xa1, 0x40, 0x44, 0xb2, 0x7f, 0xce, 0xb1, 0x96, 0x8a, 0x64, 0x1f, 0x6a, 0x11, 0xce, 0xd7, 0xf5,
0x91, 0x82, 0xfd, 0x69, 0x8d, 0x03, 0x68, 0x76, 0x98, 0xdd, 0x97, 0xee, 0xd5, 0xec, 0xc1, 0x67,
0x33, 0x2e, 0xa5, 0xfc, 0x18, 0xaa, 0x67, 0xec, 0x1a, 0x93, 0x89, 0xe8, 0x2d, 0x24, 0x5a, 0x71,
0x02, 0xc3, 0x22, 0x3d, 0x8d, 0x64, 0xbb, 0xdc, 0xef, 0x33, 0x21, 0x5c, 0x6f, 0x90, 0xa9, 0x11,
0x5a, 0xfe, 0x29, 0xac, 0x86, 0x1a, 0x38, 0x1b, 0x6f, 0x13, 0x0e, 0xd1, 0x43, 0x7e, 0x2c, 0x53,
0xe1, 0x6a, 0x88, 0xaa, 0x09, 0x76, 0xfe, 0xf8, 0x37, 0x40, 0x3a, 0xf0, 0x27, 0x50, 0x4f, 0x43,
0x70, 0x72, 0x5f, 0x27, 0x67, 0x16, 0x30, 0x4f, 0xeb, 0x3f, 0x83, 0xc6, 0x0c, 0xa8, 0x0a, 0x9a,
0x4e, 0x1e, 0xd6, 0x4a, 0x87, 0x6b, 0x01, 0x39, 0x63, 0xd7, 0xe9, 0x02, 0xf9, 0x5a, 0x3f, 0xed,
0x3c, 0xb4, 0x19, 0x4c, 0xcc, 0x19, 0xe8, 0x87, 0xf9, 0xda, 0xcc, 0x44, 0x5b, 0x26, 0x69, 0x63,
0x83, 0x9f, 0x83, 0xc4, 0xd2, 0xe1, 0x3d, 0x05, 0x63, 0x9a, 0x3e, 0xff, 0x51, 0x7f, 0x4e, 0x1a,
0x38, 0x5a, 0xfa, 0x7d, 0x05, 0x7f, 0xd9, 0xfe, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x7e, 0xd6, 0x49,
0xb0, 0xe1, 0x15, 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
@ -1971,20 +1964,15 @@ type StorageAuthorityClient interface {
// Getters
GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto1.Registration, error)
GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto1.Registration, error)
GetAuthorization(ctx context.Context, in *AuthorizationID, opts ...grpc.CallOption) (*proto1.Authorization, error)
GetPendingAuthorization(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto1.Authorization, error)
GetValidAuthorizations(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*ValidAuthorizations, error)
GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto1.Certificate, error)
GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto1.Certificate, error)
GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*CertificateStatus, error)
CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error)
CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
CountPendingAuthorizations(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error)
CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error)
// Return a count of authorizations with status "invalid" that belong to
// a given registration ID and expire in the given time range.
CountInvalidAuthorizations(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error)
CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error)
FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error)
PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
@ -1998,22 +1986,16 @@ type StorageAuthorityClient interface {
// Adders
NewRegistration(ctx context.Context, in *proto1.Registration, opts ...grpc.CallOption) (*proto1.Registration, error)
UpdateRegistration(ctx context.Context, in *proto1.Registration, opts ...grpc.CallOption) (*proto1.Empty, error)
NewPendingAuthorization(ctx context.Context, in *proto1.Authorization, opts ...grpc.CallOption) (*proto1.Authorization, error)
FinalizeAuthorization(ctx context.Context, in *proto1.Authorization, opts ...grpc.CallOption) (*proto1.Empty, error)
AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error)
AddPrecertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*proto1.Empty, error)
AddSerial(ctx context.Context, in *AddSerialRequest, opts ...grpc.CallOption) (*proto1.Empty, error)
DeactivateRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto1.Empty, error)
DeactivateAuthorization(ctx context.Context, in *AuthorizationID, opts ...grpc.CallOption) (*proto1.Empty, error)
NewOrder(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Order, error)
SetOrderProcessing(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Empty, error)
SetOrderError(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Empty, error)
FinalizeOrder(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Empty, error)
GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto1.Order, error)
GetValidOrderAuthorizations(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto1.Order, error)
GetAuthorizations(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
AddPendingAuthorizations(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*AuthorizationIDs, error)
RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*proto1.Empty, error)
NewAuthorizations2(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*Authorization2IDs, error)
FinalizeAuthorization2(ctx context.Context, in *FinalizeAuthorizationRequest, opts ...grpc.CallOption) (*proto1.Empty, error)
@ -2046,33 +2028,6 @@ func (c *storageAuthorityClient) GetRegistrationByKey(ctx context.Context, in *J
return out, nil
}
func (c *storageAuthorityClient) GetAuthorization(ctx context.Context, in *AuthorizationID, opts ...grpc.CallOption) (*proto1.Authorization, error) {
out := new(proto1.Authorization)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetAuthorization", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) GetPendingAuthorization(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto1.Authorization, error) {
out := new(proto1.Authorization)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetPendingAuthorization", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) GetValidAuthorizations(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*ValidAuthorizations, error) {
out := new(ValidAuthorizations)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetValidAuthorizations", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto1.Certificate, error) {
out := new(proto1.Certificate)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetCertificate", in, out, opts...)
@ -2127,15 +2082,6 @@ func (c *storageAuthorityClient) CountRegistrationsByIPRange(ctx context.Context
return out, nil
}
func (c *storageAuthorityClient) CountPendingAuthorizations(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) {
out := new(Count)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountPendingAuthorizations", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) {
out := new(Count)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountOrders", in, out, opts...)
@ -2145,15 +2091,6 @@ func (c *storageAuthorityClient) CountOrders(ctx context.Context, in *CountOrder
return out, nil
}
func (c *storageAuthorityClient) CountInvalidAuthorizations(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) {
out := new(Count)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountInvalidAuthorizations", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error) {
out := new(Count)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountFQDNSets", in, out, opts...)
@ -2262,24 +2199,6 @@ func (c *storageAuthorityClient) UpdateRegistration(ctx context.Context, in *pro
return out, nil
}
func (c *storageAuthorityClient) NewPendingAuthorization(ctx context.Context, in *proto1.Authorization, opts ...grpc.CallOption) (*proto1.Authorization, error) {
out := new(proto1.Authorization)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewPendingAuthorization", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) FinalizeAuthorization(ctx context.Context, in *proto1.Authorization, opts ...grpc.CallOption) (*proto1.Empty, error) {
out := new(proto1.Empty)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FinalizeAuthorization", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error) {
out := new(AddCertificateResponse)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddCertificate", in, out, opts...)
@ -2316,15 +2235,6 @@ func (c *storageAuthorityClient) DeactivateRegistration(ctx context.Context, in
return out, nil
}
func (c *storageAuthorityClient) DeactivateAuthorization(ctx context.Context, in *AuthorizationID, opts ...grpc.CallOption) (*proto1.Empty, error) {
out := new(proto1.Empty)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/DeactivateAuthorization", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) NewOrder(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Order, error) {
out := new(proto1.Order)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewOrder", in, out, opts...)
@ -2370,15 +2280,6 @@ func (c *storageAuthorityClient) GetOrder(ctx context.Context, in *OrderRequest,
return out, nil
}
func (c *storageAuthorityClient) GetValidOrderAuthorizations(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
out := new(Authorizations)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetValidOrderAuthorizations", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto1.Order, error) {
out := new(proto1.Order)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetOrderForNames", in, out, opts...)
@ -2388,24 +2289,6 @@ func (c *storageAuthorityClient) GetOrderForNames(ctx context.Context, in *GetOr
return out, nil
}
func (c *storageAuthorityClient) GetAuthorizations(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
out := new(Authorizations)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetAuthorizations", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) AddPendingAuthorizations(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*AuthorizationIDs, error) {
out := new(AuthorizationIDs)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddPendingAuthorizations", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*proto1.Empty, error) {
out := new(proto1.Empty)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/RevokeCertificate", in, out, opts...)
@ -2447,20 +2330,15 @@ type StorageAuthorityServer interface {
// Getters
GetRegistration(context.Context, *RegistrationID) (*proto1.Registration, error)
GetRegistrationByKey(context.Context, *JSONWebKey) (*proto1.Registration, error)
GetAuthorization(context.Context, *AuthorizationID) (*proto1.Authorization, error)
GetPendingAuthorization(context.Context, *GetPendingAuthorizationRequest) (*proto1.Authorization, error)
GetValidAuthorizations(context.Context, *GetValidAuthorizationsRequest) (*ValidAuthorizations, error)
GetCertificate(context.Context, *Serial) (*proto1.Certificate, error)
GetPrecertificate(context.Context, *Serial) (*proto1.Certificate, error)
GetCertificateStatus(context.Context, *Serial) (*CertificateStatus, error)
CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error)
CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
CountPendingAuthorizations(context.Context, *RegistrationID) (*Count, error)
CountOrders(context.Context, *CountOrdersRequest) (*Count, error)
// Return a count of authorizations with status "invalid" that belong to
// a given registration ID and expire in the given time range.
CountInvalidAuthorizations(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error)
CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error)
FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error)
PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error)
@ -2474,22 +2352,16 @@ type StorageAuthorityServer interface {
// Adders
NewRegistration(context.Context, *proto1.Registration) (*proto1.Registration, error)
UpdateRegistration(context.Context, *proto1.Registration) (*proto1.Empty, error)
NewPendingAuthorization(context.Context, *proto1.Authorization) (*proto1.Authorization, error)
FinalizeAuthorization(context.Context, *proto1.Authorization) (*proto1.Empty, error)
AddCertificate(context.Context, *AddCertificateRequest) (*AddCertificateResponse, error)
AddPrecertificate(context.Context, *AddCertificateRequest) (*proto1.Empty, error)
AddSerial(context.Context, *AddSerialRequest) (*proto1.Empty, error)
DeactivateRegistration(context.Context, *RegistrationID) (*proto1.Empty, error)
DeactivateAuthorization(context.Context, *AuthorizationID) (*proto1.Empty, error)
NewOrder(context.Context, *proto1.Order) (*proto1.Order, error)
SetOrderProcessing(context.Context, *proto1.Order) (*proto1.Empty, error)
SetOrderError(context.Context, *proto1.Order) (*proto1.Empty, error)
FinalizeOrder(context.Context, *proto1.Order) (*proto1.Empty, error)
GetOrder(context.Context, *OrderRequest) (*proto1.Order, error)
GetValidOrderAuthorizations(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error)
GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto1.Order, error)
GetAuthorizations(context.Context, *GetAuthorizationsRequest) (*Authorizations, error)
AddPendingAuthorizations(context.Context, *AddPendingAuthorizationsRequest) (*AuthorizationIDs, error)
RevokeCertificate(context.Context, *RevokeCertificateRequest) (*proto1.Empty, error)
NewAuthorizations2(context.Context, *AddPendingAuthorizationsRequest) (*Authorization2IDs, error)
FinalizeAuthorization2(context.Context, *FinalizeAuthorizationRequest) (*proto1.Empty, error)
@ -2506,15 +2378,6 @@ func (*UnimplementedStorageAuthorityServer) GetRegistration(ctx context.Context,
func (*UnimplementedStorageAuthorityServer) GetRegistrationByKey(ctx context.Context, req *JSONWebKey) (*proto1.Registration, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetRegistrationByKey not implemented")
}
func (*UnimplementedStorageAuthorityServer) GetAuthorization(ctx context.Context, req *AuthorizationID) (*proto1.Authorization, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetAuthorization not implemented")
}
func (*UnimplementedStorageAuthorityServer) GetPendingAuthorization(ctx context.Context, req *GetPendingAuthorizationRequest) (*proto1.Authorization, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetPendingAuthorization not implemented")
}
func (*UnimplementedStorageAuthorityServer) GetValidAuthorizations(ctx context.Context, req *GetValidAuthorizationsRequest) (*ValidAuthorizations, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetValidAuthorizations not implemented")
}
func (*UnimplementedStorageAuthorityServer) GetCertificate(ctx context.Context, req *Serial) (*proto1.Certificate, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetCertificate not implemented")
}
@ -2533,15 +2396,9 @@ func (*UnimplementedStorageAuthorityServer) CountRegistrationsByIP(ctx context.C
func (*UnimplementedStorageAuthorityServer) CountRegistrationsByIPRange(ctx context.Context, req *CountRegistrationsByIPRequest) (*Count, error) {
return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIPRange not implemented")
}
func (*UnimplementedStorageAuthorityServer) CountPendingAuthorizations(ctx context.Context, req *RegistrationID) (*Count, error) {
return nil, status.Errorf(codes.Unimplemented, "method CountPendingAuthorizations not implemented")
}
func (*UnimplementedStorageAuthorityServer) CountOrders(ctx context.Context, req *CountOrdersRequest) (*Count, error) {
return nil, status.Errorf(codes.Unimplemented, "method CountOrders not implemented")
}
func (*UnimplementedStorageAuthorityServer) CountInvalidAuthorizations(ctx context.Context, req *CountInvalidAuthorizationsRequest) (*Count, error) {
return nil, status.Errorf(codes.Unimplemented, "method CountInvalidAuthorizations not implemented")
}
func (*UnimplementedStorageAuthorityServer) CountFQDNSets(ctx context.Context, req *CountFQDNSetsRequest) (*Count, error) {
return nil, status.Errorf(codes.Unimplemented, "method CountFQDNSets not implemented")
}
@ -2578,12 +2435,6 @@ func (*UnimplementedStorageAuthorityServer) NewRegistration(ctx context.Context,
func (*UnimplementedStorageAuthorityServer) UpdateRegistration(ctx context.Context, req *proto1.Registration) (*proto1.Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method UpdateRegistration not implemented")
}
func (*UnimplementedStorageAuthorityServer) NewPendingAuthorization(ctx context.Context, req *proto1.Authorization) (*proto1.Authorization, error) {
return nil, status.Errorf(codes.Unimplemented, "method NewPendingAuthorization not implemented")
}
func (*UnimplementedStorageAuthorityServer) FinalizeAuthorization(ctx context.Context, req *proto1.Authorization) (*proto1.Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method FinalizeAuthorization not implemented")
}
func (*UnimplementedStorageAuthorityServer) AddCertificate(ctx context.Context, req *AddCertificateRequest) (*AddCertificateResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method AddCertificate not implemented")
}
@ -2596,9 +2447,6 @@ func (*UnimplementedStorageAuthorityServer) AddSerial(ctx context.Context, req *
func (*UnimplementedStorageAuthorityServer) DeactivateRegistration(ctx context.Context, req *RegistrationID) (*proto1.Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method DeactivateRegistration not implemented")
}
func (*UnimplementedStorageAuthorityServer) DeactivateAuthorization(ctx context.Context, req *AuthorizationID) (*proto1.Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method DeactivateAuthorization not implemented")
}
func (*UnimplementedStorageAuthorityServer) NewOrder(ctx context.Context, req *proto1.Order) (*proto1.Order, error) {
return nil, status.Errorf(codes.Unimplemented, "method NewOrder not implemented")
}
@ -2614,18 +2462,9 @@ func (*UnimplementedStorageAuthorityServer) FinalizeOrder(ctx context.Context, r
func (*UnimplementedStorageAuthorityServer) GetOrder(ctx context.Context, req *OrderRequest) (*proto1.Order, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetOrder not implemented")
}
func (*UnimplementedStorageAuthorityServer) GetValidOrderAuthorizations(ctx context.Context, req *GetValidOrderAuthorizationsRequest) (*Authorizations, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetValidOrderAuthorizations not implemented")
}
func (*UnimplementedStorageAuthorityServer) GetOrderForNames(ctx context.Context, req *GetOrderForNamesRequest) (*proto1.Order, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetOrderForNames not implemented")
}
func (*UnimplementedStorageAuthorityServer) GetAuthorizations(ctx context.Context, req *GetAuthorizationsRequest) (*Authorizations, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetAuthorizations not implemented")
}
func (*UnimplementedStorageAuthorityServer) AddPendingAuthorizations(ctx context.Context, req *AddPendingAuthorizationsRequest) (*AuthorizationIDs, error) {
return nil, status.Errorf(codes.Unimplemented, "method AddPendingAuthorizations not implemented")
}
func (*UnimplementedStorageAuthorityServer) RevokeCertificate(ctx context.Context, req *RevokeCertificateRequest) (*proto1.Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method RevokeCertificate not implemented")
}
@ -2679,60 +2518,6 @@ func _StorageAuthority_GetRegistrationByKey_Handler(srv interface{}, ctx context
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_GetAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(AuthorizationID)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).GetAuthorization(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/GetAuthorization",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).GetAuthorization(ctx, req.(*AuthorizationID))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_GetPendingAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetPendingAuthorizationRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).GetPendingAuthorization(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/GetPendingAuthorization",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).GetPendingAuthorization(ctx, req.(*GetPendingAuthorizationRequest))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_GetValidAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetValidAuthorizationsRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).GetValidAuthorizations(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/GetValidAuthorizations",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).GetValidAuthorizations(ctx, req.(*GetValidAuthorizationsRequest))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_GetCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(Serial)
if err := dec(in); err != nil {
@ -2841,24 +2626,6 @@ func _StorageAuthority_CountRegistrationsByIPRange_Handler(srv interface{}, ctx
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_CountPendingAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RegistrationID)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).CountPendingAuthorizations(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/CountPendingAuthorizations",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).CountPendingAuthorizations(ctx, req.(*RegistrationID))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_CountOrders_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CountOrdersRequest)
if err := dec(in); err != nil {
@ -2877,24 +2644,6 @@ func _StorageAuthority_CountOrders_Handler(srv interface{}, ctx context.Context,
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_CountInvalidAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CountInvalidAuthorizationsRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).CountInvalidAuthorizations(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/CountInvalidAuthorizations",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).CountInvalidAuthorizations(ctx, req.(*CountInvalidAuthorizationsRequest))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_CountFQDNSets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CountFQDNSetsRequest)
if err := dec(in); err != nil {
@ -3111,42 +2860,6 @@ func _StorageAuthority_UpdateRegistration_Handler(srv interface{}, ctx context.C
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_NewPendingAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(proto1.Authorization)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).NewPendingAuthorization(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/NewPendingAuthorization",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).NewPendingAuthorization(ctx, req.(*proto1.Authorization))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_FinalizeAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(proto1.Authorization)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).FinalizeAuthorization(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/FinalizeAuthorization",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).FinalizeAuthorization(ctx, req.(*proto1.Authorization))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_AddCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(AddCertificateRequest)
if err := dec(in); err != nil {
@ -3219,24 +2932,6 @@ func _StorageAuthority_DeactivateRegistration_Handler(srv interface{}, ctx conte
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_DeactivateAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(AuthorizationID)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).DeactivateAuthorization(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/DeactivateAuthorization",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).DeactivateAuthorization(ctx, req.(*AuthorizationID))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_NewOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(proto1.Order)
if err := dec(in); err != nil {
@ -3327,24 +3022,6 @@ func _StorageAuthority_GetOrder_Handler(srv interface{}, ctx context.Context, de
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_GetValidOrderAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetValidOrderAuthorizationsRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).GetValidOrderAuthorizations(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/GetValidOrderAuthorizations",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).GetValidOrderAuthorizations(ctx, req.(*GetValidOrderAuthorizationsRequest))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_GetOrderForNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetOrderForNamesRequest)
if err := dec(in); err != nil {
@ -3363,42 +3040,6 @@ func _StorageAuthority_GetOrderForNames_Handler(srv interface{}, ctx context.Con
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_GetAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetAuthorizationsRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).GetAuthorizations(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/GetAuthorizations",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).GetAuthorizations(ctx, req.(*GetAuthorizationsRequest))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_AddPendingAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(AddPendingAuthorizationsRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).AddPendingAuthorizations(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/AddPendingAuthorizations",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).AddPendingAuthorizations(ctx, req.(*AddPendingAuthorizationsRequest))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_RevokeCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RevokeCertificateRequest)
if err := dec(in); err != nil {
@ -3483,18 +3124,6 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
MethodName: "GetRegistrationByKey",
Handler: _StorageAuthority_GetRegistrationByKey_Handler,
},
{
MethodName: "GetAuthorization",
Handler: _StorageAuthority_GetAuthorization_Handler,
},
{
MethodName: "GetPendingAuthorization",
Handler: _StorageAuthority_GetPendingAuthorization_Handler,
},
{
MethodName: "GetValidAuthorizations",
Handler: _StorageAuthority_GetValidAuthorizations_Handler,
},
{
MethodName: "GetCertificate",
Handler: _StorageAuthority_GetCertificate_Handler,
@ -3519,18 +3148,10 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
MethodName: "CountRegistrationsByIPRange",
Handler: _StorageAuthority_CountRegistrationsByIPRange_Handler,
},
{
MethodName: "CountPendingAuthorizations",
Handler: _StorageAuthority_CountPendingAuthorizations_Handler,
},
{
MethodName: "CountOrders",
Handler: _StorageAuthority_CountOrders_Handler,
},
{
MethodName: "CountInvalidAuthorizations",
Handler: _StorageAuthority_CountInvalidAuthorizations_Handler,
},
{
MethodName: "CountFQDNSets",
Handler: _StorageAuthority_CountFQDNSets_Handler,
@ -3579,14 +3200,6 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
MethodName: "UpdateRegistration",
Handler: _StorageAuthority_UpdateRegistration_Handler,
},
{
MethodName: "NewPendingAuthorization",
Handler: _StorageAuthority_NewPendingAuthorization_Handler,
},
{
MethodName: "FinalizeAuthorization",
Handler: _StorageAuthority_FinalizeAuthorization_Handler,
},
{
MethodName: "AddCertificate",
Handler: _StorageAuthority_AddCertificate_Handler,
@ -3603,10 +3216,6 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
MethodName: "DeactivateRegistration",
Handler: _StorageAuthority_DeactivateRegistration_Handler,
},
{
MethodName: "DeactivateAuthorization",
Handler: _StorageAuthority_DeactivateAuthorization_Handler,
},
{
MethodName: "NewOrder",
Handler: _StorageAuthority_NewOrder_Handler,
@ -3627,22 +3236,10 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
MethodName: "GetOrder",
Handler: _StorageAuthority_GetOrder_Handler,
},
{
MethodName: "GetValidOrderAuthorizations",
Handler: _StorageAuthority_GetValidOrderAuthorizations_Handler,
},
{
MethodName: "GetOrderForNames",
Handler: _StorageAuthority_GetOrderForNames_Handler,
},
{
MethodName: "GetAuthorizations",
Handler: _StorageAuthority_GetAuthorizations_Handler,
},
{
MethodName: "AddPendingAuthorizations",
Handler: _StorageAuthority_AddPendingAuthorizations_Handler,
},
{
MethodName: "RevokeCertificate",
Handler: _StorageAuthority_RevokeCertificate_Handler,

11
sa/proto/sa.proto
View File

@ -9,20 +9,15 @@ service StorageAuthority {
// Getters
rpc GetRegistration(RegistrationID) returns (core.Registration) {}
rpc GetRegistrationByKey(JSONWebKey) returns (core.Registration) {}
rpc GetAuthorization(AuthorizationID) returns (core.Authorization) {}
rpc GetPendingAuthorization(GetPendingAuthorizationRequest) returns (core.Authorization) {}
rpc GetValidAuthorizations(GetValidAuthorizationsRequest) returns (ValidAuthorizations) {}
rpc GetCertificate(Serial) returns (core.Certificate) {}
rpc GetPrecertificate(Serial) returns (core.Certificate) {}
rpc GetCertificateStatus(Serial) returns (CertificateStatus) {}
rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {}
rpc CountRegistrationsByIP(CountRegistrationsByIPRequest) returns (Count) {}
rpc CountRegistrationsByIPRange(CountRegistrationsByIPRequest) returns (Count) {}
rpc CountPendingAuthorizations(RegistrationID) returns (Count) {}
rpc CountOrders(CountOrdersRequest) returns (Count) {}
// Return a count of authorizations with status "invalid" that belong to
// a given registration ID and expire in the given time range.
rpc CountInvalidAuthorizations(CountInvalidAuthorizationsRequest) returns (Count) {}
rpc CountFQDNSets(CountFQDNSetsRequest) returns (Count) {}
rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {}
rpc PreviousCertificateExists(PreviousCertificateExistsRequest) returns (Exists) {}
@ -36,22 +31,16 @@ service StorageAuthority {
// Adders
rpc NewRegistration(core.Registration) returns (core.Registration) {}
rpc UpdateRegistration(core.Registration) returns (core.Empty) {}
rpc NewPendingAuthorization(core.Authorization) returns (core.Authorization) {}
rpc FinalizeAuthorization(core.Authorization) returns (core.Empty) {}
rpc AddCertificate(AddCertificateRequest) returns (AddCertificateResponse) {}
rpc AddPrecertificate(AddCertificateRequest) returns (core.Empty) {}
rpc AddSerial(AddSerialRequest) returns (core.Empty) {}
rpc DeactivateRegistration(RegistrationID) returns (core.Empty) {}
rpc DeactivateAuthorization(AuthorizationID) returns (core.Empty) {}
rpc NewOrder(core.Order) returns (core.Order) {}
rpc SetOrderProcessing(core.Order) returns (core.Empty) {}
rpc SetOrderError(core.Order) returns (core.Empty) {}
rpc FinalizeOrder(core.Order) returns (core.Empty) {}
rpc GetOrder(OrderRequest) returns (core.Order) {}
rpc GetValidOrderAuthorizations(GetValidOrderAuthorizationsRequest) returns (Authorizations) {}
rpc GetOrderForNames(GetOrderForNamesRequest) returns (core.Order) {}
rpc GetAuthorizations(GetAuthorizationsRequest) returns (Authorizations) {}
rpc AddPendingAuthorizations(AddPendingAuthorizationsRequest) returns (AuthorizationIDs) {}
rpc RevokeCertificate(RevokeCertificateRequest) returns (core.Empty) {}
rpc NewAuthorizations2(AddPendingAuthorizationsRequest) returns (Authorization2IDs) {}
rpc FinalizeAuthorization2(FinalizeAuthorizationRequest) returns (core.Empty) {}

790
sa/sa.go
View File

@ -30,7 +30,6 @@ import (
)
type certCountFunc func(db dbSelector, domain string, earliest, latest time.Time) (int, error)
type getChallengesFunc func(db dbSelector, authID string) ([]core.Challenge, error)
// SQLStorageAuthority defines a Storage Authority
type SQLStorageAuthority struct {
@ -46,7 +45,6 @@ type SQLStorageAuthority struct {
// We use function types here so we can mock out this internal function in
// unittests.
countCertificatesByName certCountFunc
getChallenges getChallengesFunc
}
func digest256(data []byte) []byte {
@ -107,7 +105,6 @@ func NewSQLStorageAuthority(
}
ssa.countCertificatesByName = ssa.countCertificates
ssa.getChallenges = ssa.getChallengesImpl
return ssa, nil
}
@ -134,59 +131,6 @@ func existingRegistration(tx *gorp.Transaction, id int64) bool {
return count > 0
}
// updateChallenge writes the valid or invalid challenge in a list of challenges
// to the database. It deletes from the database any of those challenges that
// weren't used (i.e. aren't "valid" or "invalid"), so long as the
// DeleteUnusedChallenges flag is set.
func updateChallenges(db dbSelectExecer, authID string, challenges []core.Challenge) error {
var challs []challModel
_, err := db.Select(
&challs,
getChallengesQuery,
map[string]interface{}{"authID": authID},
)
if err != nil {
return err
}
if len(challs) != len(challenges) {
return fmt.Errorf("Invalid number of challenges provided")
}
for i, authChall := range challenges {
if challs[i].AuthorizationID != authID {
return fmt.Errorf("challenge authorization ID %q didn't match associated authorization ID %q", challs[i].AuthorizationID, authID)
}
chall, err := challengeToModel(&authChall, authID)
if err != nil {
return err
}
chall.ID = challs[i].ID
if authChall.Status == core.StatusInvalid || authChall.Status == core.StatusValid {
_, err = db.Exec(
`UPDATE challenges SET
status = ?,
error = ?,
validationRecord = ?
WHERE status = ? AND id = ?`,
string(chall.Status),
chall.Error,
chall.ValidationRecord,
string(core.StatusPending),
chall.ID)
if err != nil {
return err
}
} else if features.Enabled(features.DeleteUnusedChallenges) {
_, err = db.Exec(
`DELETE FROM challenges WHERE id = ?`,
chall.ID)
if err != nil {
return err
}
}
}
return nil
}
// GetRegistration obtains a Registration by ID
func (ssa *SQLStorageAuthority) GetRegistration(ctx context.Context, id int64) (core.Registration, error) {
const query = "WHERE id = ?"
@ -221,62 +165,6 @@ func (ssa *SQLStorageAuthority) GetRegistrationByKey(ctx context.Context, key *j
return modelToRegistration(model)
}
// GetAuthorization obtains an Authorization by ID
func (ssa *SQLStorageAuthority) GetAuthorization(ctx context.Context, id string) (core.Authorization, error) {
authz, overallError := withTransaction(ctx, ssa.dbMap, func(txWithCtx transaction) (interface{}, error) {
pa, err := selectPendingAuthz(txWithCtx, "WHERE id = ?", id)
if err != nil && err != sql.ErrNoRows {
return nil, err
}
var authz core.Authorization
if err == sql.ErrNoRows {
var fa authzModel
err := txWithCtx.SelectOne(&fa, fmt.Sprintf("SELECT %s FROM authz WHERE id = ?", authzFields), id)
if err != nil && err != sql.ErrNoRows {
return nil, err
} else if err == sql.ErrNoRows {
// If there was no result in either the pending authz table or the authz
// table then return a `berrors.NotFound` instance
return nil, berrors.NotFoundError("no authorization found with id %q", id)
}
authz = fa.Authorization
} else {
authz = pa.Authorization
}
authz.Challenges, err = ssa.getChallenges(txWithCtx, authz.ID)
if err != nil {
return nil, err
}
return authz, nil
})
if overallError != nil {
return core.Authorization{}, overallError
}
if authz, ok := authz.(core.Authorization); ok {
return authz, nil
}
return core.Authorization{}, fmt.Errorf("shouldn't happen: casting error in GetAuthorization")
}
// GetValidAuthorizations returns the latest authorization object for all
// domain names from the parameters that the account has authorizations for.
func (ssa *SQLStorageAuthority) GetValidAuthorizations(
ctx context.Context,
registrationID int64,
names []string,
now time.Time) (map[string]*core.Authorization, error) {
return ssa.getAuthorizations(
ctx,
authorizationTable,
string(core.StatusValid),
registrationID,
names,
now,
false)
}
// incrementIP returns a copy of `ip` incremented at a bit index `index`,
// or in other words the first IP of the next highest subnet given a mask of
// length `index`.
@ -552,163 +440,6 @@ func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, reg core
return nil
}
// NewPendingAuthorization retrieves a pending authorization for
// authz.Identifier if one exists, or creates a new one otherwise.
func (ssa *SQLStorageAuthority) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (core.Authorization, error) {
output, overallError := withTransaction(ctx, ssa.dbMap, func(txWithCtx transaction) (interface{}, error) {
// Create a random ID and check that it doesn't exist already
authz.ID = core.NewToken()
for existingPending(txWithCtx, authz.ID) ||
existingFinal(txWithCtx, authz.ID) {
authz.ID = core.NewToken()
}
// Insert a stub row in pending
pendingAuthz := pendingauthzModel{Authorization: authz}
err := txWithCtx.Insert(&pendingAuthz)
if err != nil {
return nil, err
}
for i, c := range authz.Challenges {
challModel, err := challengeToModel(&c, pendingAuthz.ID)
if err != nil {
return nil, err
}
// Magic happens here: Gorp will modify challModel, setting challModel.ID
// to the auto-increment primary key. This is important because we want
// the challenge objects inside the Authorization we return to know their
// IDs, so they can have proper URLs.
// See https://godoc.org/github.com/coopernurse/gorp#DbMap.Insert
err = txWithCtx.Insert(challModel)
if err != nil {
return nil, err
}
challenge, err := modelToChallenge(challModel)
if err != nil {
return nil, err
}
authz.Challenges[i] = challenge
}
pendingAuthz.Authorization.Challenges = authz.Challenges
return pendingAuthz.Authorization, nil
})
if overallError != nil {
return core.Authorization{}, overallError
}
if output, ok := output.(core.Authorization); ok {
return output, nil
}
return core.Authorization{}, fmt.Errorf("shouldn't happen: casting error in NewPendingAuthorization")
}
// GetPendingAuthorization returns the most recent Pending authorization
// with the given identifier, if available.
func (ssa *SQLStorageAuthority) GetPendingAuthorization(
ctx context.Context,
req *sapb.GetPendingAuthorizationRequest,
) (*core.Authorization, error) {
identifierJSON, err := json.Marshal(identifier.ACMEIdentifier{
Type: identifier.IdentifierType(*req.IdentifierType),
Value: *req.IdentifierValue,
})
if err != nil {
return nil, err
}
// Note: This will use the index on `registrationId`, `expires`, which should
// keep the amount of scanning to a minimum. That index does not include the
// identifier, so accounts with huge numbers of pending authzs may result in
// slow queries here.
pa, err := selectPendingAuthz(ssa.dbMap.WithContext(ctx),
`WHERE registrationID = :regID
AND identifier = :identifierJSON
AND status = :status
AND expires > :validUntil
ORDER BY expires ASC
LIMIT 1`,
map[string]interface{}{
"regID": *req.RegistrationID,
"identifierJSON": identifierJSON,
"status": string(core.StatusPending),
"validUntil": time.Unix(0, *req.ValidUntil),
})
if err == sql.ErrNoRows {
return nil, berrors.NotFoundError("pending authz not found")
} else if err == nil {
// We found an authz, but we still need to fetch its challenges. To
// simplify things, just call GetAuthorization, which takes care of that.
authz, err := ssa.GetAuthorization(ctx, pa.ID)
return &authz, err
} else {
// Any error other than ErrNoRows; return the error
return nil, err
}
}
// FinalizeAuthorization converts a Pending Authorization to a final one. If the
// Authorization is not found a berrors.NotFound result is returned. If the
// Authorization is status pending a berrors.InternalServer error is returned.
func (ssa *SQLStorageAuthority) FinalizeAuthorization(ctx context.Context, authz core.Authorization) error {
_, overallError := withTransaction(ctx, ssa.dbMap, func(txWithCtx transaction) (interface{}, error) {
// Check that a pending authz exists
if !existingPending(txWithCtx, authz.ID) {
return nil, berrors.NotFoundError("authorization with ID %q not found", authz.ID)
}
if statusIsPending(authz.Status) {
return nil, berrors.InternalServerError("authorization to finalize is pending (ID %q)", authz.ID)
}
auth := &authzModel{authz}
pa, err := selectPendingAuthz(txWithCtx, "WHERE id = ?", authz.ID)
if err == sql.ErrNoRows {
return nil, berrors.NotFoundError("authorization with ID %q not found", authz.ID)
}
if err != nil {
return nil, err
}
err = txWithCtx.Insert(auth)
if err != nil {
return nil, err
}
_, err = txWithCtx.Delete(pa)
if err != nil {
return nil, err
}
err = updateChallenges(txWithCtx, authz.ID, authz.Challenges)
if err != nil {
return nil, err
}
return nil, nil
})
return overallError
}
func (ssa *SQLStorageAuthority) getAuthorizationIDsByDomain2(ctx context.Context, domain string) ([]int64, error) {
var ids []int64
_, err := ssa.dbMap.Select(
&ids,
`SELECT id FROM authz2 WHERE identifierValue = :ident AND status IN (:pending,:valid) AND expires > :expires LIMIT :limit`,
map[string]interface{}{
"ident": domain,
"pending": statusUint(core.StatusPending),
"valid": statusUint(core.StatusValid),
"expires": ssa.clk.Now(),
"limit": getAuthorizationIDsMax,
},
)
if err != nil {
return nil, err
}
return ids, nil
}
// AddCertificate stores an issued certificate and returns the digest as
// a string, or an error if any occurred.
func (ssa *SQLStorageAuthority) AddCertificate(
@ -813,22 +544,6 @@ func (ssa *SQLStorageAuthority) AddCertificate(
return digest, nil
}
// CountPendingAuthorizations returns the number of pending, unexpired
// authorizations for the given registration.
func (ssa *SQLStorageAuthority) CountPendingAuthorizations(ctx context.Context, regID int64) (count int, err error) {
err = ssa.dbMap.WithContext(ctx).SelectOne(&count,
`SELECT count(1) FROM pendingAuthorizations
WHERE registrationID = :regID AND
expires > :now AND
status = :pending`,
map[string]interface{}{
"regID": regID,
"now": ssa.clk.Now(),
"pending": string(core.StatusPending),
})
return
}
func (ssa *SQLStorageAuthority) CountOrders(ctx context.Context, acctID int64, earliest, latest time.Time) (int, error) {
var count int
err := ssa.dbMap.WithContext(ctx).SelectOne(&count,
@ -847,43 +562,6 @@ func (ssa *SQLStorageAuthority) CountOrders(ctx context.Context, acctID int64, e
return count, nil
}
// CountInvalidAuthorizations counts invalid authorizations for a user expiring
// in a given time range.
// authorizations for the give registration.
func (ssa *SQLStorageAuthority) CountInvalidAuthorizations(
ctx context.Context,
req *sapb.CountInvalidAuthorizationsRequest,
) (count *sapb.Count, err error) {
identifier := identifier.ACMEIdentifier{
Type: identifier.DNS,
Value: *req.Hostname,
}
idJSON, err := json.Marshal(identifier)
if err != nil {
return nil, err
}
count = &sapb.Count{
Count: new(int64),
}
err = ssa.dbMap.WithContext(ctx).SelectOne(count.Count,
`SELECT COUNT(1) FROM authz
WHERE registrationID = :regID AND
identifier = :identifier AND
expires > :earliest AND
expires <= :latest AND
status = :invalid`,
map[string]interface{}{
"regID": *req.RegistrationID,
"identifier": idJSON,
"earliest": time.Unix(0, *req.Range.Earliest),
"latest": time.Unix(0, *req.Range.Latest),
"invalid": string(core.StatusInvalid),
})
return
}
func hashNames(names []string) []byte {
names = core.UniqueLowerNames(names)
hash := sha256.Sum256([]byte(strings.Join(names, ",")))
@ -1192,51 +870,6 @@ func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, id i
return err
}
// DeactivateAuthorization deactivates a currently valid or pending authorization
func (ssa *SQLStorageAuthority) DeactivateAuthorization(ctx context.Context, id string) error {
_, overallError := withTransaction(ctx, ssa.dbMap, func(txWithCtx transaction) (interface{}, error) {
if existingPending(txWithCtx, id) {
authzObj, err := txWithCtx.Get(&pendingauthzModel{}, id)
if err != nil {
return nil, err
}
if authzObj == nil {
// InternalServerError because existingPending already told us it existed
return nil, berrors.InternalServerError("failure retrieving pending authorization")
}
authz := authzObj.(*pendingauthzModel)
if authz.Status != core.StatusPending {
return nil, berrors.WrongAuthorizationStateError("authorization not pending")
}
authz.Status = core.StatusDeactivated
err = txWithCtx.Insert(&authzModel{authz.Authorization})
if err != nil {
return nil, err
}
result, err := txWithCtx.Delete(authzObj)
if err != nil {
return nil, err
}
if result != 1 {
return nil, berrors.InternalServerError("wrong number of rows deleted: expected 1, got %d", result)
}
} else {
_, err := txWithCtx.Exec(
`UPDATE authz SET status = ? WHERE id = ? and status = ?`,
string(core.StatusDeactivated),
id,
string(core.StatusValid),
)
if err != nil {
return nil, err
}
}
return nil, nil
})
return overallError
}
// DeactivateAuthorization2 deactivates a currently valid or pending authorization.
// This method is intended to deprecate DeactivateAuthorization.
func (ssa *SQLStorageAuthority) DeactivateAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Empty, error) {
@ -1268,15 +901,6 @@ func (ssa *SQLStorageAuthority) NewOrder(ctx context.Context, req *corepb.Order)
return nil, err
}
for _, id := range req.Authorizations {
otoa := &orderToAuthzModel{
OrderID: order.ID,
AuthzID: id,
}
if err := txWithCtx.Insert(otoa); err != nil {
return nil, err
}
}
for _, id := range req.V2Authorizations {
otoa := &orderToAuthz2Model{
OrderID: order.ID,
@ -1422,23 +1046,14 @@ func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *corepb.O
// authzForOrder retrieves the authorization IDs for an order. It returns these
// IDs in two slices: one for v1 style authorizations, and another for
// v2 style authorizations.
func (ssa *SQLStorageAuthority) authzForOrder(ctx context.Context, orderID int64) ([]string, []int64, error) {
var v1IDs []string
func (ssa *SQLStorageAuthority) authzForOrder(ctx context.Context, orderID int64) ([]int64, error) {
var v2IDs []int64
_, err := ssa.dbMap.WithContext(ctx).Select(
&v2IDs,
"SELECT authzID FROM orderToAuthz2 WHERE orderID = ?",
orderID,
)
if err != nil {
return nil, nil, err
}
_, err = ssa.dbMap.WithContext(ctx).Select(
&v1IDs, "SELECT authzID FROM orderToAuthz WHERE orderID = ?", orderID)
if err != nil {
return nil, nil, err
}
return v1IDs, v2IDs, nil
return v2IDs, err
}
// namesForOrder finds all of the requested names associated with an order. The
@ -1470,14 +1085,11 @@ func (ssa *SQLStorageAuthority) GetOrder(ctx context.Context, req *sapb.OrderReq
if err != nil {
return nil, err
}
v1AuthzIDs, v2AuthzIDs, err := ssa.authzForOrder(ctx, *order.Id)
v2AuthzIDs, err := ssa.authzForOrder(ctx, *order.Id)
if err != nil {
return nil, err
}
if features.Enabled(features.DisableAuthz2Orders) && len(v2AuthzIDs) > 0 {
return nil, berrors.NotFoundError("no order found for ID %d", *req.Id)
}
order.Authorizations, order.V2Authorizations = v1AuthzIDs, v2AuthzIDs
order.V2Authorizations = v2AuthzIDs
names, err := ssa.namesForOrder(ctx, *order.Id)
if err != nil {
@ -1542,20 +1154,20 @@ func (ssa *SQLStorageAuthority) statusForOrder(ctx context.Context, order *corep
}
// Get the full Authorization objects for the order
authzValidityInfo, err := ssa.getAllOrderAuthorizationStatuses(ctx, *order.Id, *order.RegistrationID, order.V2Authorizations)
authzValidityInfo, err := ssa.getAuthorizationStatuses(ctx, order.V2Authorizations)
// If there was an error getting the authorizations, return it immediately
if err != nil {
return "", err
}
// If getAllOrderAuthorizationStatuses returned a different number of authorization
// objects than the order's slices of v1 and v2 authorization IDs something has gone
// If getAuthorizationStatuses returned a different number of authorization
// objects than the order's slice of authorization IDs something has gone
// wrong worth raising an internal error about.
if len(authzValidityInfo) != len(order.Authorizations)+len(order.V2Authorizations) {
if len(authzValidityInfo) != len(order.V2Authorizations) {
return "", berrors.InternalServerError(
"getAllOrderAuthorizationStatuses returned the wrong number of authorization statuses "+
"getAuthorizationStatuses returned the wrong number of authorization statuses "+
"(%d vs expected %d) for order %d",
len(authzValidityInfo), len(order.Authorizations), *order.Id)
len(authzValidityInfo), len(order.V2Authorizations), *order.Id)
}
// Keep a count of the authorizations seen
@ -1673,89 +1285,6 @@ func (ssa *SQLStorageAuthority) getAuthorizationStatuses(ctx context.Context, id
return allAuthzValidity, nil
}
func (ssa *SQLStorageAuthority) getAllOrderAuthorizationStatuses(
ctx context.Context,
orderID, acctID int64,
v2AuthzIDs []int64) ([]authzValidity, error) {
var allAuthzValidity []authzValidity
if len(v2AuthzIDs) > 0 {
validityInfo, err := ssa.getAuthorizationStatuses(ctx, v2AuthzIDs)
if err != nil {
return nil, err
}
allAuthzValidity = append(allAuthzValidity, validityInfo...)
}
for _, table := range authorizationTables {
var validityInfo []authzValidity
_, err := ssa.dbMap.WithContext(ctx).Select(
&validityInfo,
fmt.Sprintf(`SELECT status, expires from %s AS authz
INNER JOIN orderToAuthz
ON authz.ID = orderToAuthz.authzID
WHERE authz.registrationID = ? AND
orderToAuthz.orderID = ?`, table),
acctID,
orderID,
)
if err != nil {
return nil, err
}
allAuthzValidity = append(allAuthzValidity, validityInfo...)
}
return allAuthzValidity, nil
}
// GetValidOrderAuthorizations is used to find the valid, unexpired authorizations
// associated with a specific order and account ID.
func (ssa *SQLStorageAuthority) GetValidOrderAuthorizations(
ctx context.Context,
req *sapb.GetValidOrderAuthorizationsRequest) (map[string]*core.Authorization, error) {
now := ssa.clk.Now()
// Select the full authorization data for all *valid, unexpired*
// authorizations that are owned by the correct account ID and associated with
// the given order ID
var auths []*core.Authorization
_, err := ssa.dbMap.WithContext(ctx).Select(
&auths,
fmt.Sprintf(`SELECT %s FROM %s AS authz
LEFT JOIN orderToAuthz
ON authz.ID = orderToAuthz.authzID
WHERE authz.registrationID = ? AND
authz.expires > ? AND
authz.status = ? AND
orderToAuthz.orderID = ?`, authzFields, authorizationTable),
*req.AcctID,
now,
string(core.StatusValid),
*req.Id)
if err != nil {
return nil, err
}
// Collapse & dedupe the returned authorizations into a mapping from name to
// authorization
byName := make(map[string]*core.Authorization)
for _, auth := range auths {
// We only expect to get back DNS identifiers
if auth.Identifier.Type != identifier.DNS {
return nil, fmt.Errorf("unknown identifier type: %q on authz id %q", auth.Identifier.Type, auth.ID)
}
existing, present := byName[auth.Identifier.Value]
if !present || auth.Expires.After(*existing.Expires) {
// Retrieve challenges for the authz
auth.Challenges, err = ssa.getChallenges(ssa.dbMap.WithContext(ctx), auth.ID)
if err != nil {
return nil, err
}
byName[auth.Identifier.Value] = auth
}
}
return byName, nil
}
// GetOrderForNames tries to find a **pending** or **ready** order with the
// exact set of names requested, associated with the given accountID. Only
// unexpired orders are considered. If no order meeting these requirements is
@ -1827,97 +1356,6 @@ func (ssa *SQLStorageAuthority) GetOrderForNames(
return order, nil
}
func (ssa *SQLStorageAuthority) getAuthorizations(
ctx context.Context,
table string,
status string,
registrationID int64,
names []string,
now time.Time,
requireV2Authzs bool) (map[string]*core.Authorization, error) {
if len(names) == 0 {
return nil, berrors.InternalServerError("no names received")
}
params := make([]interface{}, len(names))
qmarks := make([]string, len(names))
for i, name := range names {
id := identifier.ACMEIdentifier{Type: identifier.DNS, Value: name}
idJSON, err := json.Marshal(id)
if err != nil {
return nil, err
}
params[i] = string(idJSON)
qmarks[i] = "?"
}
// If requested, filter out V1 authorizations by doing a JOIN on the
// orderToAuthz table, ensuring that all authorization IDs returned correspond
// to a V2 order.
queryPrefix := fmt.Sprintf(`SELECT %s FROM %s`, authzFields, table)
if requireV2Authzs {
queryPrefix = queryPrefix + `
JOIN orderToAuthz
ON ID = authzID`
}
var auths []*core.Authorization
_, err := ssa.dbMap.WithContext(ctx).Select(
&auths,
fmt.Sprintf(`%s
WHERE registrationID = ? AND
expires > ? AND
status = ? AND
identifier IN (%s)`,
queryPrefix, strings.Join(qmarks, ",")),
append([]interface{}{registrationID, now, status}, params...)...)
if err != nil {
return nil, err
}
byName := make(map[string]*core.Authorization)
for _, auth := range auths {
// No real life authorizations should have a nil expires. If we find them,
// don't consider them valid.
if auth.Expires == nil {
continue
}
if auth.Identifier.Type != identifier.DNS {
return nil, fmt.Errorf("unknown identifier type: %q on authz id %q", auth.Identifier.Type, auth.ID)
}
existing, present := byName[auth.Identifier.Value]
if !present || auth.Expires.After(*existing.Expires) {
byName[auth.Identifier.Value] = auth
}
}
for _, auth := range byName {
// Retrieve challenges for the authz
if auth.Challenges, err = ssa.getChallenges(ssa.dbMap.WithContext(ctx), auth.ID); err != nil {
return nil, err
}
}
return byName, nil
}
func (ssa *SQLStorageAuthority) getPendingAuthorizations(
ctx context.Context,
registrationID int64,
names []string,
now time.Time,
requireV2Authzs bool) (map[string]*core.Authorization, error) {
return ssa.getAuthorizations(
ctx,
pendingAuthorizationTable,
string(core.StatusPending),
registrationID,
names,
now,
requireV2Authzs)
}
func AuthzMapToPB(m map[string]*core.Authorization) (*sapb.Authorizations, error) {
resp := &sapb.Authorizations{}
for k, v := range m {
@ -1932,99 +1370,6 @@ func AuthzMapToPB(m map[string]*core.Authorization) (*sapb.Authorizations, error
return resp, nil
}
// GetAuthorizations returns a map of valid or pending authorizations for as many names as possible
func (ssa *SQLStorageAuthority) GetAuthorizations(
ctx context.Context,
req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error) {
authzMap, err := ssa.getAuthorizations(
ctx,
authorizationTable,
string(core.StatusValid),
*req.RegistrationID,
req.Domains,
time.Unix(0, *req.Now),
*req.RequireV2Authzs,
)
if err != nil {
return nil, err
}
if len(authzMap) == len(req.Domains) {
return AuthzMapToPB(authzMap)
}
// remove names we already have authz for
remainingNames := []string{}
for _, name := range req.Domains {
if _, present := authzMap[name]; !present {
remainingNames = append(remainingNames, name)
}
}
pendingAuthz, err := ssa.getPendingAuthorizations(
ctx,
*req.RegistrationID,
remainingNames,
time.Unix(0, *req.Now),
*req.RequireV2Authzs)
if err != nil {
return nil, err
}
// merge pending into valid
for name, a := range pendingAuthz {
authzMap[name] = a
}
// Wildcard domain issuance requires that the authorizations returned by this
// RPC also include populated challenges such that the caller can know if the
// challenges meet the wildcard issuance policy (e.g. only 1 DNS-01
// challenge).
// Fetch each of the authorizations' associated challenges
for _, authz := range authzMap {
authz.Challenges, err = ssa.getChallenges(ssa.dbMap.WithContext(ctx), authz.ID)
if err != nil {
return nil, err
}
}
return AuthzMapToPB(authzMap)
}
// AddPendingAuthorizations creates a batch of pending authorizations and returns their IDs
func (ssa *SQLStorageAuthority) AddPendingAuthorizations(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error) {
ids := []string{}
for _, authPB := range req.Authz {
authz, err := bgrpc.PBToAuthz(authPB)
if err != nil {
return nil, err
}
result, err := ssa.NewPendingAuthorization(ctx, authz)
if err != nil {
return nil, err
}
ids = append(ids, result.ID)
}
return &sapb.AuthorizationIDs{Ids: ids}, nil
}
func (ssa *SQLStorageAuthority) getChallengesImpl(db dbSelector, authID string) ([]core.Challenge, error) {
var challObjs []challModel
_, err := db.Select(
&challObjs,
getChallengesQuery,
map[string]interface{}{"authID": authID},
)
if err != nil {
return nil, err
}
var challs []core.Challenge
for _, c := range challObjs {
chall, err := modelToChallenge(&c)
if err != nil {
return nil, err
}
challs = append(challs, chall)
}
return challs, nil
}
// NewAuthorizations2 adds a set of new style authorizations to the database and returns
// either the IDs of the authorizations or an error. It will only process corepb.Authorization
// objects if the V2 field is set. This method is intended to deprecate AddPendingAuthorizations
@ -2126,37 +1471,7 @@ func (ssa *SQLStorageAuthority) GetAuthorizations2(ctx context.Context, req *sap
}
}
authzsPB, err := authz2ModelMapToPB(authzModelMap)
if err != nil {
return nil, err
}
// If we still need more authorizations look for them in the old
// style authorization tables.
if len(authzModelMap) != len(req.Domains) {
// Get the authorizations for names we don't already have
var remaining []string
for _, name := range req.Domains {
if _, present := authzModelMap[name]; !present {
remaining = append(remaining, name)
}
}
reqV2 := true
authz, err := ssa.GetAuthorizations(ctx, &sapb.GetAuthorizationsRequest{
RegistrationID: req.RegistrationID,
Domains: remaining,
Now: req.Now,
RequireV2Authzs: &reqV2,
})
if err != nil {
return nil, err
}
for _, authzPB := range authz.Authz {
authzsPB.Authz = append(authzsPB.Authz, authzPB)
}
}
return authzsPB, nil
return authz2ModelMapToPB(authzModelMap)
}
// FinalizeAuthorization2 moves a pending authorization to either the valid or invalid status. If
@ -2290,12 +1605,7 @@ func (ssa *SQLStorageAuthority) GetPendingAuthorization2(ctx context.Context, re
)
if err != nil {
if err == sql.ErrNoRows {
// there may be an old style pending authorization so look for that
authz, err := ssa.GetPendingAuthorization(ctx, req)
if err != nil {
return nil, err
}
return bgrpc.AuthzToPB(*authz)
return nil, berrors.NotFoundError("pending authz not found")
}
return nil, err
}
@ -2320,13 +1630,6 @@ func (ssa *SQLStorageAuthority) CountPendingAuthorizations2(ctx context.Context,
if err != nil {
return nil, err
}
// also count old style authorizations and add those to the count of
// new authorizations
oldCount, err := ssa.CountPendingAuthorizations(ctx, *req.Id)
if err != nil {
return nil, err
}
count += int64(oldCount)
return &sapb.Count{Count: &count}, nil
}
@ -2367,29 +1670,7 @@ func (ssa *SQLStorageAuthority) GetValidOrderAuthorizations2(ctx context.Context
}
}
authzsPB, err := authz2ModelMapToPB(byName)
if err != nil {
return nil, err
}
// also get any older style authorizations, as far as I can tell
// there is no easy way to tell if this is needed or not as
// an order may be all one style, all the other, or a mix
oldAuthzMap, err := ssa.GetValidOrderAuthorizations(ctx, req)
if err != nil {
return nil, err
}
if len(oldAuthzMap) > 0 {
oldAuthzsPB, err := AuthzMapToPB(oldAuthzMap)
if err != nil {
return nil, err
}
for _, authzPB := range oldAuthzsPB.Authz {
authzsPB.Authz = append(authzsPB.Authz, authzPB)
}
}
return authzsPB, nil
return authz2ModelMapToPB(byName)
}
// CountInvalidAuthorizations2 counts invalid authorizations for a user expiring
@ -2418,13 +1699,6 @@ func (ssa *SQLStorageAuthority) CountInvalidAuthorizations2(ctx context.Context,
if err != nil {
return nil, err
}
// Also count old authorizations and add those to the new style
// count
oldCount, err := ssa.CountInvalidAuthorizations(ctx, req)
if err != nil {
return nil, err
}
count += *oldCount.Count
return &sapb.Count{Count: &count}, nil
}
@ -2476,41 +1750,5 @@ func (ssa *SQLStorageAuthority) GetValidAuthorizations2(ctx context.Context, req
}
authzMap[am.IdentifierValue] = am
}
authzsPB, err := authz2ModelMapToPB(authzMap)
if err != nil {
return nil, err
}
if len(authzsPB.Authz) != len(req.Domains) {
// We may still have valid old style authorizations
// we want for names in the list, so we have to look
// for them.
var remaining []string
for _, name := range req.Domains {
if _, present := authzMap[name]; !present {
remaining = append(remaining, name)
}
}
now := time.Unix(0, *req.Now)
oldAuthzs, err := ssa.GetValidAuthorizations(
ctx,
*req.RegistrationID,
remaining,
now,
)
if err != nil {
return nil, err
}
if len(oldAuthzs) > 0 {
oldAuthzsPB, err := AuthzMapToPB(oldAuthzs)
if err != nil {
return nil, err
}
for _, authzPB := range oldAuthzsPB.Authz {
authzsPB.Authz = append(authzsPB.Authz, authzPB)
}
}
}
return authzsPB, nil
return authz2ModelMapToPB(authzMap)
}

1676
sa/sa_test.go
View File

File diff suppressed because it is too large Load Diff