letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add new SA.NewOrderAndAuthzs gRPC method (#5602) 

Add a new method to the SA's gRPC interface which takes both an Order
and a list of new Authorizations to insert into the database, and adds
both (as well as the various ancillary rows) inside a transaction.

To enable this, add a new abstraction layer inside the `db/` package
that facilitates inserting many rows at once, as we do for the `authz2`,
`orderToAuthz2`, and `requestedNames` tables in this operation. 

Finally, add a new codepath to the RA (and a feature flag to control it)
which uses this new SA method instead of separately calling the
`NewAuthorization` method multiple times. Enable this feature flag in
the config-next integration tests.

This should reduce the failure rate of the new-order flow by reducing
the number of database operations by coalescing multiple inserts into a
single multi-row insert. It should also reduce the incidence of new
authorizations being created in the database but then never exposed to
the subscriber because of a failure later in the new-order flow, both by
reducing failures overall and by adding those authorizations in a
transaction which will be rolled back if there is a later failure.

Fixes #5577
This commit is contained in:
Aaron Gable 2021-09-03 13:48:04 -07:00 committed by GitHub
parent d1d04c950e
commit 4ef9fb1b4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 856 additions and 332 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/interfaces.go
View File

@ -92,6 +92,7 @@ type StorageAdder interface {
AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*emptypb.Empty, error)
DeactivateRegistration(ctx context.Context, req *sapb.RegistrationID) (*emptypb.Empty, error)
NewOrder(ctx context.Context, req *sapb.NewOrderRequest) (*corepb.Order, error)
NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error)
SetOrderProcessing(ctx context.Context, req *sapb.OrderRequest) (*emptypb.Empty, error)
FinalizeOrder(ctx context.Context, req *sapb.FinalizeOrderRequest) (*emptypb.Empty, error)
SetOrderError(ctx context.Context, req *sapb.SetOrderErrorRequest) (*emptypb.Empty, error)

1
db/mocks.go
View File

@ -59,6 +59,7 @@ type Executor interface {
Delete(...interface{}) (int64, error)
Get(interface{}, ...interface{}) (interface{}, error)
Update(...interface{}) (int64, error)
Query(string, ...interface{}) (*sql.Rows, error)
}
// Transaction extends an Executor and adds Rollback, Commit, and WithContext.

103
db/multi.go Normal file
View File

@ -0,0 +1,103 @@
package db
import (
"fmt"
"strings"
)
// MultiInserter makes it easy to construct a
// `INSERT INTO table (...) VALUES ... RETURNING id;`
// query which inserts multiple rows into the same table. It can also execute
// the resulting query.
type MultiInserter struct {
table string
fields string
retCol string
numFields int
values [][]interface{}
}
// NewMultiInserter creates a new MultiInserter, checking for reasonable table
// name and list of fields.
func NewMultiInserter(table string, fields string, retCol string) (*MultiInserter, error) {
numFields := len(strings.Split(fields, ","))
if len(table) == 0 || len(fields) == 0 || numFields == 0 {
return nil, fmt.Errorf("empty table name or fields list")
}
if strings.Contains(retCol, ",") {
return nil, fmt.Errorf("return column must be singular, but got %q", retCol)
}
return &MultiInserter{
table: table,
fields: fields,
retCol: retCol,
numFields: numFields,
values: make([][]interface{}, 0),
}, nil
}
// Add registers another row to be included in the Insert query.
func (mi *MultiInserter) Add(row []interface{}) error {
if len(row) != mi.numFields {
return fmt.Errorf("field count mismatch, got %d, expected %d", len(row), mi.numFields)
}
mi.values = append(mi.values, row)
return nil
}
// query returns the formatted query string, and the slice of arguments for
// for gorp to use in place of the query's question marks. Currently only
// used by .Insert(), below.
func (mi *MultiInserter) query() (string, []interface{}) {
questionsRow := strings.TrimRight(strings.Repeat("?,", mi.numFields), ",")
var questionsBuf strings.Builder
var queryArgs []interface{}
for _, row := range mi.values {
fmt.Fprintf(&questionsBuf, "(%s),", questionsRow)
queryArgs = append(queryArgs, row...)
}
questions := strings.TrimRight(questionsBuf.String(), ",")
returning := ""
if mi.retCol != "" {
returning = fmt.Sprintf(" RETURNING %s", mi.retCol)
}
query := fmt.Sprintf("INSERT INTO %s (%s) VALUES %s%s;", mi.table, mi.fields, questions, returning)
return query, queryArgs
}
// Insert performs the action represented by .query() on the provided database,
// which is assumed to already have a context attached. If a non-empty retCol
// was provided, then it returns the list of values from that column returned
// by the query.
func (mi *MultiInserter) Insert(exec Executor) ([]int64, error) {
query, queryArgs := mi.query()
rows, err := exec.Query(query, queryArgs...)
if err != nil {
return nil, err
}
ids := make([]int64, 0, len(mi.values))
if mi.retCol != "" {
for rows.Next() {
var id int64
err = rows.Scan(&id)
if err != nil {
rows.Close()
return nil, err
}
ids = append(ids, id)
}
}
err = rows.Close()
if err != nil {
return nil, err
}
return ids, nil
}

70
db/multi_test.go Normal file
View File

@ -0,0 +1,70 @@
package db
import (
"testing"
"github.com/letsencrypt/boulder/test"
)
func TestNewMulti(t *testing.T) {
_, err := NewMultiInserter("", "colA", "")
test.AssertError(t, err, "Empty table name should fail")
_, err = NewMultiInserter("myTable", "", "")
test.AssertError(t, err, "Empty fields string should fail")
mi, err := NewMultiInserter("myTable", "colA", "")
test.AssertNotError(t, err, "Single-column construction should not fail")
test.AssertEquals(t, mi.numFields, 1)
mi, err = NewMultiInserter("myTable", "colA,colB, colC", "")
test.AssertNotError(t, err, "Multi-column construction should not fail")
test.AssertEquals(t, mi.numFields, 3)
}
func TestMultiAdd(t *testing.T) {
mi, err := NewMultiInserter("table", "a,b,c", "")
test.AssertNotError(t, err, "Failed to create test MultiInserter")
err = mi.Add([]interface{}{})
test.AssertError(t, err, "Adding empty row should fail")
err = mi.Add([]interface{}{"foo"})
test.AssertError(t, err, "Adding short row should fail")
err = mi.Add([]interface{}{"foo", "bar", "baz", "bing", "boom"})
test.AssertError(t, err, "Adding long row should fail")
err = mi.Add([]interface{}{"one", "two", "three"})
test.AssertNotError(t, err, "Adding correct-length row shouldn't fail")
test.AssertEquals(t, len(mi.values), 1)
err = mi.Add([]interface{}{1, "two", map[string]int{"three": 3}})
test.AssertNotError(t, err, "Adding heterogeneous row shouldn't fail")
test.AssertEquals(t, len(mi.values), 2)
// Note that .Add does *not* enforce that each row is of the same types.
}
func TestMultiQuery(t *testing.T) {
mi, err := NewMultiInserter("table", "a,b,c", "")
test.AssertNotError(t, err, "Failed to create test MultiInserter")
err = mi.Add([]interface{}{"one", "two", "three"})
test.AssertNotError(t, err, "Failed to insert test row")
err = mi.Add([]interface{}{"egy", "kettö", "három"})
test.AssertNotError(t, err, "Failed to insert test row")
query, queryArgs := mi.query()
test.AssertEquals(t, query, "INSERT INTO table (a,b,c) VALUES (?,?,?),(?,?,?);")
test.AssertDeepEquals(t, queryArgs, []interface{}{"one", "two", "three", "egy", "kettö", "három"})
mi, err = NewMultiInserter("table", "a,b,c", "id")
test.AssertNotError(t, err, "Failed to create test MultiInserter")
err = mi.Add([]interface{}{"one", "two", "three"})
test.AssertNotError(t, err, "Failed to insert test row")
err = mi.Add([]interface{}{"egy", "kettö", "három"})
test.AssertNotError(t, err, "Failed to insert test row")
query, queryArgs = mi.query()
test.AssertEquals(t, query, "INSERT INTO table (a,b,c) VALUES (?,?,?),(?,?,?) RETURNING id;")
test.AssertDeepEquals(t, queryArgs, []interface{}{"one", "two", "three", "egy", "kettö", "három"})
}

5
features/featureflag_string.go
View File

@ -24,11 +24,12 @@ func _() {
_ = x[RestrictRSAKeySizes-13]
_ = x[FasterNewOrdersRateLimit-14]
_ = x[ECDSAForAll-15]
_ = x[StreamlineOrderAndAuthzs-16]
}
const _FeatureFlag_name = "unusedPrecertificateRevocationStripDefaultSchemePortNonCFSSLSignerStoreIssuerInfoCAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETAllowV1RegistrationV1DisableNewValidationsStoreRevokerInfoRestrictRSAKeySizesFasterNewOrdersRateLimitECDSAForAll"
const _FeatureFlag_name = "unusedPrecertificateRevocationStripDefaultSchemePortNonCFSSLSignerStoreIssuerInfoCAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETAllowV1RegistrationV1DisableNewValidationsStoreRevokerInfoRestrictRSAKeySizesFasterNewOrdersRateLimitECDSAForAllStreamlineOrderAndAuthzs"
var _FeatureFlag_index = [...]uint16{0, 6, 30, 52, 66, 81, 101, 114, 128, 146, 164, 183, 206, 222, 241, 265, 276}
var _FeatureFlag_index = [...]uint16{0, 6, 30, 52, 66, 81, 101, 114, 128, 146, 164, 183, 206, 222, 241, 265, 276, 300}
func (i FeatureFlag) String() string {
if i < 0 || i >= FeatureFlag(len(_FeatureFlag_index)-1) {

4
features/features.go
View File

@ -48,6 +48,9 @@ const (
// ECDSAForAll enables all accounts, regardless of their presence in the CA's
// ecdsaAllowedAccounts config value, to get issuance from ECDSA issuers.
ECDSAForAll
// StreamlineOrderAndAuthzs enables the use of a new SA gRPC method that
// combines creating new Authzs and the new Order into a single operations.
StreamlineOrderAndAuthzs
)
// List of features and their default value, protected by fMu
@ -68,6 +71,7 @@ var features = map[FeatureFlag]bool{
FasterNewOrdersRateLimit: false,
NonCFSSLSigner: false,
ECDSAForAll: false,
StreamlineOrderAndAuthzs: false,
}
var fMu = new(sync.RWMutex)

8
grpc/sa-wrappers.go
View File

@ -101,6 +101,10 @@ func (sas StorageAuthorityClientWrapper) NewOrder(ctx context.Context, request *
return sas.inner.NewOrder(ctx, request)
}
func (sas StorageAuthorityClientWrapper) NewOrderAndAuthzs(ctx context.Context, request *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error) {
return sas.inner.NewOrderAndAuthzs(ctx, request)
}
func (sac StorageAuthorityClientWrapper) SetOrderProcessing(ctx context.Context, req *sapb.OrderRequest) (*emptypb.Empty, error) {
return sac.inner.SetOrderProcessing(ctx, req)
}
@ -261,6 +265,10 @@ func (sas StorageAuthorityServerWrapper) NewOrder(ctx context.Context, request *
return sas.inner.NewOrder(ctx, request)
}
func (sas StorageAuthorityServerWrapper) NewOrderAndAuthzs(ctx context.Context, request *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error) {
return sas.inner.NewOrderAndAuthzs(ctx, request)
}
func (sas StorageAuthorityServerWrapper) SetOrderProcessing(ctx context.Context, req *sapb.OrderRequest) (*emptypb.Empty, error) {
return sas.inner.SetOrderProcessing(ctx, req)
}

5
mocks/mocks.go
View File

@ -421,6 +421,11 @@ func (sa *StorageAuthority) NewOrder(_ context.Context, req *sapb.NewOrderReques
return response, nil
}
// NewOrderAndAuthzs is a mock
func (sa *StorageAuthority) NewOrderAndAuthzs(_ context.Context, req *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error) {
return sa.NewOrder(context.TODO(), req.NewOrder)
}
// SetOrderProcessing is a mock
func (sa *StorageAuthority) SetOrderProcessing(_ context.Context, req *sapb.OrderRequest) (*emptypb.Empty, error) {
return &emptypb.Empty{}, nil

94
ra/ra.go
View File

@ -2020,30 +2020,30 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
return nil, errIncompleteGRPCRequest
}
order := &corepb.Order{
newOrder := &sapb.NewOrderRequest{
RegistrationID: req.RegistrationID,
Names: core.UniqueLowerNames(req.Names),
}
if len(order.Names) > ra.maxNames {
if len(newOrder.Names) > ra.maxNames {
return nil, berrors.MalformedError(
"Order cannot contain more than %d DNS names", ra.maxNames)
}
// Validate that our policy allows issuing for each of the names in the order
if err := ra.checkOrderNames(order.Names); err != nil {
if err := ra.checkOrderNames(newOrder.Names); err != nil {
return nil, err
}
if err := wildcardOverlap(order.Names); err != nil {
if err := wildcardOverlap(newOrder.Names); err != nil {
return nil, err
}
// See if there is an existing unexpired pending (or ready) order that can be reused
// for this account
existingOrder, err := ra.SA.GetOrderForNames(ctx, &sapb.GetOrderForNamesRequest{
AcctID: order.RegistrationID,
Names: order.Names,
AcctID: newOrder.RegistrationID,
Names: newOrder.Names,
})
// If there was an error and it wasn't an acceptable "NotFound" error, return
// immediately
@ -2062,13 +2062,13 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
}
// Check if there is rate limit space for a new order within the current window
if err := ra.checkNewOrdersPerAccountLimit(ctx, order.RegistrationID); err != nil {
if err := ra.checkNewOrdersPerAccountLimit(ctx, newOrder.RegistrationID); err != nil {
return nil, err
}
// Check if there is rate limit space for issuing a certificate for the new
// order's names. If there isn't then it doesn't make sense to allow creating
// an order - it will just fail when finalization checks the same limits.
if err := ra.checkLimits(ctx, order.Names, order.RegistrationID); err != nil {
if err := ra.checkLimits(ctx, newOrder.Names, newOrder.RegistrationID); err != nil {
return nil, err
}
@ -2082,9 +2082,9 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
authzExpiryCutoff := ra.clk.Now().AddDate(0, 0, 1).UnixNano()
getAuthReq := &sapb.GetAuthorizationsRequest{
RegistrationID: order.RegistrationID,
RegistrationID: newOrder.RegistrationID,
Now: authzExpiryCutoff,
Domains: order.Names,
Domains: newOrder.Names,
}
existingAuthz, err := ra.SA.GetAuthorizations2(ctx, getAuthReq)
if err != nil {
@ -2093,7 +2093,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
// Collect up the authorizations we found into a map keyed by the domains the
// authorizations correspond to
nameToExistingAuthz := make(map[string]*corepb.Authorization, len(order.Names))
nameToExistingAuthz := make(map[string]*corepb.Authorization, len(newOrder.Names))
for _, v := range existingAuthz.Authz {
// Don't reuse a valid authorization if the reuseValidAuthz flag is
// disabled.
@ -2107,7 +2107,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
// existing authz, append it to the order to reuse it. Otherwise track
// that there is a missing authz for that name.
var missingAuthzNames []string
for _, name := range order.Names {
for _, name := range newOrder.Names {
// If there isn't an existing authz, note that its missing and continue
if _, exists := nameToExistingAuthz[name]; !exists {
missingAuthzNames = append(missingAuthzNames, name)
@ -2125,7 +2125,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
if err != nil {
return nil, err
}
order.V2Authorizations = append(order.V2Authorizations, authzID)
newOrder.V2Authorizations = append(newOrder.V2Authorizations, authzID)
continue
} else if !strings.HasPrefix(name, "*.") {
// If the identifier isn't a wildcard, we can reuse any authz
@ -2133,7 +2133,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
if err != nil {
return nil, err
}
order.V2Authorizations = append(order.V2Authorizations, authzID)
newOrder.V2Authorizations = append(newOrder.V2Authorizations, authzID)
continue
}
@ -2147,10 +2147,10 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
// If the order isn't fully authorized we need to check that the client has
// rate limit room for more pending authorizations
if len(missingAuthzNames) > 0 {
if err := ra.checkPendingAuthorizationLimit(ctx, order.RegistrationID); err != nil {
if err := ra.checkPendingAuthorizationLimit(ctx, newOrder.RegistrationID); err != nil {
return nil, err
}
if err := ra.checkInvalidAuthorizationLimits(ctx, order.RegistrationID, missingAuthzNames); err != nil {
if err := ra.checkInvalidAuthorizationLimits(ctx, newOrder.RegistrationID, missingAuthzNames); err != nil {
return nil, err
}
}
@ -2159,7 +2159,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
// authorization for each.
var newAuthzs []*corepb.Authorization
for _, name := range missingAuthzNames {
pb, err := ra.createPendingAuthz(ctx, order.RegistrationID, identifier.ACMEIdentifier{
pb, err := ra.createPendingAuthz(ctx, newOrder.RegistrationID, identifier.ACMEIdentifier{
Type: identifier.DNS,
Value: name,
})
@ -2189,42 +2189,43 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
minExpiry = authzExpiry
}
}
// If new authorizations are needed, call AddPendingAuthorizations. Also check
// whether the newly created pending authz's have an expiry lower than minExpiry
// If the newly created pending authz's have an expiry closer than the
// minExpiry the minExpiry is the pending authz expiry.
if len(newAuthzs) > 0 {
req := sapb.AddPendingAuthorizationsRequest{Authz: newAuthzs}
authzIDs, err := ra.SA.NewAuthorizations2(ctx, &req)
if err != nil {
return nil, err
}
if len(authzIDs.Ids) == 0 {
// This should never happen.
return nil, errors.New("received 0 authzIDs after requesting new authzs")
}
order.V2Authorizations = append(order.V2Authorizations, authzIDs.Ids...)
// If the newly created pending authz's have an expiry closer than the
// minExpiry the minExpiry is the pending authz expiry.
newPendingAuthzExpires := ra.clk.Now().Add(ra.pendingAuthorizationLifetime)
if newPendingAuthzExpires.Before(minExpiry) {
minExpiry = newPendingAuthzExpires
}
}
// Note how many names are being requested in this certificate order.
ra.namesPerCert.With(
prometheus.Labels{"type": "requested"},
).Observe(float64(len(order.Names)))
// Set the order's expiry to the minimum expiry. The db doesn't store
// sub-second values, so truncate here.
order.Expires = minExpiry.Truncate(time.Second).UnixNano()
storedOrder, err := ra.SA.NewOrder(ctx, &sapb.NewOrderRequest{
RegistrationID: order.RegistrationID,
Expires: order.Expires,
Names: order.Names,
V2Authorizations: order.V2Authorizations,
})
newOrder.Expires = minExpiry.Truncate(time.Second).UnixNano()
var storedOrder *corepb.Order
if features.Enabled(features.StreamlineOrderAndAuthzs) {
newOrderAndAuthzsReq := &sapb.NewOrderAndAuthzsRequest{
NewOrder: newOrder,
NewAuthzs: newAuthzs,
}
storedOrder, err = ra.SA.NewOrderAndAuthzs(ctx, newOrderAndAuthzsReq)
} else {
// If new authorizations are needed, call AddPendingAuthorizations. Also check
// whether the newly created pending authz's have an expiry lower than minExpiry
if len(newAuthzs) > 0 {
req := sapb.AddPendingAuthorizationsRequest{Authz: newAuthzs}
authzIDs, err := ra.SA.NewAuthorizations2(ctx, &req)
if err != nil {
return nil, err
}
if len(authzIDs.Ids) == 0 {
// This should never happen.
return nil, errors.New("received 0 authzIDs after requesting new authzs")
}
newOrder.V2Authorizations = append(newOrder.V2Authorizations, authzIDs.Ids...)
}
storedOrder, err = ra.SA.NewOrder(ctx, newOrder)
}
if err != nil {
return nil, err
}
@ -2232,6 +2233,9 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
return nil, errIncompleteGRPCResponse
}
// Note how many names are being requested in this certificate order.
ra.namesPerCert.With(prometheus.Labels{"type": "requested"}).Observe(float64(len(storedOrder.Names)))
return storedOrder, nil
}

112
ra/ra_test.go
View File

@ -2138,64 +2138,68 @@ func TestRecheckCAAInternalServerError(t *testing.T) {
}
func TestNewOrder(t *testing.T) {
_, _, ra, fc, cleanUp := initAuthorities(t)
defer cleanUp()
ra.orderLifetime = time.Hour
for _, enabled := range []bool{false, true} {
_, _, ra, fc, cleanUp := initAuthorities(t)
defer cleanUp()
_ = features.Set(map[string]bool{features.StreamlineOrderAndAuthzs.String(): enabled})
defer features.Reset()
ra.orderLifetime = time.Hour
orderA, err := ra.NewOrder(context.Background(), &rapb.NewOrderRequest{
RegistrationID: Registration.Id,
Names: []string{"b.com", "a.com", "a.com", "C.COM"},
})
test.AssertNotError(t, err, "ra.NewOrder failed")
test.AssertEquals(t, orderA.RegistrationID, int64(1))
test.AssertEquals(t, orderA.Expires, fc.Now().Add(time.Hour).UnixNano())
test.AssertEquals(t, len(orderA.Names), 3)
// We expect the order names to have been sorted, deduped, and lowercased
test.AssertDeepEquals(t, orderA.Names, []string{"a.com", "b.com", "c.com"})
test.AssertEquals(t, orderA.Id, int64(1))
test.AssertEquals(t, numAuthorizations(orderA), 3)
orderA, err := ra.NewOrder(context.Background(), &rapb.NewOrderRequest{
RegistrationID: Registration.Id,
Names: []string{"b.com", "a.com", "a.com", "C.COM"},
})
test.AssertNotError(t, err, "ra.NewOrder failed")
test.AssertEquals(t, orderA.RegistrationID, int64(1))
test.AssertEquals(t, orderA.Expires, fc.Now().Add(time.Hour).UnixNano())
test.AssertEquals(t, len(orderA.Names), 3)
// We expect the order names to have been sorted, deduped, and lowercased
test.AssertDeepEquals(t, orderA.Names, []string{"a.com", "b.com", "c.com"})
test.AssertEquals(t, orderA.Id, int64(1))
test.AssertEquals(t, numAuthorizations(orderA), 3)
// Reuse all existing authorizations
orderB, err := ra.NewOrder(context.Background(), &rapb.NewOrderRequest{
RegistrationID: Registration.Id,
Names: []string{"b.com", "a.com", "C.COM"},
})
test.AssertNotError(t, err, "ra.NewOrder failed")
test.AssertEquals(t, orderB.RegistrationID, int64(1))
test.AssertEquals(t, orderB.Expires, fc.Now().Add(time.Hour).UnixNano())
// We expect orderB's ID to match orderA's because of pending order reuse
test.AssertEquals(t, orderB.Id, orderA.Id)
test.AssertEquals(t, len(orderB.Names), 3)
test.AssertDeepEquals(t, orderB.Names, []string{"a.com", "b.com", "c.com"})
test.AssertEquals(t, numAuthorizations(orderB), 3)
test.AssertDeepEquals(t, orderB.V2Authorizations, orderA.V2Authorizations)
// Reuse all existing authorizations
orderB, err := ra.NewOrder(context.Background(), &rapb.NewOrderRequest{
RegistrationID: Registration.Id,
Names: []string{"b.com", "a.com", "C.COM"},
})
test.AssertNotError(t, err, "ra.NewOrder failed")
test.AssertEquals(t, orderB.RegistrationID, int64(1))
test.AssertEquals(t, orderB.Expires, fc.Now().Add(time.Hour).UnixNano())
// We expect orderB's ID to match orderA's because of pending order reuse
test.AssertEquals(t, orderB.Id, orderA.Id)
test.AssertEquals(t, len(orderB.Names), 3)
test.AssertDeepEquals(t, orderB.Names, []string{"a.com", "b.com", "c.com"})
test.AssertEquals(t, numAuthorizations(orderB), 3)
test.AssertDeepEquals(t, orderB.V2Authorizations, orderA.V2Authorizations)
// Reuse all of the existing authorizations from the previous order and
// add a new one
orderA.Names = append(orderA.Names, "d.com")
orderC, err := ra.NewOrder(context.Background(), &rapb.NewOrderRequest{
RegistrationID: Registration.Id,
Names: orderA.Names,
})
test.AssertNotError(t, err, "ra.NewOrder failed")
test.AssertEquals(t, orderC.RegistrationID, int64(1))
test.AssertEquals(t, orderC.Expires, fc.Now().Add(time.Hour).UnixNano())
test.AssertEquals(t, len(orderC.Names), 4)
test.AssertDeepEquals(t, orderC.Names, []string{"a.com", "b.com", "c.com", "d.com"})
// We expect orderC's ID to not match orderA/orderB's because it is for
// a different set of names
test.AssertNotEquals(t, orderC.Id, orderA.Id)
test.AssertEquals(t, numAuthorizations(orderC), 4)
// Abuse the order of the queries used to extract the reused authorizations
existing := orderC.V2Authorizations[:3]
test.AssertDeepEquals(t, existing, orderA.V2Authorizations)
// Reuse all of the existing authorizations from the previous order and
// add a new one
orderA.Names = append(orderA.Names, "d.com")
orderC, err := ra.NewOrder(context.Background(), &rapb.NewOrderRequest{
RegistrationID: Registration.Id,
Names: orderA.Names,
})
test.AssertNotError(t, err, "ra.NewOrder failed")
test.AssertEquals(t, orderC.RegistrationID, int64(1))
test.AssertEquals(t, orderC.Expires, fc.Now().Add(time.Hour).UnixNano())
test.AssertEquals(t, len(orderC.Names), 4)
test.AssertDeepEquals(t, orderC.Names, []string{"a.com", "b.com", "c.com", "d.com"})
// We expect orderC's ID to not match orderA/orderB's because it is for
// a different set of names
test.AssertNotEquals(t, orderC.Id, orderA.Id)
test.AssertEquals(t, numAuthorizations(orderC), 4)
// Abuse the order of the queries used to extract the reused authorizations
existing := orderC.V2Authorizations[:3]
test.AssertDeepEquals(t, existing, orderA.V2Authorizations)
_, err = ra.NewOrder(context.Background(), &rapb.NewOrderRequest{
RegistrationID: Registration.Id,
Names: []string{"a"},
})
test.AssertError(t, err, "NewOrder with invalid names did not error")
test.AssertEquals(t, err.Error(), "Cannot issue for \"a\": Domain name needs at least one dot")
_, err = ra.NewOrder(context.Background(), &rapb.NewOrderRequest{
RegistrationID: Registration.Id,
Names: []string{"a"},
})
test.AssertError(t, err, "NewOrder with invalid names did not error")
test.AssertEquals(t, err.Error(), "Cannot issue for \"a\": Domain name needs at least one dot")
}
}
// TestNewOrderLegacyAuthzReuse tests that a legacy acme v1 authorization from

532
sa/proto/sa.pb.go
View File

@ -1294,6 +1294,61 @@ func (x *NewOrderRequest) GetV2Authorizations() []int64 {
return nil
}
type NewOrderAndAuthzsRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
NewOrder *NewOrderRequest `protobuf:"bytes,1,opt,name=newOrder,proto3" json:"newOrder,omitempty"`
NewAuthzs []*proto.Authorization `protobuf:"bytes,2,rep,name=newAuthzs,proto3" json:"newAuthzs,omitempty"`
}
func (x *NewOrderAndAuthzsRequest) Reset() {
*x = NewOrderAndAuthzsRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[23]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *NewOrderAndAuthzsRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*NewOrderAndAuthzsRequest) ProtoMessage() {}
func (x *NewOrderAndAuthzsRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[23]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use NewOrderAndAuthzsRequest.ProtoReflect.Descriptor instead.
func (*NewOrderAndAuthzsRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{23}
}
func (x *NewOrderAndAuthzsRequest) GetNewOrder() *NewOrderRequest {
if x != nil {
return x.NewOrder
}
return nil
}
func (x *NewOrderAndAuthzsRequest) GetNewAuthzs() []*proto.Authorization {
if x != nil {
return x.NewAuthzs
}
return nil
}
type SetOrderErrorRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@ -1306,7 +1361,7 @@ type SetOrderErrorRequest struct {
func (x *SetOrderErrorRequest) Reset() {
*x = SetOrderErrorRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[23]
mi := &file_sa_proto_msgTypes[24]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1319,7 +1374,7 @@ func (x *SetOrderErrorRequest) String() string {
func (*SetOrderErrorRequest) ProtoMessage() {}
func (x *SetOrderErrorRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[23]
mi := &file_sa_proto_msgTypes[24]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1332,7 +1387,7 @@ func (x *SetOrderErrorRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use SetOrderErrorRequest.ProtoReflect.Descriptor instead.
func (*SetOrderErrorRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{23}
return file_sa_proto_rawDescGZIP(), []int{24}
}
func (x *SetOrderErrorRequest) GetId() int64 {
@ -1361,7 +1416,7 @@ type GetValidOrderAuthorizationsRequest struct {
func (x *GetValidOrderAuthorizationsRequest) Reset() {
*x = GetValidOrderAuthorizationsRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[24]
mi := &file_sa_proto_msgTypes[25]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1374,7 +1429,7 @@ func (x *GetValidOrderAuthorizationsRequest) String() string {
func (*GetValidOrderAuthorizationsRequest) ProtoMessage() {}
func (x *GetValidOrderAuthorizationsRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[24]
mi := &file_sa_proto_msgTypes[25]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1387,7 +1442,7 @@ func (x *GetValidOrderAuthorizationsRequest) ProtoReflect() protoreflect.Message
// Deprecated: Use GetValidOrderAuthorizationsRequest.ProtoReflect.Descriptor instead.
func (*GetValidOrderAuthorizationsRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{24}
return file_sa_proto_rawDescGZIP(), []int{25}
}
func (x *GetValidOrderAuthorizationsRequest) GetId() int64 {
@ -1416,7 +1471,7 @@ type GetOrderForNamesRequest struct {
func (x *GetOrderForNamesRequest) Reset() {
*x = GetOrderForNamesRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[25]
mi := &file_sa_proto_msgTypes[26]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1429,7 +1484,7 @@ func (x *GetOrderForNamesRequest) String() string {
func (*GetOrderForNamesRequest) ProtoMessage() {}
func (x *GetOrderForNamesRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[25]
mi := &file_sa_proto_msgTypes[26]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1442,7 +1497,7 @@ func (x *GetOrderForNamesRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetOrderForNamesRequest.ProtoReflect.Descriptor instead.
func (*GetOrderForNamesRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{25}
return file_sa_proto_rawDescGZIP(), []int{26}
}
func (x *GetOrderForNamesRequest) GetAcctID() int64 {
@ -1471,7 +1526,7 @@ type FinalizeOrderRequest struct {
func (x *FinalizeOrderRequest) Reset() {
*x = FinalizeOrderRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[26]
mi := &file_sa_proto_msgTypes[27]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1484,7 +1539,7 @@ func (x *FinalizeOrderRequest) String() string {
func (*FinalizeOrderRequest) ProtoMessage() {}
func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[26]
mi := &file_sa_proto_msgTypes[27]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1497,7 +1552,7 @@ func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use FinalizeOrderRequest.ProtoReflect.Descriptor instead.
func (*FinalizeOrderRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{26}
return file_sa_proto_rawDescGZIP(), []int{27}
}
func (x *FinalizeOrderRequest) GetId() int64 {
@ -1527,7 +1582,7 @@ type GetAuthorizationsRequest struct {
func (x *GetAuthorizationsRequest) Reset() {
*x = GetAuthorizationsRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[27]
mi := &file_sa_proto_msgTypes[28]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1540,7 +1595,7 @@ func (x *GetAuthorizationsRequest) String() string {
func (*GetAuthorizationsRequest) ProtoMessage() {}
func (x *GetAuthorizationsRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[27]
mi := &file_sa_proto_msgTypes[28]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1553,7 +1608,7 @@ func (x *GetAuthorizationsRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetAuthorizationsRequest.ProtoReflect.Descriptor instead.
func (*GetAuthorizationsRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{27}
return file_sa_proto_rawDescGZIP(), []int{28}
}
func (x *GetAuthorizationsRequest) GetRegistrationID() int64 {
@ -1588,7 +1643,7 @@ type Authorizations struct {
func (x *Authorizations) Reset() {
*x = Authorizations{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[28]
mi := &file_sa_proto_msgTypes[29]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1601,7 +1656,7 @@ func (x *Authorizations) String() string {
func (*Authorizations) ProtoMessage() {}
func (x *Authorizations) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[28]
mi := &file_sa_proto_msgTypes[29]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1614,7 +1669,7 @@ func (x *Authorizations) ProtoReflect() protoreflect.Message {
// Deprecated: Use Authorizations.ProtoReflect.Descriptor instead.
func (*Authorizations) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{28}
return file_sa_proto_rawDescGZIP(), []int{29}
}
func (x *Authorizations) GetAuthz() []*Authorizations_MapElement {
@ -1635,7 +1690,7 @@ type AddPendingAuthorizationsRequest struct {
func (x *AddPendingAuthorizationsRequest) Reset() {
*x = AddPendingAuthorizationsRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[29]
mi := &file_sa_proto_msgTypes[30]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1648,7 +1703,7 @@ func (x *AddPendingAuthorizationsRequest) String() string {
func (*AddPendingAuthorizationsRequest) ProtoMessage() {}
func (x *AddPendingAuthorizationsRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[29]
mi := &file_sa_proto_msgTypes[30]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1661,7 +1716,7 @@ func (x *AddPendingAuthorizationsRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use AddPendingAuthorizationsRequest.ProtoReflect.Descriptor instead.
func (*AddPendingAuthorizationsRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{29}
return file_sa_proto_rawDescGZIP(), []int{30}
}
func (x *AddPendingAuthorizationsRequest) GetAuthz() []*proto.Authorization {
@ -1682,7 +1737,7 @@ type AuthorizationIDs struct {
func (x *AuthorizationIDs) Reset() {
*x = AuthorizationIDs{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[30]
mi := &file_sa_proto_msgTypes[31]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1695,7 +1750,7 @@ func (x *AuthorizationIDs) String() string {
func (*AuthorizationIDs) ProtoMessage() {}
func (x *AuthorizationIDs) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[30]
mi := &file_sa_proto_msgTypes[31]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1708,7 +1763,7 @@ func (x *AuthorizationIDs) ProtoReflect() protoreflect.Message {
// Deprecated: Use AuthorizationIDs.ProtoReflect.Descriptor instead.
func (*AuthorizationIDs) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{30}
return file_sa_proto_rawDescGZIP(), []int{31}
}
func (x *AuthorizationIDs) GetIds() []string {
@ -1729,7 +1784,7 @@ type AuthorizationID2 struct {
func (x *AuthorizationID2) Reset() {
*x = AuthorizationID2{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[31]
mi := &file_sa_proto_msgTypes[32]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1742,7 +1797,7 @@ func (x *AuthorizationID2) String() string {
func (*AuthorizationID2) ProtoMessage() {}
func (x *AuthorizationID2) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[31]
mi := &file_sa_proto_msgTypes[32]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1755,7 +1810,7 @@ func (x *AuthorizationID2) ProtoReflect() protoreflect.Message {
// Deprecated: Use AuthorizationID2.ProtoReflect.Descriptor instead.
func (*AuthorizationID2) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{31}
return file_sa_proto_rawDescGZIP(), []int{32}
}
func (x *AuthorizationID2) GetId() int64 {
@ -1776,7 +1831,7 @@ type Authorization2IDs struct {
func (x *Authorization2IDs) Reset() {
*x = Authorization2IDs{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[32]
mi := &file_sa_proto_msgTypes[33]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1789,7 +1844,7 @@ func (x *Authorization2IDs) String() string {
func (*Authorization2IDs) ProtoMessage() {}
func (x *Authorization2IDs) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[32]
mi := &file_sa_proto_msgTypes[33]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1802,7 +1857,7 @@ func (x *Authorization2IDs) ProtoReflect() protoreflect.Message {
// Deprecated: Use Authorization2IDs.ProtoReflect.Descriptor instead.
func (*Authorization2IDs) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{32}
return file_sa_proto_rawDescGZIP(), []int{33}
}
func (x *Authorization2IDs) GetIds() []int64 {
@ -1826,7 +1881,7 @@ type RevokeCertificateRequest struct {
func (x *RevokeCertificateRequest) Reset() {
*x = RevokeCertificateRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[33]
mi := &file_sa_proto_msgTypes[34]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1839,7 +1894,7 @@ func (x *RevokeCertificateRequest) String() string {
func (*RevokeCertificateRequest) ProtoMessage() {}
func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[33]
mi := &file_sa_proto_msgTypes[34]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1852,7 +1907,7 @@ func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use RevokeCertificateRequest.ProtoReflect.Descriptor instead.
func (*RevokeCertificateRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{33}
return file_sa_proto_rawDescGZIP(), []int{34}
}
func (x *RevokeCertificateRequest) GetSerial() string {
@ -1900,7 +1955,7 @@ type FinalizeAuthorizationRequest struct {
func (x *FinalizeAuthorizationRequest) Reset() {
*x = FinalizeAuthorizationRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[34]
mi := &file_sa_proto_msgTypes[35]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1913,7 +1968,7 @@ func (x *FinalizeAuthorizationRequest) String() string {
func (*FinalizeAuthorizationRequest) ProtoMessage() {}
func (x *FinalizeAuthorizationRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[34]
mi := &file_sa_proto_msgTypes[35]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1926,7 +1981,7 @@ func (x *FinalizeAuthorizationRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use FinalizeAuthorizationRequest.ProtoReflect.Descriptor instead.
func (*FinalizeAuthorizationRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{34}
return file_sa_proto_rawDescGZIP(), []int{35}
}
func (x *FinalizeAuthorizationRequest) GetId() int64 {
@ -1993,7 +2048,7 @@ type AddBlockedKeyRequest struct {
func (x *AddBlockedKeyRequest) Reset() {
*x = AddBlockedKeyRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[35]
mi := &file_sa_proto_msgTypes[36]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -2006,7 +2061,7 @@ func (x *AddBlockedKeyRequest) String() string {
func (*AddBlockedKeyRequest) ProtoMessage() {}
func (x *AddBlockedKeyRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[35]
mi := &file_sa_proto_msgTypes[36]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -2019,7 +2074,7 @@ func (x *AddBlockedKeyRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use AddBlockedKeyRequest.ProtoReflect.Descriptor instead.
func (*AddBlockedKeyRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{35}
return file_sa_proto_rawDescGZIP(), []int{36}
}
func (x *AddBlockedKeyRequest) GetKeyHash() []byte {
@ -2068,7 +2123,7 @@ type KeyBlockedRequest struct {
func (x *KeyBlockedRequest) Reset() {
*x = KeyBlockedRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[36]
mi := &file_sa_proto_msgTypes[37]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -2081,7 +2136,7 @@ func (x *KeyBlockedRequest) String() string {
func (*KeyBlockedRequest) ProtoMessage() {}
func (x *KeyBlockedRequest) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[36]
mi := &file_sa_proto_msgTypes[37]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -2094,7 +2149,7 @@ func (x *KeyBlockedRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use KeyBlockedRequest.ProtoReflect.Descriptor instead.
func (*KeyBlockedRequest) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{36}
return file_sa_proto_rawDescGZIP(), []int{37}
}
func (x *KeyBlockedRequest) GetKeyHash() []byte {
@ -2116,7 +2171,7 @@ type ValidAuthorizations_MapElement struct {
func (x *ValidAuthorizations_MapElement) Reset() {
*x = ValidAuthorizations_MapElement{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[37]
mi := &file_sa_proto_msgTypes[38]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -2129,7 +2184,7 @@ func (x *ValidAuthorizations_MapElement) String() string {
func (*ValidAuthorizations_MapElement) ProtoMessage() {}
func (x *ValidAuthorizations_MapElement) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[37]
mi := &file_sa_proto_msgTypes[38]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -2171,7 +2226,7 @@ type Authorizations_MapElement struct {
func (x *Authorizations_MapElement) Reset() {
*x = Authorizations_MapElement{}
if protoimpl.UnsafeEnabled {
mi := &file_sa_proto_msgTypes[39]
mi := &file_sa_proto_msgTypes[40]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -2184,7 +2239,7 @@ func (x *Authorizations_MapElement) String() string {
func (*Authorizations_MapElement) ProtoMessage() {}
func (x *Authorizations_MapElement) ProtoReflect() protoreflect.Message {
mi := &file_sa_proto_msgTypes[39]
mi := &file_sa_proto_msgTypes[40]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -2197,7 +2252,7 @@ func (x *Authorizations_MapElement) ProtoReflect() protoreflect.Message {
// Deprecated: Use Authorizations_MapElement.ProtoReflect.Descriptor instead.
func (*Authorizations_MapElement) Descriptor() ([]byte, []int) {
return file_sa_proto_rawDescGZIP(), []int{28, 0}
return file_sa_proto_rawDescGZIP(), []int{29, 0}
}
func (x *Authorizations_MapElement) GetDomain() string {
@ -2343,6 +2398,14 @@ var file_sa_proto_rawDesc = []byte{
0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f,
0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x03, 0x52,
0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x22, 0x7e, 0x0a, 0x18, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64,
0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2f, 0x0a,
0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
0x13, 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x52, 0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x31,
0x0a, 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a,
0x73, 0x22, 0x52, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72,
0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18,
0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72,
@ -2430,7 +2493,7 @@ var file_sa_proto_rawDesc = []byte{
0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x22, 0x2d, 0x0a, 0x11, 0x4b, 0x65, 0x79, 0x42,
0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a,
0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07,
0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x32, 0x80, 0x14, 0x0a, 0x10, 0x53, 0x74, 0x6f, 0x72,
0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x32, 0xc2, 0x14, 0x0a, 0x10, 0x53, 0x74, 0x6f, 0x72,
0x61, 0x67, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3b, 0x0a, 0x0f,
0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
@ -2546,54 +2609,58 @@ var file_sa_proto_rawDesc = []byte{
0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x2e, 0x0a, 0x08, 0x4e, 0x65, 0x77,
0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x13, 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72,
0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72,
0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x12, 0x53, 0x65, 0x74,
0x4f, 0x72, 0x64, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12,
0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x11, 0x4e, 0x65, 0x77,
0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x12, 0x1c,
0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41,
0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63,
0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x12, 0x53,
0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e,
0x67, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a,
0x0d, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18,
0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f,
0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79,
0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72,
0x64, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a,
0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e,
0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x08, 0x47, 0x65, 0x74, 0x4f, 0x72,
0x64, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64,
0x65, 0x72, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72,
0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65,
0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64,
0x65, 0x72, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x11, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65,
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52,
0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22,
0x00, 0x12, 0x52, 0x0a, 0x12, 0x4e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x23, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64,
0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x73,
0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32,
0x49, 0x44, 0x73, 0x22, 0x00, 0x12, 0x54, 0x0a, 0x16, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a,
0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12,
0x20, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74,
0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x53,
0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18, 0x2e, 0x73,
0x61, 0x2e, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00,
0x12, 0x43, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65,
0x72, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f,
0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f,
0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d,
0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x08, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65,
0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72,
0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f,
0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x4f,
0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72,
0x22, 0x00, 0x12, 0x4b, 0x0a, 0x11, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76,
0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12,
0x52, 0x0a, 0x12, 0x4e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x23, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x50, 0x65,
0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x73, 0x61, 0x2e,
0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x49, 0x44,
0x73, 0x22, 0x00, 0x12, 0x54, 0x0a, 0x16, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41,
0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x20, 0x2e,
0x73, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f,
0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x4a, 0x0a, 0x18, 0x44, 0x65, 0x61,
0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f,
0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x16, 0x2e, 0x67, 0x6f,
0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d,
0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x41, 0x64, 0x64, 0x42, 0x6c, 0x6f, 0x63,
0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x42,
0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69,
0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63,
0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x73, 0x61, 0x2f,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x4a, 0x0a, 0x18, 0x44,
0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74,
0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x16, 0x2e,
0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x41, 0x64, 0x64, 0x42, 0x6c,
0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64,
0x64, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27,
0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65,
0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x73,
0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@ -2608,7 +2675,7 @@ func file_sa_proto_rawDescGZIP() []byte {
return file_sa_proto_rawDescData
}
var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 40)
var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 41)
var file_sa_proto_goTypes = []interface{}{
(*RegistrationID)(nil), // 0: sa.RegistrationID
(*JSONWebKey)(nil), // 1: sa.JSONWebKey
@ -2633,125 +2700,130 @@ var file_sa_proto_goTypes = []interface{}{
(*AddCertificateResponse)(nil), // 20: sa.AddCertificateResponse
(*OrderRequest)(nil), // 21: sa.OrderRequest
(*NewOrderRequest)(nil), // 22: sa.NewOrderRequest
(*SetOrderErrorRequest)(nil), // 23: sa.SetOrderErrorRequest
(*GetValidOrderAuthorizationsRequest)(nil), // 24: sa.GetValidOrderAuthorizationsRequest
(*GetOrderForNamesRequest)(nil), // 25: sa.GetOrderForNamesRequest
(*FinalizeOrderRequest)(nil), // 26: sa.FinalizeOrderRequest
(*GetAuthorizationsRequest)(nil), // 27: sa.GetAuthorizationsRequest
(*Authorizations)(nil), // 28: sa.Authorizations
(*AddPendingAuthorizationsRequest)(nil), // 29: sa.AddPendingAuthorizationsRequest
(*AuthorizationIDs)(nil), // 30: sa.AuthorizationIDs
(*AuthorizationID2)(nil), // 31: sa.AuthorizationID2
(*Authorization2IDs)(nil), // 32: sa.Authorization2IDs
(*RevokeCertificateRequest)(nil), // 33: sa.RevokeCertificateRequest
(*FinalizeAuthorizationRequest)(nil), // 34: sa.FinalizeAuthorizationRequest
(*AddBlockedKeyRequest)(nil), // 35: sa.AddBlockedKeyRequest
(*KeyBlockedRequest)(nil), // 36: sa.KeyBlockedRequest
(*ValidAuthorizations_MapElement)(nil), // 37: sa.ValidAuthorizations.MapElement
nil, // 38: sa.CountByNames.CountsEntry
(*Authorizations_MapElement)(nil), // 39: sa.Authorizations.MapElement
(*proto.ProblemDetails)(nil), // 40: core.ProblemDetails
(*NewOrderAndAuthzsRequest)(nil), // 23: sa.NewOrderAndAuthzsRequest
(*SetOrderErrorRequest)(nil), // 24: sa.SetOrderErrorRequest
(*GetValidOrderAuthorizationsRequest)(nil), // 25: sa.GetValidOrderAuthorizationsRequest
(*GetOrderForNamesRequest)(nil), // 26: sa.GetOrderForNamesRequest
(*FinalizeOrderRequest)(nil), // 27: sa.FinalizeOrderRequest
(*GetAuthorizationsRequest)(nil), // 28: sa.GetAuthorizationsRequest
(*Authorizations)(nil), // 29: sa.Authorizations
(*AddPendingAuthorizationsRequest)(nil), // 30: sa.AddPendingAuthorizationsRequest
(*AuthorizationIDs)(nil), // 31: sa.AuthorizationIDs
(*AuthorizationID2)(nil), // 32: sa.AuthorizationID2
(*Authorization2IDs)(nil), // 33: sa.Authorization2IDs
(*RevokeCertificateRequest)(nil), // 34: sa.RevokeCertificateRequest
(*FinalizeAuthorizationRequest)(nil), // 35: sa.FinalizeAuthorizationRequest
(*AddBlockedKeyRequest)(nil), // 36: sa.AddBlockedKeyRequest
(*KeyBlockedRequest)(nil), // 37: sa.KeyBlockedRequest
(*ValidAuthorizations_MapElement)(nil), // 38: sa.ValidAuthorizations.MapElement
nil, // 39: sa.CountByNames.CountsEntry
(*Authorizations_MapElement)(nil), // 40: sa.Authorizations.MapElement
(*proto.Authorization)(nil), // 41: core.Authorization
(*proto.ValidationRecord)(nil), // 42: core.ValidationRecord
(*proto.Registration)(nil), // 43: core.Registration
(*proto.Certificate)(nil), // 44: core.Certificate
(*proto.CertificateStatus)(nil), // 45: core.CertificateStatus
(*emptypb.Empty)(nil), // 46: google.protobuf.Empty
(*proto.Order)(nil), // 47: core.Order
(*proto.ProblemDetails)(nil), // 42: core.ProblemDetails
(*proto.ValidationRecord)(nil), // 43: core.ValidationRecord
(*proto.Registration)(nil), // 44: core.Registration
(*proto.Certificate)(nil), // 45: core.Certificate
(*proto.CertificateStatus)(nil), // 46: core.CertificateStatus
(*emptypb.Empty)(nil), // 47: google.protobuf.Empty
(*proto.Order)(nil), // 48: core.Order
}
var file_sa_proto_depIdxs = []int32{
37, // 0: sa.ValidAuthorizations.valid:type_name -> sa.ValidAuthorizations.MapElement
38, // 0: sa.ValidAuthorizations.valid:type_name -> sa.ValidAuthorizations.MapElement
7, // 1: sa.CountCertificatesByNamesRequest.range:type_name -> sa.Range
38, // 2: sa.CountByNames.counts:type_name -> sa.CountByNames.CountsEntry
39, // 2: sa.CountByNames.counts:type_name -> sa.CountByNames.CountsEntry
7, // 3: sa.CountRegistrationsByIPRequest.range:type_name -> sa.Range
7, // 4: sa.CountInvalidAuthorizationsRequest.range:type_name -> sa.Range
7, // 5: sa.CountOrdersRequest.range:type_name -> sa.Range
40, // 6: sa.SetOrderErrorRequest.error:type_name -> core.ProblemDetails
39, // 7: sa.Authorizations.authz:type_name -> sa.Authorizations.MapElement
41, // 8: sa.AddPendingAuthorizationsRequest.authz:type_name -> core.Authorization
42, // 9: sa.FinalizeAuthorizationRequest.validationRecords:type_name -> core.ValidationRecord
40, // 10: sa.FinalizeAuthorizationRequest.validationError:type_name -> core.ProblemDetails
41, // 11: sa.ValidAuthorizations.MapElement.authz:type_name -> core.Authorization
41, // 12: sa.Authorizations.MapElement.authz:type_name -> core.Authorization
0, // 13: sa.StorageAuthority.GetRegistration:input_type -> sa.RegistrationID
1, // 14: sa.StorageAuthority.GetRegistrationByKey:input_type -> sa.JSONWebKey
6, // 15: sa.StorageAuthority.GetCertificate:input_type -> sa.Serial
6, // 16: sa.StorageAuthority.GetPrecertificate:input_type -> sa.Serial
6, // 17: sa.StorageAuthority.GetCertificateStatus:input_type -> sa.Serial
9, // 18: sa.StorageAuthority.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest
11, // 19: sa.StorageAuthority.CountRegistrationsByIP:input_type -> sa.CountRegistrationsByIPRequest
11, // 20: sa.StorageAuthority.CountRegistrationsByIPRange:input_type -> sa.CountRegistrationsByIPRequest
13, // 21: sa.StorageAuthority.CountOrders:input_type -> sa.CountOrdersRequest
14, // 22: sa.StorageAuthority.CountFQDNSets:input_type -> sa.CountFQDNSetsRequest
15, // 23: sa.StorageAuthority.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest
16, // 24: sa.StorageAuthority.PreviousCertificateExists:input_type -> sa.PreviousCertificateExistsRequest
31, // 25: sa.StorageAuthority.GetAuthorization2:input_type -> sa.AuthorizationID2
27, // 26: sa.StorageAuthority.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest
3, // 27: sa.StorageAuthority.GetPendingAuthorization2:input_type -> sa.GetPendingAuthorizationRequest
0, // 28: sa.StorageAuthority.CountPendingAuthorizations2:input_type -> sa.RegistrationID
24, // 29: sa.StorageAuthority.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest
12, // 30: sa.StorageAuthority.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest
4, // 31: sa.StorageAuthority.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest
36, // 32: sa.StorageAuthority.KeyBlocked:input_type -> sa.KeyBlockedRequest
43, // 33: sa.StorageAuthority.NewRegistration:input_type -> core.Registration
43, // 34: sa.StorageAuthority.UpdateRegistration:input_type -> core.Registration
19, // 35: sa.StorageAuthority.AddCertificate:input_type -> sa.AddCertificateRequest
19, // 36: sa.StorageAuthority.AddPrecertificate:input_type -> sa.AddCertificateRequest
18, // 37: sa.StorageAuthority.AddSerial:input_type -> sa.AddSerialRequest
0, // 38: sa.StorageAuthority.DeactivateRegistration:input_type -> sa.RegistrationID
22, // 39: sa.StorageAuthority.NewOrder:input_type -> sa.NewOrderRequest
21, // 40: sa.StorageAuthority.SetOrderProcessing:input_type -> sa.OrderRequest
23, // 41: sa.StorageAuthority.SetOrderError:input_type -> sa.SetOrderErrorRequest
26, // 42: sa.StorageAuthority.FinalizeOrder:input_type -> sa.FinalizeOrderRequest
21, // 43: sa.StorageAuthority.GetOrder:input_type -> sa.OrderRequest
25, // 44: sa.StorageAuthority.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest
33, // 45: sa.StorageAuthority.RevokeCertificate:input_type -> sa.RevokeCertificateRequest
29, // 46: sa.StorageAuthority.NewAuthorizations2:input_type -> sa.AddPendingAuthorizationsRequest
34, // 47: sa.StorageAuthority.FinalizeAuthorization2:input_type -> sa.FinalizeAuthorizationRequest
31, // 48: sa.StorageAuthority.DeactivateAuthorization2:input_type -> sa.AuthorizationID2
35, // 49: sa.StorageAuthority.AddBlockedKey:input_type -> sa.AddBlockedKeyRequest
43, // 50: sa.StorageAuthority.GetRegistration:output_type -> core.Registration
43, // 51: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration
44, // 52: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate
44, // 53: sa.StorageAuthority.GetPrecertificate:output_type -> core.Certificate
45, // 54: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus
10, // 55: sa.StorageAuthority.CountCertificatesByNames:output_type -> sa.CountByNames
8, // 56: sa.StorageAuthority.CountRegistrationsByIP:output_type -> sa.Count
8, // 57: sa.StorageAuthority.CountRegistrationsByIPRange:output_type -> sa.Count
8, // 58: sa.StorageAuthority.CountOrders:output_type -> sa.Count
8, // 59: sa.StorageAuthority.CountFQDNSets:output_type -> sa.Count
17, // 60: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists
17, // 61: sa.StorageAuthority.PreviousCertificateExists:output_type -> sa.Exists
41, // 62: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization
28, // 63: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations
41, // 64: sa.StorageAuthority.GetPendingAuthorization2:output_type -> core.Authorization
8, // 65: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count
28, // 66: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations
8, // 67: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count
28, // 68: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations
17, // 69: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists
43, // 70: sa.StorageAuthority.NewRegistration:output_type -> core.Registration
46, // 71: sa.StorageAuthority.UpdateRegistration:output_type -> google.protobuf.Empty
20, // 72: sa.StorageAuthority.AddCertificate:output_type -> sa.AddCertificateResponse
46, // 73: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty
46, // 74: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty
46, // 75: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty
47, // 76: sa.StorageAuthority.NewOrder:output_type -> core.Order
46, // 77: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty
46, // 78: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty
46, // 79: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty
47, // 80: sa.StorageAuthority.GetOrder:output_type -> core.Order
47, // 81: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order
46, // 82: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty
32, // 83: sa.StorageAuthority.NewAuthorizations2:output_type -> sa.Authorization2IDs
46, // 84: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty
46, // 85: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty
46, // 86: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty
50, // [50:87] is the sub-list for method output_type
13, // [13:50] is the sub-list for method input_type
13, // [13:13] is the sub-list for extension type_name
13, // [13:13] is the sub-list for extension extendee
0, // [0:13] is the sub-list for field type_name
22, // 6: sa.NewOrderAndAuthzsRequest.newOrder:type_name -> sa.NewOrderRequest
41, // 7: sa.NewOrderAndAuthzsRequest.newAuthzs:type_name -> core.Authorization
42, // 8: sa.SetOrderErrorRequest.error:type_name -> core.ProblemDetails
40, // 9: sa.Authorizations.authz:type_name -> sa.Authorizations.MapElement
41, // 10: sa.AddPendingAuthorizationsRequest.authz:type_name -> core.Authorization
43, // 11: sa.FinalizeAuthorizationRequest.validationRecords:type_name -> core.ValidationRecord
42, // 12: sa.FinalizeAuthorizationRequest.validationError:type_name -> core.ProblemDetails
41, // 13: sa.ValidAuthorizations.MapElement.authz:type_name -> core.Authorization
41, // 14: sa.Authorizations.MapElement.authz:type_name -> core.Authorization
0, // 15: sa.StorageAuthority.GetRegistration:input_type -> sa.RegistrationID
1, // 16: sa.StorageAuthority.GetRegistrationByKey:input_type -> sa.JSONWebKey
6, // 17: sa.StorageAuthority.GetCertificate:input_type -> sa.Serial
6, // 18: sa.StorageAuthority.GetPrecertificate:input_type -> sa.Serial
6, // 19: sa.StorageAuthority.GetCertificateStatus:input_type -> sa.Serial
9, // 20: sa.StorageAuthority.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest
11, // 21: sa.StorageAuthority.CountRegistrationsByIP:input_type -> sa.CountRegistrationsByIPRequest
11, // 22: sa.StorageAuthority.CountRegistrationsByIPRange:input_type -> sa.CountRegistrationsByIPRequest
13, // 23: sa.StorageAuthority.CountOrders:input_type -> sa.CountOrdersRequest
14, // 24: sa.StorageAuthority.CountFQDNSets:input_type -> sa.CountFQDNSetsRequest
15, // 25: sa.StorageAuthority.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest
16, // 26: sa.StorageAuthority.PreviousCertificateExists:input_type -> sa.PreviousCertificateExistsRequest
32, // 27: sa.StorageAuthority.GetAuthorization2:input_type -> sa.AuthorizationID2
28, // 28: sa.StorageAuthority.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest
3, // 29: sa.StorageAuthority.GetPendingAuthorization2:input_type -> sa.GetPendingAuthorizationRequest
0, // 30: sa.StorageAuthority.CountPendingAuthorizations2:input_type -> sa.RegistrationID
25, // 31: sa.StorageAuthority.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest
12, // 32: sa.StorageAuthority.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest
4, // 33: sa.StorageAuthority.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest
37, // 34: sa.StorageAuthority.KeyBlocked:input_type -> sa.KeyBlockedRequest
44, // 35: sa.StorageAuthority.NewRegistration:input_type -> core.Registration
44, // 36: sa.StorageAuthority.UpdateRegistration:input_type -> core.Registration
19, // 37: sa.StorageAuthority.AddCertificate:input_type -> sa.AddCertificateRequest
19, // 38: sa.StorageAuthority.AddPrecertificate:input_type -> sa.AddCertificateRequest
18, // 39: sa.StorageAuthority.AddSerial:input_type -> sa.AddSerialRequest
0, // 40: sa.StorageAuthority.DeactivateRegistration:input_type -> sa.RegistrationID
22, // 41: sa.StorageAuthority.NewOrder:input_type -> sa.NewOrderRequest
23, // 42: sa.StorageAuthority.NewOrderAndAuthzs:input_type -> sa.NewOrderAndAuthzsRequest
21, // 43: sa.StorageAuthority.SetOrderProcessing:input_type -> sa.OrderRequest
24, // 44: sa.StorageAuthority.SetOrderError:input_type -> sa.SetOrderErrorRequest
27, // 45: sa.StorageAuthority.FinalizeOrder:input_type -> sa.FinalizeOrderRequest
21, // 46: sa.StorageAuthority.GetOrder:input_type -> sa.OrderRequest
26, // 47: sa.StorageAuthority.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest
34, // 48: sa.StorageAuthority.RevokeCertificate:input_type -> sa.RevokeCertificateRequest
30, // 49: sa.StorageAuthority.NewAuthorizations2:input_type -> sa.AddPendingAuthorizationsRequest
35, // 50: sa.StorageAuthority.FinalizeAuthorization2:input_type -> sa.FinalizeAuthorizationRequest
32, // 51: sa.StorageAuthority.DeactivateAuthorization2:input_type -> sa.AuthorizationID2
36, // 52: sa.StorageAuthority.AddBlockedKey:input_type -> sa.AddBlockedKeyRequest
44, // 53: sa.StorageAuthority.GetRegistration:output_type -> core.Registration
44, // 54: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration
45, // 55: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate
45, // 56: sa.StorageAuthority.GetPrecertificate:output_type -> core.Certificate
46, // 57: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus
10, // 58: sa.StorageAuthority.CountCertificatesByNames:output_type -> sa.CountByNames
8, // 59: sa.StorageAuthority.CountRegistrationsByIP:output_type -> sa.Count
8, // 60: sa.StorageAuthority.CountRegistrationsByIPRange:output_type -> sa.Count
8, // 61: sa.StorageAuthority.CountOrders:output_type -> sa.Count
8, // 62: sa.StorageAuthority.CountFQDNSets:output_type -> sa.Count
17, // 63: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists
17, // 64: sa.StorageAuthority.PreviousCertificateExists:output_type -> sa.Exists
41, // 65: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization
29, // 66: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations
41, // 67: sa.StorageAuthority.GetPendingAuthorization2:output_type -> core.Authorization
8, // 68: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count
29, // 69: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations
8, // 70: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count
29, // 71: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations
17, // 72: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists
44, // 73: sa.StorageAuthority.NewRegistration:output_type -> core.Registration
47, // 74: sa.StorageAuthority.UpdateRegistration:output_type -> google.protobuf.Empty
20, // 75: sa.StorageAuthority.AddCertificate:output_type -> sa.AddCertificateResponse
47, // 76: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty
47, // 77: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty
47, // 78: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty
48, // 79: sa.StorageAuthority.NewOrder:output_type -> core.Order
48, // 80: sa.StorageAuthority.NewOrderAndAuthzs:output_type -> core.Order
47, // 81: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty
47, // 82: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty
47, // 83: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty
48, // 84: sa.StorageAuthority.GetOrder:output_type -> core.Order
48, // 85: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order
47, // 86: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty
33, // 87: sa.StorageAuthority.NewAuthorizations2:output_type -> sa.Authorization2IDs
47, // 88: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty
47, // 89: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty
47, // 90: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty
53, // [53:91] is the sub-list for method output_type
15, // [15:53] is the sub-list for method input_type
15, // [15:15] is the sub-list for extension type_name
15, // [15:15] is the sub-list for extension extendee
0, // [0:15] is the sub-list for field type_name
}
func init() { file_sa_proto_init() }
@ -3037,7 +3109,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SetOrderErrorRequest); i {
switch v := v.(*NewOrderAndAuthzsRequest); i {
case 0:
return &v.state
case 1:
@ -3049,7 +3121,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GetValidOrderAuthorizationsRequest); i {
switch v := v.(*SetOrderErrorRequest); i {
case 0:
return &v.state
case 1:
@ -3061,7 +3133,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GetOrderForNamesRequest); i {
switch v := v.(*GetValidOrderAuthorizationsRequest); i {
case 0:
return &v.state
case 1:
@ -3073,7 +3145,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*FinalizeOrderRequest); i {
switch v := v.(*GetOrderForNamesRequest); i {
case 0:
return &v.state
case 1:
@ -3085,7 +3157,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GetAuthorizationsRequest); i {
switch v := v.(*FinalizeOrderRequest); i {
case 0:
return &v.state
case 1:
@ -3097,7 +3169,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*Authorizations); i {
switch v := v.(*GetAuthorizationsRequest); i {
case 0:
return &v.state
case 1:
@ -3109,7 +3181,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*AddPendingAuthorizationsRequest); i {
switch v := v.(*Authorizations); i {
case 0:
return &v.state
case 1:
@ -3121,7 +3193,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*AuthorizationIDs); i {
switch v := v.(*AddPendingAuthorizationsRequest); i {
case 0:
return &v.state
case 1:
@ -3133,7 +3205,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*AuthorizationID2); i {
switch v := v.(*AuthorizationIDs); i {
case 0:
return &v.state
case 1:
@ -3145,7 +3217,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*Authorization2IDs); i {
switch v := v.(*AuthorizationID2); i {
case 0:
return &v.state
case 1:
@ -3157,7 +3229,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*RevokeCertificateRequest); i {
switch v := v.(*Authorization2IDs); i {
case 0:
return &v.state
case 1:
@ -3169,7 +3241,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*FinalizeAuthorizationRequest); i {
switch v := v.(*RevokeCertificateRequest); i {
case 0:
return &v.state
case 1:
@ -3181,7 +3253,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*AddBlockedKeyRequest); i {
switch v := v.(*FinalizeAuthorizationRequest); i {
case 0:
return &v.state
case 1:
@ -3193,7 +3265,7 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*KeyBlockedRequest); i {
switch v := v.(*AddBlockedKeyRequest); i {
case 0:
return &v.state
case 1:
@ -3205,6 +3277,18 @@ func file_sa_proto_init() {
}
}
file_sa_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*KeyBlockedRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_sa_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*ValidAuthorizations_MapElement); i {
case 0:
return &v.state
@ -3216,7 +3300,7 @@ func file_sa_proto_init() {
return nil
}
}
file_sa_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
file_sa_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*Authorizations_MapElement); i {
case 0:
return &v.state
@ -3235,7 +3319,7 @@ func file_sa_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_sa_proto_rawDesc,
NumEnums: 0,
NumMessages: 40,
NumMessages: 41,
NumExtensions: 0,
NumServices: 1,
},

6
sa/proto/sa.proto
View File

@ -38,6 +38,7 @@ service StorageAuthority {
rpc AddSerial(AddSerialRequest) returns (google.protobuf.Empty) {}
rpc DeactivateRegistration(RegistrationID) returns (google.protobuf.Empty) {}
rpc NewOrder(NewOrderRequest) returns (core.Order) {}
rpc NewOrderAndAuthzs(NewOrderAndAuthzsRequest) returns (core.Order) {}
rpc SetOrderProcessing(OrderRequest) returns (google.protobuf.Empty) {}
rpc SetOrderError(SetOrderErrorRequest) returns (google.protobuf.Empty) {}
rpc FinalizeOrder(FinalizeOrderRequest) returns (google.protobuf.Empty) {}
@ -176,6 +177,11 @@ message NewOrderRequest {
repeated int64 v2Authorizations = 4;
}
message NewOrderAndAuthzsRequest {
NewOrderRequest newOrder = 1;
repeated core.Authorization newAuthzs = 2;
}
message SetOrderErrorRequest {
int64 id = 1;
core.ProblemDetails error = 2;

36
sa/proto/sa_grpc.pb.go
View File

@ -51,6 +51,7 @@ type StorageAuthorityClient interface {
AddSerial(ctx context.Context, in *AddSerialRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
DeactivateRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*emptypb.Empty, error)
NewOrder(ctx context.Context, in *NewOrderRequest, opts ...grpc.CallOption) (*proto.Order, error)
NewOrderAndAuthzs(ctx context.Context, in *NewOrderAndAuthzsRequest, opts ...grpc.CallOption) (*proto.Order, error)
SetOrderProcessing(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
SetOrderError(ctx context.Context, in *SetOrderErrorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
FinalizeOrder(ctx context.Context, in *FinalizeOrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
@ -314,6 +315,15 @@ func (c *storageAuthorityClient) NewOrder(ctx context.Context, in *NewOrderReque
return out, nil
}
func (c *storageAuthorityClient) NewOrderAndAuthzs(ctx context.Context, in *NewOrderAndAuthzsRequest, opts ...grpc.CallOption) (*proto.Order, error) {
out := new(proto.Order)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewOrderAndAuthzs", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) SetOrderProcessing(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
out := new(emptypb.Empty)
err := c.cc.Invoke(ctx, "/sa.StorageAuthority/SetOrderProcessing", in, out, opts...)
@ -439,6 +449,7 @@ type StorageAuthorityServer interface {
AddSerial(context.Context, *AddSerialRequest) (*emptypb.Empty, error)
DeactivateRegistration(context.Context, *RegistrationID) (*emptypb.Empty, error)
NewOrder(context.Context, *NewOrderRequest) (*proto.Order, error)
NewOrderAndAuthzs(context.Context, *NewOrderAndAuthzsRequest) (*proto.Order, error)
SetOrderProcessing(context.Context, *OrderRequest) (*emptypb.Empty, error)
SetOrderError(context.Context, *SetOrderErrorRequest) (*emptypb.Empty, error)
FinalizeOrder(context.Context, *FinalizeOrderRequest) (*emptypb.Empty, error)
@ -537,6 +548,9 @@ func (UnimplementedStorageAuthorityServer) DeactivateRegistration(context.Contex
func (UnimplementedStorageAuthorityServer) NewOrder(context.Context, *NewOrderRequest) (*proto.Order, error) {
return nil, status.Errorf(codes.Unimplemented, "method NewOrder not implemented")
}
func (UnimplementedStorageAuthorityServer) NewOrderAndAuthzs(context.Context, *NewOrderAndAuthzsRequest) (*proto.Order, error) {
return nil, status.Errorf(codes.Unimplemented, "method NewOrderAndAuthzs not implemented")
}
func (UnimplementedStorageAuthorityServer) SetOrderProcessing(context.Context, *OrderRequest) (*emptypb.Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method SetOrderProcessing not implemented")
}
@ -1066,6 +1080,24 @@ func _StorageAuthority_NewOrder_Handler(srv interface{}, ctx context.Context, de
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_NewOrderAndAuthzs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(NewOrderAndAuthzsRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).NewOrderAndAuthzs(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/NewOrderAndAuthzs",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).NewOrderAndAuthzs(ctx, req.(*NewOrderAndAuthzsRequest))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_SetOrderProcessing_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(OrderRequest)
if err := dec(in); err != nil {
@ -1361,6 +1393,10 @@ var StorageAuthority_ServiceDesc = grpc.ServiceDesc{
MethodName: "NewOrder",
Handler: _StorageAuthority_NewOrder_Handler,
},
{
MethodName: "NewOrderAndAuthzs",
Handler: _StorageAuthority_NewOrderAndAuthzs_Handler,
},
{
MethodName: "SetOrderProcessing",
Handler: _StorageAuthority_SetOrderProcessing_Handler,

146
sa/sa.go
View File

@ -992,6 +992,147 @@ func (ssa *SQLStorageAuthority) NewOrder(ctx context.Context, req *sapb.NewOrder
return res, nil
}
// NewOrderAndAuthzs adds the given authorizations to the database, adds their
// autogenerated IDs to the given order, and then adds the order to the db.
// This is done inside a single transaction to prevent situations where new
// authorizations are created, but then their corresponding order is never
// created, leading to "invisible" pending authorizations.
func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error) {
output, err := db.WithTransaction(ctx, ssa.dbMap, func(txWithCtx db.Executor) (interface{}, error) {
// First, insert all of the new authorizations and record their IDs.
newAuthzIDs := make([]int64, 0)
if len(req.NewAuthzs) != 0 {
inserter, err := db.NewMultiInserter("authz2", authzFields, "id")
if err != nil {
return nil, err
}
for _, authz := range req.NewAuthzs {
if authz.Status != string(core.StatusPending) {
return nil, berrors.InternalServerError("authorization must be pending")
}
am, err := authzPBToModel(authz)
if err != nil {
return nil, err
}
err = inserter.Add([]interface{}{
am.ID,
am.IdentifierType,
am.IdentifierValue,
am.RegistrationID,
am.Status,
am.Expires,
am.Challenges,
am.Attempted,
am.Token,
am.ValidationError,
am.ValidationRecord,
})
if err != nil {
return nil, err
}
}
newAuthzIDs, err = inserter.Insert(txWithCtx)
if err != nil {
return nil, err
}
}
// Second, insert the new order.
order := &orderModel{
RegistrationID: req.NewOrder.RegistrationID,
Expires: time.Unix(0, req.NewOrder.Expires),
Created: ssa.clk.Now(),
}
if err := txWithCtx.Insert(order); err != nil {
return nil, err
}
// Third, insert all of the orderToAuthz relations.
inserter, err := db.NewMultiInserter("orderToAuthz2", "orderID, authzID", "")
if err != nil {
return nil, err
}
for _, id := range req.NewOrder.V2Authorizations {
err = inserter.Add([]interface{}{order.ID, id})
if err != nil {
return nil, err
}
}
for _, id := range newAuthzIDs {
err = inserter.Add([]interface{}{order.ID, id})
if err != nil {
return nil, err
}
}
_, err = inserter.Insert(txWithCtx)
if err != nil {
return nil, err
}
// Fourth, insert all of the requestedNames.
inserter, err = db.NewMultiInserter("requestedNames", "orderID, reversedName", "")
if err != nil {
return nil, err
}
for _, name := range req.NewOrder.Names {
err = inserter.Add([]interface{}{order.ID, ReverseName(name)})
if err != nil {
return nil, err
}
}
_, err = inserter.Insert(txWithCtx)
if err != nil {
return nil, err
}
// Fifth, insert the FQDNSet entry for the order.
err = addOrderFQDNSet(txWithCtx, req.NewOrder.Names, order.ID, order.RegistrationID, order.Expires)
if err != nil {
return nil, err
}
// Finally, build the overall Order PB and return it.
return &corepb.Order{
// ID and Created were auto-populated on the order model when it was inserted.
Id: order.ID,
Created: order.Created.UnixNano(),
// These are carried over from the original request unchanged.
RegistrationID: req.NewOrder.RegistrationID,
Expires: req.NewOrder.Expires,
Names: req.NewOrder.Names,
// Have to combine the already-associated and newly-reacted authzs.
V2Authorizations: append(req.NewOrder.V2Authorizations, newAuthzIDs...),
// A new order is never processing because it can't be finalized yet.
BeganProcessing: false,
}, nil
})
if err != nil {
return nil, err
}
order, ok := output.(*corepb.Order)
if !ok {
return nil, fmt.Errorf("casting error in NewOrderAndAuthzs")
}
if features.Enabled(features.FasterNewOrdersRateLimit) {
// Increment the order creation count
if err := addNewOrdersRateLimit(ctx, ssa.dbMap, req.NewOrder.RegistrationID, ssa.clk.Now().Truncate(time.Minute)); err != nil {
return nil, err
}
}
// Calculate the order status before returning it. Since it may have reused all
// valid authorizations the order may be "born" in a ready status.
status, err := ssa.statusForOrder(ctx, order)
if err != nil {
return nil, err
}
order.Status = status
return order, nil
}
// SetOrderProcessing updates an order from pending status to processing
// status by updating the `beganProcessing` field of the corresponding
// Order table row in the DB.
@ -1426,9 +1567,8 @@ func AuthzMapToPB(m map[string]*core.Authorization) (*sapb.Authorizations, error
return resp, nil
}
// NewAuthorizations2 adds a set of new style authorizations to the database and returns
// either the IDs of the authorizations or an error. It will only process corepb.Authorization
// objects if the V2 field is set. This method is intended to deprecate AddPendingAuthorizations
// NewAuthorizations2 adds a set of new style authorizations to the database and
// returns either the IDs of the authorizations or an error.
func (ssa *SQLStorageAuthority) NewAuthorizations2(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.Authorization2IDs, error) {
if len(req.Authz) == 0 {
return nil, errIncompleteRequest

62
sa/sa_test.go
View File

@ -1034,11 +1034,67 @@ func TestNewOrder(t *testing.T) {
test.AssertNotError(t, err, "namesForOrder errored")
test.AssertEquals(t, len(names), 2)
test.AssertDeepEquals(t, names, []string{"com.example", "com.example.another.just"})
}
names, err = sa.namesForOrder(context.Background(), order.Id)
func TestNewOrderAndAuthzs(t *testing.T) {
sa, _, cleanup := initSA(t)
defer cleanup()
// Create a test registration to reference
key, _ := jose.JSONWebKey{Key: &rsa.PublicKey{N: big.NewInt(1), E: 1}}.MarshalJSON()
initialIP, _ := net.ParseIP("42.42.42.42").MarshalText()
reg, err := sa.NewRegistration(ctx, &corepb.Registration{
Key: key,
InitialIP: initialIP,
})
test.AssertNotError(t, err, "Couldn't create test registration")
// Insert two pre-existing authorizations to reference
idA := createPendingAuthorization(t, sa, "a.com", sa.clk.Now().Add(time.Hour))
idB := createPendingAuthorization(t, sa, "b.com", sa.clk.Now().Add(time.Hour))
test.AssertEquals(t, idA, int64(1))
test.AssertEquals(t, idB, int64(2))
order, err := sa.NewOrderAndAuthzs(context.Background(), &sapb.NewOrderAndAuthzsRequest{
// Insert an order for four names, two of which already have authzs
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: 1,
Names: []string{"a.com", "b.com", "c.com", "d.com"},
V2Authorizations: []int64{1, 2},
},
// And add new authorizations for the other two names.
NewAuthzs: []*corepb.Authorization{
{
Identifier: "c.com",
RegistrationID: reg.Id,
Expires: sa.clk.Now().Add(time.Hour).UnixNano(),
Status: "pending",
Challenges: []*corepb.Challenge{{Token: core.NewToken()}},
},
{
Identifier: "d.com",
RegistrationID: reg.Id,
Expires: sa.clk.Now().Add(time.Hour).UnixNano(),
Status: "pending",
Challenges: []*corepb.Challenge{{Token: core.NewToken()}},
},
},
})
test.AssertNotError(t, err, "sa.NewOrder failed")
test.AssertEquals(t, order.Id, int64(1))
test.AssertDeepEquals(t, order.V2Authorizations, []int64{1, 2, 3, 4})
var authzIDs []int64
_, err = sa.dbMap.Select(&authzIDs, "SELECT authzID FROM orderToAuthz2 WHERE orderID = ?;", order.Id)
test.AssertNotError(t, err, "Failed to count orderToAuthz entries")
test.AssertEquals(t, len(authzIDs), 4)
test.AssertDeepEquals(t, authzIDs, []int64{1, 2, 3, 4})
names, err := sa.namesForOrder(context.Background(), order.Id)
test.AssertNotError(t, err, "namesForOrder errored")
test.AssertEquals(t, len(names), 2)
test.AssertDeepEquals(t, names, []string{"com.example", "com.example.another.just"})
test.AssertEquals(t, len(names), 4)
test.AssertDeepEquals(t, names, []string{"com.a", "com.b", "com.c", "com.d"})
}
func TestSetOrderProcessing(t *testing.T) {

3
test/config-next/ra.json
View File

@ -53,7 +53,8 @@
},
"features": {
"StoreRevokerInfo": true,
"RestrictRSAKeySizes": true
"RestrictRSAKeySizes": true,
"StreamlineOrderAndAuthzs": true
},
"CTLogGroups2": [
{