letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ca: unsplit issuance flow (#8014) 

Add a new RPC to the CA: `IssueCertificate` covers issuance of both the
precertificate and the final certificate. In between, it calls out to
the RA's new method `GetSCTs`.

The RA calls the new `CA.IssueCertificate` if the `UnsplitIssuance`
feature flag is true.

The RA had a metric that counted certificates by profile name and hash.
Since the RA doesn't receive a profile hash in the new flow, simply
record the total number of issuances.

Fixes https://github.com/letsencrypt/boulder/issues/7983
This commit is contained in:
Jacob Hoffman-Andrews 2025-02-24 11:37:17 -08:00 committed by GitHub
parent fb2fd8af75
commit 692bd53ae5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
21 changed files with 969 additions and 458 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
ca/ca.go
View File

@ -39,6 +39,7 @@ import (
"github.com/letsencrypt/boulder/issuance"
"github.com/letsencrypt/boulder/linter"
blog "github.com/letsencrypt/boulder/log"
rapb "github.com/letsencrypt/boulder/ra/proto"
sapb "github.com/letsencrypt/boulder/sa/proto"
)
@ -99,6 +100,7 @@ type caMetrics struct {
signatureCount *prometheus.CounterVec
signErrorCount *prometheus.CounterVec
lintErrorCount prometheus.Counter
certificates *prometheus.CounterVec
}
func NewCAMetrics(stats prometheus.Registerer) *caMetrics {
@ -123,7 +125,15 @@ func NewCAMetrics(stats prometheus.Registerer) *caMetrics {
})
stats.MustRegister(lintErrorCount)
return &caMetrics{signatureCount, signErrorCount, lintErrorCount}
certificates := prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "certificates",
Help: "Number of certificates issued",
},
[]string{"profile"})
stats.MustRegister(certificates)
return &caMetrics{signatureCount, signErrorCount, lintErrorCount, certificates}
}
func (m *caMetrics) noteSignError(err error) {
@ -138,6 +148,7 @@ func (m *caMetrics) noteSignError(err error) {
type certificateAuthorityImpl struct {
capb.UnsafeCertificateAuthorityServer
sa sapb.StorageAuthorityCertificateClient
sctClient rapb.SCTProviderClient
pa core.PolicyAuthority
issuers issuerMaps
certProfiles certProfilesMaps
@ -227,6 +238,7 @@ func makeCertificateProfilesMap(profiles map[string]*issuance.ProfileConfigNew)
// OCSP (via delegation to an ocspImpl and its issuers).
func NewCertificateAuthorityImpl(
sa sapb.StorageAuthorityCertificateClient,
sctService rapb.SCTProviderClient,
pa core.PolicyAuthority,
boulderIssuers []*issuance.Issuer,
certificateProfiles map[string]*issuance.ProfileConfigNew,
@ -261,6 +273,7 @@ func NewCertificateAuthorityImpl(
ca = &certificateAuthorityImpl{
sa: sa,
sctClient: sctService,
pa: pa,
issuers: issuers,
certProfiles: certProfiles,
@ -343,6 +356,31 @@ func (ca *certificateAuthorityImpl) IssuePrecertificate(ctx context.Context, iss
}, nil
}
func (ca *certificateAuthorityImpl) IssueCertificate(ctx context.Context, issueReq *capb.IssueCertificateRequest) (*capb.IssueCertificateResponse, error) {
if ca.sctClient == nil {
return nil, errors.New("IssueCertificate called with a nil SCT service")
}
precert, err := ca.IssuePrecertificate(ctx, issueReq)
if err != nil {
return nil, err
}
scts, err := ca.sctClient.GetSCTs(ctx, &rapb.SCTRequest{PrecertDER: precert.DER})
if err != nil {
return nil, err
}
cert, err := ca.IssueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
DER: precert.DER,
SCTs: scts.SctDER,
RegistrationID: issueReq.RegistrationID,
OrderID: issueReq.OrderID,
CertProfileHash: precert.CertProfileHash,
})
if err != nil {
return nil, err
}
return &capb.IssueCertificateResponse{DER: cert.Der}, nil
}
// IssueCertificateForPrecertificate final step in the [issuance cycle].
//
// Given a precertificate and a set of SCTs for that precertificate, it generates
@ -453,6 +491,7 @@ func (ca *certificateAuthorityImpl) IssueCertificateForPrecertificate(ctx contex
}
ca.metrics.signatureCount.With(prometheus.Labels{"purpose": string(certType), "issuer": issuer.Name()}).Inc()
ca.metrics.certificates.With(prometheus.Labels{"profile": certProfile.name}).Inc()
logEvent.Result.Certificate = hex.EncodeToString(certDER)
ca.log.AuditObject("Signing cert success", logEvent)

26
ca/ca_test.go
View File

@ -37,6 +37,7 @@ import (
"github.com/letsencrypt/boulder/metrics"
"github.com/letsencrypt/boulder/must"
"github.com/letsencrypt/boulder/policy"
rapb "github.com/letsencrypt/boulder/ra/proto"
sapb "github.com/letsencrypt/boulder/sa/proto"
"github.com/letsencrypt/boulder/test"
)
@ -204,7 +205,12 @@ func setup(t *testing.T) *testCtx {
Name: "lint_errors",
Help: "Number of issuances that were halted by linting errors",
})
cametrics := &caMetrics{signatureCount, signErrorCount, lintErrorCount}
certificatesCount := prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "certificates",
Help: "Number of certificates issued",
}, []string{"profile"})
cametrics := &caMetrics{signatureCount, signErrorCount, lintErrorCount, certificatesCount}
ocsp, err := NewOCSPImpl(
boulderIssuers,
@ -254,6 +260,7 @@ func TestSerialPrefix(t *testing.T) {
nil,
nil,
nil,
nil,
0x00,
testCtx.maxNames,
testCtx.keyPolicy,
@ -267,6 +274,7 @@ func TestSerialPrefix(t *testing.T) {
nil,
nil,
nil,
nil,
0x80,
testCtx.maxNames,
testCtx.keyPolicy,
@ -354,11 +362,18 @@ func TestIssuePrecertificate(t *testing.T) {
}
}
type mockSCTService struct{}
func (m mockSCTService) GetSCTs(ctx context.Context, sctRequest *rapb.SCTRequest, _ ...grpc.CallOption) (*rapb.SCTResponse, error) {
return &rapb.SCTResponse{}, nil
}
func issueCertificateSubTestSetup(t *testing.T) (*certificateAuthorityImpl, *mockSA) {
testCtx := setup(t)
sa := &mockSA{}
ca, err := NewCertificateAuthorityImpl(
sa,
mockSCTService{},
testCtx.pa,
testCtx.boulderIssuers,
testCtx.certProfiles,
@ -397,6 +412,7 @@ func TestNoIssuers(t *testing.T) {
sa := &mockSA{}
_, err := NewCertificateAuthorityImpl(
sa,
mockSCTService{},
testCtx.pa,
nil, // No issuers
testCtx.certProfiles,
@ -417,6 +433,7 @@ func TestMultipleIssuers(t *testing.T) {
sa := &mockSA{}
ca, err := NewCertificateAuthorityImpl(
sa,
mockSCTService{},
testCtx.pa,
testCtx.boulderIssuers,
testCtx.certProfiles,
@ -486,6 +503,7 @@ func TestUnpredictableIssuance(t *testing.T) {
ca, err := NewCertificateAuthorityImpl(
sa,
mockSCTService{},
testCtx.pa,
boulderIssuers,
testCtx.certProfiles,
@ -678,6 +696,7 @@ func TestInvalidCSRs(t *testing.T) {
sa := &mockSA{}
ca, err := NewCertificateAuthorityImpl(
sa,
mockSCTService{},
testCtx.pa,
testCtx.boulderIssuers,
testCtx.certProfiles,
@ -716,6 +735,7 @@ func TestRejectValidityTooLong(t *testing.T) {
ca, err := NewCertificateAuthorityImpl(
&mockSA{},
mockSCTService{},
testCtx.pa,
testCtx.boulderIssuers,
testCtx.certProfiles,
@ -808,6 +828,7 @@ func TestIssueCertificateForPrecertificate(t *testing.T) {
sa := &mockSA{}
ca, err := NewCertificateAuthorityImpl(
sa,
mockSCTService{},
testCtx.pa,
testCtx.boulderIssuers,
testCtx.certProfiles,
@ -869,6 +890,7 @@ func TestIssueCertificateForPrecertificateWithSpecificCertificateProfile(t *test
sa := &mockSA{}
ca, err := NewCertificateAuthorityImpl(
sa,
mockSCTService{},
testCtx.pa,
testCtx.boulderIssuers,
testCtx.certProfiles,
@ -984,6 +1006,7 @@ func TestIssueCertificateForPrecertificateDuplicateSerial(t *testing.T) {
sa := &dupeSA{}
ca, err := NewCertificateAuthorityImpl(
sa,
mockSCTService{},
testCtx.pa,
testCtx.boulderIssuers,
testCtx.certProfiles,
@ -1026,6 +1049,7 @@ func TestIssueCertificateForPrecertificateDuplicateSerial(t *testing.T) {
errorsa := &getCertErrorSA{}
errorca, err := NewCertificateAuthorityImpl(
errorsa,
mockSCTService{},
testCtx.pa,
testCtx.boulderIssuers,
testCtx.certProfiles,

1
ca/ocsp_test.go
View File

@ -31,6 +31,7 @@ func TestOCSP(t *testing.T) {
testCtx := setup(t)
ca, err := NewCertificateAuthorityImpl(
&mockSA{},
mockSCTService{},
testCtx.pa,
testCtx.boulderIssuers,
testCtx.certProfiles,

338
ca/proto/ca.pb.go
View File

@ -98,6 +98,53 @@ func (x *IssueCertificateRequest) GetCertProfileName() string {
return ""
}
type IssueCertificateResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
DER []byte `protobuf:"bytes,1,opt,name=DER,proto3" json:"DER,omitempty"`
}
func (x *IssueCertificateResponse) Reset() {
*x = IssueCertificateResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_ca_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *IssueCertificateResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*IssueCertificateResponse) ProtoMessage() {}
func (x *IssueCertificateResponse) ProtoReflect() protoreflect.Message {
mi := &file_ca_proto_msgTypes[1]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use IssueCertificateResponse.ProtoReflect.Descriptor instead.
func (*IssueCertificateResponse) Descriptor() ([]byte, []int) {
return file_ca_proto_rawDescGZIP(), []int{1}
}
func (x *IssueCertificateResponse) GetDER() []byte {
if x != nil {
return x.DER
}
return nil
}
type IssuePrecertificateResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@ -118,7 +165,7 @@ type IssuePrecertificateResponse struct {
func (x *IssuePrecertificateResponse) Reset() {
*x = IssuePrecertificateResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_ca_proto_msgTypes[1]
mi := &file_ca_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -131,7 +178,7 @@ func (x *IssuePrecertificateResponse) String() string {
func (*IssuePrecertificateResponse) ProtoMessage() {}
func (x *IssuePrecertificateResponse) ProtoReflect() protoreflect.Message {
mi := &file_ca_proto_msgTypes[1]
mi := &file_ca_proto_msgTypes[2]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -144,7 +191,7 @@ func (x *IssuePrecertificateResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use IssuePrecertificateResponse.ProtoReflect.Descriptor instead.
func (*IssuePrecertificateResponse) Descriptor() ([]byte, []int) {
return file_ca_proto_rawDescGZIP(), []int{1}
return file_ca_proto_rawDescGZIP(), []int{2}
}
func (x *IssuePrecertificateResponse) GetDER() []byte {
@ -187,7 +234,7 @@ type IssueCertificateForPrecertificateRequest struct {
func (x *IssueCertificateForPrecertificateRequest) Reset() {
*x = IssueCertificateForPrecertificateRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ca_proto_msgTypes[2]
mi := &file_ca_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -200,7 +247,7 @@ func (x *IssueCertificateForPrecertificateRequest) String() string {
func (*IssueCertificateForPrecertificateRequest) ProtoMessage() {}
func (x *IssueCertificateForPrecertificateRequest) ProtoReflect() protoreflect.Message {
mi := &file_ca_proto_msgTypes[2]
mi := &file_ca_proto_msgTypes[3]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -213,7 +260,7 @@ func (x *IssueCertificateForPrecertificateRequest) ProtoReflect() protoreflect.M
// Deprecated: Use IssueCertificateForPrecertificateRequest.ProtoReflect.Descriptor instead.
func (*IssueCertificateForPrecertificateRequest) Descriptor() ([]byte, []int) {
return file_ca_proto_rawDescGZIP(), []int{2}
return file_ca_proto_rawDescGZIP(), []int{3}
}
func (x *IssueCertificateForPrecertificateRequest) GetDER() []byte {
@ -268,7 +315,7 @@ type GenerateOCSPRequest struct {
func (x *GenerateOCSPRequest) Reset() {
*x = GenerateOCSPRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ca_proto_msgTypes[3]
mi := &file_ca_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -281,7 +328,7 @@ func (x *GenerateOCSPRequest) String() string {
func (*GenerateOCSPRequest) ProtoMessage() {}
func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message {
mi := &file_ca_proto_msgTypes[3]
mi := &file_ca_proto_msgTypes[4]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -294,7 +341,7 @@ func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GenerateOCSPRequest.ProtoReflect.Descriptor instead.
func (*GenerateOCSPRequest) Descriptor() ([]byte, []int) {
return file_ca_proto_rawDescGZIP(), []int{3}
return file_ca_proto_rawDescGZIP(), []int{4}
}
func (x *GenerateOCSPRequest) GetStatus() string {
@ -343,7 +390,7 @@ type OCSPResponse struct {
func (x *OCSPResponse) Reset() {
*x = OCSPResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_ca_proto_msgTypes[4]
mi := &file_ca_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -356,7 +403,7 @@ func (x *OCSPResponse) String() string {
func (*OCSPResponse) ProtoMessage() {}
func (x *OCSPResponse) ProtoReflect() protoreflect.Message {
mi := &file_ca_proto_msgTypes[4]
mi := &file_ca_proto_msgTypes[5]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -369,7 +416,7 @@ func (x *OCSPResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use OCSPResponse.ProtoReflect.Descriptor instead.
func (*OCSPResponse) Descriptor() ([]byte, []int) {
return file_ca_proto_rawDescGZIP(), []int{4}
return file_ca_proto_rawDescGZIP(), []int{5}
}
func (x *OCSPResponse) GetResponse() []byte {
@ -394,7 +441,7 @@ type GenerateCRLRequest struct {
func (x *GenerateCRLRequest) Reset() {
*x = GenerateCRLRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ca_proto_msgTypes[5]
mi := &file_ca_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -407,7 +454,7 @@ func (x *GenerateCRLRequest) String() string {
func (*GenerateCRLRequest) ProtoMessage() {}
func (x *GenerateCRLRequest) ProtoReflect() protoreflect.Message {
mi := &file_ca_proto_msgTypes[5]
mi := &file_ca_proto_msgTypes[6]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -420,7 +467,7 @@ func (x *GenerateCRLRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GenerateCRLRequest.ProtoReflect.Descriptor instead.
func (*GenerateCRLRequest) Descriptor() ([]byte, []int) {
return file_ca_proto_rawDescGZIP(), []int{5}
return file_ca_proto_rawDescGZIP(), []int{6}
}
func (m *GenerateCRLRequest) GetPayload() isGenerateCRLRequest_Payload {
@ -474,7 +521,7 @@ type CRLMetadata struct {
func (x *CRLMetadata) Reset() {
*x = CRLMetadata{}
if protoimpl.UnsafeEnabled {
mi := &file_ca_proto_msgTypes[6]
mi := &file_ca_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -487,7 +534,7 @@ func (x *CRLMetadata) String() string {
func (*CRLMetadata) ProtoMessage() {}
func (x *CRLMetadata) ProtoReflect() protoreflect.Message {
mi := &file_ca_proto_msgTypes[6]
mi := &file_ca_proto_msgTypes[7]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -500,7 +547,7 @@ func (x *CRLMetadata) ProtoReflect() protoreflect.Message {
// Deprecated: Use CRLMetadata.ProtoReflect.Descriptor instead.
func (*CRLMetadata) Descriptor() ([]byte, []int) {
return file_ca_proto_rawDescGZIP(), []int{6}
return file_ca_proto_rawDescGZIP(), []int{7}
}
func (x *CRLMetadata) GetIssuerNameID() int64 {
@ -535,7 +582,7 @@ type GenerateCRLResponse struct {
func (x *GenerateCRLResponse) Reset() {
*x = GenerateCRLResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_ca_proto_msgTypes[7]
mi := &file_ca_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -548,7 +595,7 @@ func (x *GenerateCRLResponse) String() string {
func (*GenerateCRLResponse) ProtoMessage() {}
func (x *GenerateCRLResponse) ProtoReflect() protoreflect.Message {
mi := &file_ca_proto_msgTypes[7]
mi := &file_ca_proto_msgTypes[8]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -561,7 +608,7 @@ func (x *GenerateCRLResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use GenerateCRLResponse.ProtoReflect.Descriptor instead.
func (*GenerateCRLResponse) Descriptor() ([]byte, []int) {
return file_ca_proto_rawDescGZIP(), []int{7}
return file_ca_proto_rawDescGZIP(), []int{8}
}
func (x *GenerateCRLResponse) GetChunk() []byte {
@ -588,88 +635,96 @@ var file_ca_proto_rawDesc = []byte{
0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72,
0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65,
0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x83, 0x01, 0x0a, 0x1b, 0x49, 0x73, 0x73, 0x75, 0x65,
0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2c, 0x0a, 0x18, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43,
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
0x03, 0x44, 0x45, 0x52, 0x22, 0x83, 0x01, 0x0a, 0x1b, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72,
0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28,
0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72,
0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52,
0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68,
0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e,
0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50,
0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xbc, 0x01, 0x0a, 0x28, 0x49,
0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46,
0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01,
0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x43, 0x54,
0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x04, 0x53, 0x43, 0x54, 0x73, 0x12, 0x26, 0x0a,
0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18,
0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44,
0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12,
0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61,
0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72,
0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x22, 0xb9, 0x01, 0x0a, 0x13, 0x47, 0x65,
0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61,
0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f,
0x6e, 0x12, 0x38, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07,
0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73,
0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72,
0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18,
0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x4a,
0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2a, 0x0a, 0x0c, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73,
0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
0x65, 0x22, 0x76, 0x0a, 0x12, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64,
0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x61, 0x2e, 0x43,
0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x08, 0x6d, 0x65,
0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x26, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18,
0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c,
0x45, 0x6e, 0x74, 0x72, 0x79, 0x48, 0x00, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x09,
0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x8f, 0x01, 0x0a, 0x0b, 0x43, 0x52,
0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73,
0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52,
0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, 0x3a, 0x0a,
0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x74,
0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61,
0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61,
0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x2b, 0x0a, 0x13, 0x47,
0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28,
0x0c, 0x52, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x32, 0xa6, 0x02, 0x0a, 0x14, 0x43, 0x65, 0x72,
0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
0x79, 0x12, 0x55, 0x0a, 0x13, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72,
0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73,
0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65,
0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20,
0x01, 0x28, 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74,
0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28,
0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61,
0x73, 0x68, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c,
0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x65, 0x72,
0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xbc, 0x01, 0x0a,
0x28, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52,
0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x12, 0x0a, 0x04, 0x53,
0x43, 0x54, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x04, 0x53, 0x43, 0x54, 0x73, 0x12,
0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49,
0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72,
0x49, 0x44, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49,
0x44, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65,
0x48, 0x61, 0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74,
0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x22, 0xb9, 0x01, 0x0a, 0x13,
0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20,
0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72,
0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61,
0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74,
0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
0x6d, 0x70, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a,
0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73,
0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49,
0x44, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49,
0x44, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2a, 0x0a, 0x0c, 0x4f, 0x43, 0x53, 0x50, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f,
0x6e, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f,
0x6e, 0x73, 0x65, 0x22, 0x76, 0x0a, 0x12, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43,
0x52, 0x4c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x08, 0x6d, 0x65, 0x74,
0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x61,
0x2e, 0x43, 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x08,
0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x26, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72,
0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43,
0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x48, 0x00, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79,
0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x8f, 0x01, 0x0a, 0x0b,
0x43, 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x22, 0x0a, 0x0c, 0x69,
0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28,
0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12,
0x3a, 0x0a, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52,
0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73,
0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73,
0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x2b, 0x0a,
0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20,
0x01, 0x28, 0x0c, 0x52, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x32, 0xd5, 0x01, 0x0a, 0x14, 0x43,
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
0x69, 0x74, 0x79, 0x12, 0x55, 0x0a, 0x13, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, 0x65, 0x63,
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e,
0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73,
0x75, 0x65, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x66, 0x0a, 0x21, 0x49, 0x73,
0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f,
0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12,
0x2c, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69,
0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e,
0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
0x22, 0x00, 0x32, 0x4c, 0x0a, 0x0d, 0x4f, 0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61,
0x74, 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f,
0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63,
0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
0x32, 0x54, 0x0a, 0x0c, 0x43, 0x52, 0x4c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72,
0x12, 0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12,
0x16, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e,
0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74,
0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x66, 0x0a, 0x21, 0x49, 0x73, 0x73, 0x75,
0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50,
0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x2c, 0x2e,
0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x63, 0x6f,
0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00,
0x12, 0x4f, 0x0a, 0x10, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43,
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
0x00, 0x32, 0x4c, 0x0a, 0x0d, 0x4f, 0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43,
0x53, 0x50, 0x12, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65,
0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61,
0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x32,
0x54, 0x0a, 0x0c, 0x43, 0x52, 0x4c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12,
0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, 0x16,
0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65,
0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f,
0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@ -684,35 +739,38 @@ func file_ca_proto_rawDescGZIP() []byte {
return file_ca_proto_rawDescData
}
var file_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
var file_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
var file_ca_proto_goTypes = []interface{}{
(*IssueCertificateRequest)(nil), // 0: ca.IssueCertificateRequest
(*IssuePrecertificateResponse)(nil), // 1: ca.IssuePrecertificateResponse
(*IssueCertificateForPrecertificateRequest)(nil), // 2: ca.IssueCertificateForPrecertificateRequest
(*GenerateOCSPRequest)(nil), // 3: ca.GenerateOCSPRequest
(*OCSPResponse)(nil), // 4: ca.OCSPResponse
(*GenerateCRLRequest)(nil), // 5: ca.GenerateCRLRequest
(*CRLMetadata)(nil), // 6: ca.CRLMetadata
(*GenerateCRLResponse)(nil), // 7: ca.GenerateCRLResponse
(*timestamppb.Timestamp)(nil), // 8: google.protobuf.Timestamp
(*proto.CRLEntry)(nil), // 9: core.CRLEntry
(*proto.Certificate)(nil), // 10: core.Certificate
(*IssueCertificateResponse)(nil), // 1: ca.IssueCertificateResponse
(*IssuePrecertificateResponse)(nil), // 2: ca.IssuePrecertificateResponse
(*IssueCertificateForPrecertificateRequest)(nil), // 3: ca.IssueCertificateForPrecertificateRequest
(*GenerateOCSPRequest)(nil), // 4: ca.GenerateOCSPRequest
(*OCSPResponse)(nil), // 5: ca.OCSPResponse
(*GenerateCRLRequest)(nil), // 6: ca.GenerateCRLRequest
(*CRLMetadata)(nil), // 7: ca.CRLMetadata
(*GenerateCRLResponse)(nil), // 8: ca.GenerateCRLResponse
(*timestamppb.Timestamp)(nil), // 9: google.protobuf.Timestamp
(*proto.CRLEntry)(nil), // 10: core.CRLEntry
(*proto.Certificate)(nil), // 11: core.Certificate
}
var file_ca_proto_depIdxs = []int32{
8, // 0: ca.GenerateOCSPRequest.revokedAt:type_name -> google.protobuf.Timestamp
6, // 1: ca.GenerateCRLRequest.metadata:type_name -> ca.CRLMetadata
9, // 2: ca.GenerateCRLRequest.entry:type_name -> core.CRLEntry
8, // 3: ca.CRLMetadata.thisUpdate:type_name -> google.protobuf.Timestamp
9, // 0: ca.GenerateOCSPRequest.revokedAt:type_name -> google.protobuf.Timestamp
7, // 1: ca.GenerateCRLRequest.metadata:type_name -> ca.CRLMetadata
10, // 2: ca.GenerateCRLRequest.entry:type_name -> core.CRLEntry
9, // 3: ca.CRLMetadata.thisUpdate:type_name -> google.protobuf.Timestamp
0, // 4: ca.CertificateAuthority.IssuePrecertificate:input_type -> ca.IssueCertificateRequest
2, // 5: ca.CertificateAuthority.IssueCertificateForPrecertificate:input_type -> ca.IssueCertificateForPrecertificateRequest
3, // 6: ca.OCSPGenerator.GenerateOCSP:input_type -> ca.GenerateOCSPRequest
5, // 7: ca.CRLGenerator.GenerateCRL:input_type -> ca.GenerateCRLRequest
1, // 8: ca.CertificateAuthority.IssuePrecertificate:output_type -> ca.IssuePrecertificateResponse
10, // 9: ca.CertificateAuthority.IssueCertificateForPrecertificate:output_type -> core.Certificate
4, // 10: ca.OCSPGenerator.GenerateOCSP:output_type -> ca.OCSPResponse
7, // 11: ca.CRLGenerator.GenerateCRL:output_type -> ca.GenerateCRLResponse
8, // [8:12] is the sub-list for method output_type
4, // [4:8] is the sub-list for method input_type
3, // 5: ca.CertificateAuthority.IssueCertificateForPrecertificate:input_type -> ca.IssueCertificateForPrecertificateRequest
0, // 6: ca.CertificateAuthority.IssueCertificate:input_type -> ca.IssueCertificateRequest
4, // 7: ca.OCSPGenerator.GenerateOCSP:input_type -> ca.GenerateOCSPRequest
6, // 8: ca.CRLGenerator.GenerateCRL:input_type -> ca.GenerateCRLRequest
2, // 9: ca.CertificateAuthority.IssuePrecertificate:output_type -> ca.IssuePrecertificateResponse
11, // 10: ca.CertificateAuthority.IssueCertificateForPrecertificate:output_type -> core.Certificate
1, // 11: ca.CertificateAuthority.IssueCertificate:output_type -> ca.IssueCertificateResponse
5, // 12: ca.OCSPGenerator.GenerateOCSP:output_type -> ca.OCSPResponse
8, // 13: ca.CRLGenerator.GenerateCRL:output_type -> ca.GenerateCRLResponse
9, // [9:14] is the sub-list for method output_type
4, // [4:9] is the sub-list for method input_type
4, // [4:4] is the sub-list for extension type_name
4, // [4:4] is the sub-list for extension extendee
0, // [0:4] is the sub-list for field type_name
@ -737,7 +795,7 @@ func file_ca_proto_init() {
}
}
file_ca_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*IssuePrecertificateResponse); i {
switch v := v.(*IssueCertificateResponse); i {
case 0:
return &v.state
case 1:
@ -749,7 +807,7 @@ func file_ca_proto_init() {
}
}
file_ca_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*IssueCertificateForPrecertificateRequest); i {
switch v := v.(*IssuePrecertificateResponse); i {
case 0:
return &v.state
case 1:
@ -761,7 +819,7 @@ func file_ca_proto_init() {
}
}
file_ca_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GenerateOCSPRequest); i {
switch v := v.(*IssueCertificateForPrecertificateRequest); i {
case 0:
return &v.state
case 1:
@ -773,7 +831,7 @@ func file_ca_proto_init() {
}
}
file_ca_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*OCSPResponse); i {
switch v := v.(*GenerateOCSPRequest); i {
case 0:
return &v.state
case 1:
@ -785,7 +843,7 @@ func file_ca_proto_init() {
}
}
file_ca_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GenerateCRLRequest); i {
switch v := v.(*OCSPResponse); i {
case 0:
return &v.state
case 1:
@ -797,7 +855,7 @@ func file_ca_proto_init() {
}
}
file_ca_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*CRLMetadata); i {
switch v := v.(*GenerateCRLRequest); i {
case 0:
return &v.state
case 1:
@ -809,6 +867,18 @@ func file_ca_proto_init() {
}
}
file_ca_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*CRLMetadata); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_ca_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GenerateCRLResponse); i {
case 0:
return &v.state
@ -821,7 +891,7 @@ func file_ca_proto_init() {
}
}
}
file_ca_proto_msgTypes[5].OneofWrappers = []interface{}{
file_ca_proto_msgTypes[6].OneofWrappers = []interface{}{
(*GenerateCRLRequest_Metadata)(nil),
(*GenerateCRLRequest_Entry)(nil),
}
@ -831,7 +901,7 @@ func file_ca_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_ca_proto_rawDesc,
NumEnums: 0,
NumMessages: 8,
NumMessages: 9,
NumExtensions: 0,
NumServices: 3,
},

6
ca/proto/ca.proto
View File

@ -10,6 +10,8 @@ import "google/protobuf/timestamp.proto";
service CertificateAuthority {
rpc IssuePrecertificate(IssueCertificateRequest) returns (IssuePrecertificateResponse) {}
rpc IssueCertificateForPrecertificate(IssueCertificateForPrecertificateRequest) returns (core.Certificate) {}
// IssueCertificate issues a precertificate, gets SCTs, issues a certificate, and returns that.
rpc IssueCertificate(IssueCertificateRequest) returns (IssueCertificateResponse) {}
}
message IssueCertificateRequest {
@ -26,6 +28,10 @@ message IssueCertificateRequest {
string certProfileName = 5;
}
message IssueCertificateResponse {
bytes DER = 1;
}
message IssuePrecertificateResponse {
// Next unused field number: 4
bytes DER = 1;

40
ca/proto/ca_grpc.pb.go
View File

@ -22,6 +22,7 @@ const _ = grpc.SupportPackageIsVersion9
const (
CertificateAuthority_IssuePrecertificate_FullMethodName = "/ca.CertificateAuthority/IssuePrecertificate"
CertificateAuthority_IssueCertificateForPrecertificate_FullMethodName = "/ca.CertificateAuthority/IssueCertificateForPrecertificate"
CertificateAuthority_IssueCertificate_FullMethodName = "/ca.CertificateAuthority/IssueCertificate"
)
// CertificateAuthorityClient is the client API for CertificateAuthority service.
@ -30,6 +31,8 @@ const (
type CertificateAuthorityClient interface {
IssuePrecertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*IssuePrecertificateResponse, error)
IssueCertificateForPrecertificate(ctx context.Context, in *IssueCertificateForPrecertificateRequest, opts ...grpc.CallOption) (*proto.Certificate, error)
// IssueCertificate issues a precertificate, gets SCTs, issues a certificate, and returns that.
IssueCertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*IssueCertificateResponse, error)
}
type certificateAuthorityClient struct {
@ -60,12 +63,24 @@ func (c *certificateAuthorityClient) IssueCertificateForPrecertificate(ctx conte
return out, nil
}
func (c *certificateAuthorityClient) IssueCertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*IssueCertificateResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(IssueCertificateResponse)
err := c.cc.Invoke(ctx, CertificateAuthority_IssueCertificate_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// CertificateAuthorityServer is the server API for CertificateAuthority service.
// All implementations must embed UnimplementedCertificateAuthorityServer
// for forward compatibility
type CertificateAuthorityServer interface {
IssuePrecertificate(context.Context, *IssueCertificateRequest) (*IssuePrecertificateResponse, error)
IssueCertificateForPrecertificate(context.Context, *IssueCertificateForPrecertificateRequest) (*proto.Certificate, error)
// IssueCertificate issues a precertificate, gets SCTs, issues a certificate, and returns that.
IssueCertificate(context.Context, *IssueCertificateRequest) (*IssueCertificateResponse, error)
mustEmbedUnimplementedCertificateAuthorityServer()
}
@ -79,6 +94,9 @@ func (UnimplementedCertificateAuthorityServer) IssuePrecertificate(context.Conte
func (UnimplementedCertificateAuthorityServer) IssueCertificateForPrecertificate(context.Context, *IssueCertificateForPrecertificateRequest) (*proto.Certificate, error) {
return nil, status.Errorf(codes.Unimplemented, "method IssueCertificateForPrecertificate not implemented")
}
func (UnimplementedCertificateAuthorityServer) IssueCertificate(context.Context, *IssueCertificateRequest) (*IssueCertificateResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method IssueCertificate not implemented")
}
func (UnimplementedCertificateAuthorityServer) mustEmbedUnimplementedCertificateAuthorityServer() {}
// UnsafeCertificateAuthorityServer may be embedded to opt out of forward compatibility for this service.
@ -128,6 +146,24 @@ func _CertificateAuthority_IssueCertificateForPrecertificate_Handler(srv interfa
return interceptor(ctx, in, info, handler)
}
func _CertificateAuthority_IssueCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(IssueCertificateRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(CertificateAuthorityServer).IssueCertificate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: CertificateAuthority_IssueCertificate_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(CertificateAuthorityServer).IssueCertificate(ctx, req.(*IssueCertificateRequest))
}
return interceptor(ctx, in, info, handler)
}
// CertificateAuthority_ServiceDesc is the grpc.ServiceDesc for CertificateAuthority service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
@ -143,6 +179,10 @@ var CertificateAuthority_ServiceDesc = grpc.ServiceDesc{
MethodName: "IssueCertificateForPrecertificate",
Handler: _CertificateAuthority_IssueCertificateForPrecertificate_Handler,
},
{
MethodName: "IssueCertificate",
Handler: _CertificateAuthority_IssueCertificate_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "ca.proto",

15
cmd/boulder-ca/main.go
View File

@ -19,6 +19,7 @@ import (
bgrpc "github.com/letsencrypt/boulder/grpc"
"github.com/letsencrypt/boulder/issuance"
"github.com/letsencrypt/boulder/policy"
rapb "github.com/letsencrypt/boulder/ra/proto"
sapb "github.com/letsencrypt/boulder/sa/proto"
)
@ -32,6 +33,8 @@ type Config struct {
SAService *cmd.GRPCClientConfig
SCTService *cmd.GRPCClientConfig
// Issuance contains all information necessary to load and initialize issuers.
Issuance struct {
// The name of the certificate profile to use if one wasn't provided
@ -203,9 +206,16 @@ func main() {
tlsConfig, err := c.CA.TLS.Load(scope)
cmd.FailOnError(err, "TLS config")
conn, err := bgrpc.ClientSetup(c.CA.SAService, tlsConfig, scope, clk)
saConn, err := bgrpc.ClientSetup(c.CA.SAService, tlsConfig, scope, clk)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
sa := sapb.NewStorageAuthorityClient(conn)
sa := sapb.NewStorageAuthorityClient(saConn)
var sctService rapb.SCTProviderClient
if c.CA.SCTService != nil {
sctConn, err := bgrpc.ClientSetup(c.CA.SCTService, tlsConfig, scope, clk)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA for SCTs")
sctService = rapb.NewSCTProviderClient(sctConn)
}
kp, err := sagoodkey.NewPolicy(&c.CA.GoodKey, sa.KeyBlocked)
cmd.FailOnError(err, "Unable to create key policy")
@ -246,6 +256,7 @@ func main() {
if !c.CA.DisableCertService {
cai, err := ca.NewCertificateAuthorityImpl(
sa,
sctService,
pa,
issuers,
c.CA.Issuance.CertProfiles,

4
cmd/boulder-ra/main.go
View File

@ -310,7 +310,9 @@ func main() {
rai.SA = sac
start, err := bgrpc.NewServer(c.RA.GRPC, logger).Add(
&rapb.RegistrationAuthority_ServiceDesc, rai).Build(tlsConfig, scope, clk)
&rapb.RegistrationAuthority_ServiceDesc, rai).Add(
&rapb.SCTProvider_ServiceDesc, rai).
Build(tlsConfig, scope, clk)
cmd.FailOnError(err, "Unable to setup RA gRPC server")
cmd.FailOnError(start(), "RA gRPC service failed")

5
features/features.go
View File

@ -100,6 +100,11 @@ type Config struct {
// This feature flag also causes CAA checks to happen after all remote VAs
// have passed DCV.
EnforceMPIC bool
// UnsplitIssuance causes the RA to make a single call to the CA for issuance,
// calling the new `IssueCertificate` instead of the old `IssuePrecertficate` /
// `IssueCertificateForPrecertificate` pair.
UnsplitIssuance bool
}
var fMu = new(sync.RWMutex)

19
mocks/ca.go
View File

@ -21,6 +21,25 @@ type MockCA struct {
PEM []byte
}
// IssueCertificate is a mock
func (ca *MockCA) IssueCertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssueCertificateResponse, error) {
precert, err := ca.IssuePrecertificate(ctx, req)
if err != nil {
return nil, err
}
cert, err := ca.IssueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
DER: precert.DER,
SCTs: nil,
RegistrationID: req.RegistrationID,
OrderID: req.OrderID,
CertProfileHash: precert.CertProfileHash,
})
if err != nil {
return nil, err
}
return &capb.IssueCertificateResponse{DER: cert.Der}, nil
}
// IssuePrecertificate is a mock
func (ca *MockCA) IssuePrecertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) {
if ca.PEM == nil {

643
ra/proto/ra.pb.go
View File

@ -23,6 +23,100 @@ const (
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
type SCTRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
PrecertDER []byte `protobuf:"bytes,1,opt,name=precertDER,proto3" json:"precertDER,omitempty"`
}
func (x *SCTRequest) Reset() {
*x = SCTRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SCTRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SCTRequest) ProtoMessage() {}
func (x *SCTRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[0]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SCTRequest.ProtoReflect.Descriptor instead.
func (*SCTRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{0}
}
func (x *SCTRequest) GetPrecertDER() []byte {
if x != nil {
return x.PrecertDER
}
return nil
}
type SCTResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
SctDER [][]byte `protobuf:"bytes,1,rep,name=sctDER,proto3" json:"sctDER,omitempty"`
}
func (x *SCTResponse) Reset() {
*x = SCTResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SCTResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SCTResponse) ProtoMessage() {}
func (x *SCTResponse) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[1]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SCTResponse.ProtoReflect.Descriptor instead.
func (*SCTResponse) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{1}
}
func (x *SCTResponse) GetSctDER() [][]byte {
if x != nil {
return x.SctDER
}
return nil
}
type GenerateOCSPRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@ -34,7 +128,7 @@ type GenerateOCSPRequest struct {
func (x *GenerateOCSPRequest) Reset() {
*x = GenerateOCSPRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[0]
mi := &file_ra_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -47,7 +141,7 @@ func (x *GenerateOCSPRequest) String() string {
func (*GenerateOCSPRequest) ProtoMessage() {}
func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[0]
mi := &file_ra_proto_msgTypes[2]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -60,7 +154,7 @@ func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GenerateOCSPRequest.ProtoReflect.Descriptor instead.
func (*GenerateOCSPRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{0}
return file_ra_proto_rawDescGZIP(), []int{2}
}
func (x *GenerateOCSPRequest) GetSerial() string {
@ -82,7 +176,7 @@ type UpdateRegistrationContactRequest struct {
func (x *UpdateRegistrationContactRequest) Reset() {
*x = UpdateRegistrationContactRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[1]
mi := &file_ra_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -95,7 +189,7 @@ func (x *UpdateRegistrationContactRequest) String() string {
func (*UpdateRegistrationContactRequest) ProtoMessage() {}
func (x *UpdateRegistrationContactRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[1]
mi := &file_ra_proto_msgTypes[3]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -108,7 +202,7 @@ func (x *UpdateRegistrationContactRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use UpdateRegistrationContactRequest.ProtoReflect.Descriptor instead.
func (*UpdateRegistrationContactRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{1}
return file_ra_proto_rawDescGZIP(), []int{3}
}
func (x *UpdateRegistrationContactRequest) GetRegistrationID() int64 {
@ -137,7 +231,7 @@ type UpdateRegistrationKeyRequest struct {
func (x *UpdateRegistrationKeyRequest) Reset() {
*x = UpdateRegistrationKeyRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[2]
mi := &file_ra_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -150,7 +244,7 @@ func (x *UpdateRegistrationKeyRequest) String() string {
func (*UpdateRegistrationKeyRequest) ProtoMessage() {}
func (x *UpdateRegistrationKeyRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[2]
mi := &file_ra_proto_msgTypes[4]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -163,7 +257,7 @@ func (x *UpdateRegistrationKeyRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use UpdateRegistrationKeyRequest.ProtoReflect.Descriptor instead.
func (*UpdateRegistrationKeyRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{2}
return file_ra_proto_rawDescGZIP(), []int{4}
}
func (x *UpdateRegistrationKeyRequest) GetRegistrationID() int64 {
@ -193,7 +287,7 @@ type UpdateAuthorizationRequest struct {
func (x *UpdateAuthorizationRequest) Reset() {
*x = UpdateAuthorizationRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[3]
mi := &file_ra_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -206,7 +300,7 @@ func (x *UpdateAuthorizationRequest) String() string {
func (*UpdateAuthorizationRequest) ProtoMessage() {}
func (x *UpdateAuthorizationRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[3]
mi := &file_ra_proto_msgTypes[5]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -219,7 +313,7 @@ func (x *UpdateAuthorizationRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use UpdateAuthorizationRequest.ProtoReflect.Descriptor instead.
func (*UpdateAuthorizationRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{3}
return file_ra_proto_rawDescGZIP(), []int{5}
}
func (x *UpdateAuthorizationRequest) GetAuthz() *proto.Authorization {
@ -255,7 +349,7 @@ type PerformValidationRequest struct {
func (x *PerformValidationRequest) Reset() {
*x = PerformValidationRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[4]
mi := &file_ra_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -268,7 +362,7 @@ func (x *PerformValidationRequest) String() string {
func (*PerformValidationRequest) ProtoMessage() {}
func (x *PerformValidationRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[4]
mi := &file_ra_proto_msgTypes[6]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -281,7 +375,7 @@ func (x *PerformValidationRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use PerformValidationRequest.ProtoReflect.Descriptor instead.
func (*PerformValidationRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{4}
return file_ra_proto_rawDescGZIP(), []int{6}
}
func (x *PerformValidationRequest) GetAuthz() *proto.Authorization {
@ -311,7 +405,7 @@ type RevokeCertByApplicantRequest struct {
func (x *RevokeCertByApplicantRequest) Reset() {
*x = RevokeCertByApplicantRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[5]
mi := &file_ra_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -324,7 +418,7 @@ func (x *RevokeCertByApplicantRequest) String() string {
func (*RevokeCertByApplicantRequest) ProtoMessage() {}
func (x *RevokeCertByApplicantRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[5]
mi := &file_ra_proto_msgTypes[7]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -337,7 +431,7 @@ func (x *RevokeCertByApplicantRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use RevokeCertByApplicantRequest.ProtoReflect.Descriptor instead.
func (*RevokeCertByApplicantRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{5}
return file_ra_proto_rawDescGZIP(), []int{7}
}
func (x *RevokeCertByApplicantRequest) GetCert() []byte {
@ -372,7 +466,7 @@ type RevokeCertByKeyRequest struct {
func (x *RevokeCertByKeyRequest) Reset() {
*x = RevokeCertByKeyRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[6]
mi := &file_ra_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -385,7 +479,7 @@ func (x *RevokeCertByKeyRequest) String() string {
func (*RevokeCertByKeyRequest) ProtoMessage() {}
func (x *RevokeCertByKeyRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[6]
mi := &file_ra_proto_msgTypes[8]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -398,7 +492,7 @@ func (x *RevokeCertByKeyRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use RevokeCertByKeyRequest.ProtoReflect.Descriptor instead.
func (*RevokeCertByKeyRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{6}
return file_ra_proto_rawDescGZIP(), []int{8}
}
func (x *RevokeCertByKeyRequest) GetCert() []byte {
@ -437,7 +531,7 @@ type AdministrativelyRevokeCertificateRequest struct {
func (x *AdministrativelyRevokeCertificateRequest) Reset() {
*x = AdministrativelyRevokeCertificateRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[7]
mi := &file_ra_proto_msgTypes[9]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -450,7 +544,7 @@ func (x *AdministrativelyRevokeCertificateRequest) String() string {
func (*AdministrativelyRevokeCertificateRequest) ProtoMessage() {}
func (x *AdministrativelyRevokeCertificateRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[7]
mi := &file_ra_proto_msgTypes[9]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -463,7 +557,7 @@ func (x *AdministrativelyRevokeCertificateRequest) ProtoReflect() protoreflect.M
// Deprecated: Use AdministrativelyRevokeCertificateRequest.ProtoReflect.Descriptor instead.
func (*AdministrativelyRevokeCertificateRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{7}
return file_ra_proto_rawDescGZIP(), []int{9}
}
func (x *AdministrativelyRevokeCertificateRequest) GetCert() []byte {
@ -530,7 +624,7 @@ type NewOrderRequest struct {
func (x *NewOrderRequest) Reset() {
*x = NewOrderRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[8]
mi := &file_ra_proto_msgTypes[10]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -543,7 +637,7 @@ func (x *NewOrderRequest) String() string {
func (*NewOrderRequest) ProtoMessage() {}
func (x *NewOrderRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[8]
mi := &file_ra_proto_msgTypes[10]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -556,7 +650,7 @@ func (x *NewOrderRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use NewOrderRequest.ProtoReflect.Descriptor instead.
func (*NewOrderRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{8}
return file_ra_proto_rawDescGZIP(), []int{10}
}
func (x *NewOrderRequest) GetRegistrationID() int64 {
@ -598,7 +692,7 @@ type GetAuthorizationRequest struct {
func (x *GetAuthorizationRequest) Reset() {
*x = GetAuthorizationRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[9]
mi := &file_ra_proto_msgTypes[11]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -611,7 +705,7 @@ func (x *GetAuthorizationRequest) String() string {
func (*GetAuthorizationRequest) ProtoMessage() {}
func (x *GetAuthorizationRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[9]
mi := &file_ra_proto_msgTypes[11]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -624,7 +718,7 @@ func (x *GetAuthorizationRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetAuthorizationRequest.ProtoReflect.Descriptor instead.
func (*GetAuthorizationRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{9}
return file_ra_proto_rawDescGZIP(), []int{11}
}
func (x *GetAuthorizationRequest) GetId() int64 {
@ -646,7 +740,7 @@ type FinalizeOrderRequest struct {
func (x *FinalizeOrderRequest) Reset() {
*x = FinalizeOrderRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[10]
mi := &file_ra_proto_msgTypes[12]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -659,7 +753,7 @@ func (x *FinalizeOrderRequest) String() string {
func (*FinalizeOrderRequest) ProtoMessage() {}
func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[10]
mi := &file_ra_proto_msgTypes[12]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -672,7 +766,7 @@ func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use FinalizeOrderRequest.ProtoReflect.Descriptor instead.
func (*FinalizeOrderRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{10}
return file_ra_proto_rawDescGZIP(), []int{12}
}
func (x *FinalizeOrderRequest) GetOrder() *proto.Order {
@ -701,7 +795,7 @@ type UnpauseAccountRequest struct {
func (x *UnpauseAccountRequest) Reset() {
*x = UnpauseAccountRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[11]
mi := &file_ra_proto_msgTypes[13]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -714,7 +808,7 @@ func (x *UnpauseAccountRequest) String() string {
func (*UnpauseAccountRequest) ProtoMessage() {}
func (x *UnpauseAccountRequest) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[11]
mi := &file_ra_proto_msgTypes[13]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -727,7 +821,7 @@ func (x *UnpauseAccountRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use UnpauseAccountRequest.ProtoReflect.Descriptor instead.
func (*UnpauseAccountRequest) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{11}
return file_ra_proto_rawDescGZIP(), []int{13}
}
func (x *UnpauseAccountRequest) GetRegistrationID() int64 {
@ -749,7 +843,7 @@ type UnpauseAccountResponse struct {
func (x *UnpauseAccountResponse) Reset() {
*x = UnpauseAccountResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_ra_proto_msgTypes[12]
mi := &file_ra_proto_msgTypes[14]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -762,7 +856,7 @@ func (x *UnpauseAccountResponse) String() string {
func (*UnpauseAccountResponse) ProtoMessage() {}
func (x *UnpauseAccountResponse) ProtoReflect() protoreflect.Message {
mi := &file_ra_proto_msgTypes[12]
mi := &file_ra_proto_msgTypes[14]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -775,7 +869,7 @@ func (x *UnpauseAccountResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use UnpauseAccountResponse.ProtoReflect.Descriptor instead.
func (*UnpauseAccountResponse) Descriptor() ([]byte, []int) {
return file_ra_proto_rawDescGZIP(), []int{12}
return file_ra_proto_rawDescGZIP(), []int{14}
}
func (x *UnpauseAccountResponse) GetCount() int64 {
@ -793,159 +887,168 @@ var file_ra_proto_rawDesc = []byte{
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
0x63, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x2d, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06,
0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65,
0x72, 0x69, 0x61, 0x6c, 0x22, 0x66, 0x0a, 0x20, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65,
0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63,
0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x2c, 0x0a, 0x0a, 0x53, 0x43, 0x54, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x44, 0x45,
0x52, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74,
0x44, 0x45, 0x52, 0x22, 0x25, 0x0a, 0x0b, 0x53, 0x43, 0x54, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x74, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x03,
0x28, 0x0c, 0x52, 0x06, 0x73, 0x63, 0x74, 0x44, 0x45, 0x52, 0x22, 0x2d, 0x0a, 0x13, 0x47, 0x65,
0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28,
0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0x66, 0x0a, 0x20, 0x55, 0x70, 0x64,
0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a,
0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18,
0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74,
0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74,
0x73, 0x22, 0x58, 0x0a, 0x1c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73,
0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73,
0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b,
0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6a, 0x77, 0x6b, 0x22, 0x9c, 0x01, 0x0a, 0x1a,
0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75,
0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65,
0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05,
0x61, 0x75, 0x74, 0x68, 0x7a, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e,
0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63,
0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x2b, 0x0a,
0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
0x0f, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65,
0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6d, 0x0a, 0x18, 0x50, 0x65,
0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18,
0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74,
0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68,
0x7a, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e,
0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c,
0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x5c, 0x0a, 0x1c, 0x52, 0x65, 0x76,
0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61,
0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72,
0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x12, 0x0a,
0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64,
0x65, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03,
0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x22, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x76, 0x6f, 0x6b,
0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
0x04, 0x63, 0x65, 0x72, 0x74, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xe6, 0x01, 0x0a, 0x28,
0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79,
0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74,
0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06,
0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65,
0x72, 0x69, 0x61, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01,
0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x64, 0x6d, 0x69,
0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x64, 0x6d,
0x69, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c,
0x6f, 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x73, 0x6b,
0x69, 0x70, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x61,
0x6c, 0x66, 0x6f, 0x72, 0x6d, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6d,
0x61, 0x6c, 0x66, 0x6f, 0x72, 0x6d, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x72, 0x6c, 0x53,
0x68, 0x61, 0x72, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x63, 0x72, 0x6c, 0x53,
0x68, 0x61, 0x72, 0x64, 0x22, 0xc1, 0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65,
0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69,
0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03,
0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44,
0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03,
0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x22, 0x58, 0x0a, 0x1c,
0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03,
0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0e,
0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x03,
0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65,
0x72, 0x69, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x05,
0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x4a, 0x04, 0x08, 0x04,
0x10, 0x05, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x22, 0x29, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x41,
0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52,
0x02, 0x69, 0x64, 0x22, 0x4b, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f,
0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x05, 0x6f,
0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x72,
0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10,
0x0a, 0x03, 0x63, 0x73, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x73, 0x72,
0x22, 0x3f, 0x0a, 0x15, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75,
0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67,
0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28,
0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49,
0x44, 0x22, 0x2e, 0x0a, 0x16, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f,
0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63,
0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e,
0x74, 0x32, 0x9f, 0x08, 0x0a, 0x15, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3b, 0x0a, 0x0f, 0x4e,
0x65, 0x77, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12,
0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
0x6f, 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x57, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61,
0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x24, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74,
0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e,
0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f,
0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
0x00, 0x12, 0x4f, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73,
0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e,
0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e,
0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01,
0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
0x6f, 0x6e, 0x49, 0x44, 0x12, 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28,
0x0c, 0x52, 0x03, 0x6a, 0x77, 0x6b, 0x22, 0x9c, 0x01, 0x0a, 0x1a, 0x55, 0x70, 0x64, 0x61, 0x74,
0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01,
0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68,
0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a,
0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64,
0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65,
0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x2b, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x6f, 0x72,
0x65, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x72, 0x65, 0x73,
0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6d, 0x0a, 0x18, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d,
0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x12, 0x26, 0x0a, 0x0e,
0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02,
0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49,
0x6e, 0x64, 0x65, 0x78, 0x22, 0x5c, 0x0a, 0x1c, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65,
0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01,
0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65,
0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x05,
0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67,
0x49, 0x44, 0x22, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74,
0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04,
0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74,
0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xe6, 0x01, 0x0a, 0x28, 0x41, 0x64, 0x6d, 0x69, 0x6e,
0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b,
0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61,
0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12,
0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63,
0x6f, 0x64, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x4e, 0x61, 0x6d, 0x65,
0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x4e, 0x61, 0x6d,
0x65, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x4b, 0x65,
0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c, 0x6f,
0x63, 0x6b, 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x6d,
0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6d, 0x61, 0x6c, 0x66, 0x6f, 0x72,
0x6d, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x72, 0x6c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x18,
0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x63, 0x72, 0x6c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x22,
0xc1, 0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67,
0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x64,
0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x64,
0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61,
0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12,
0x36, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72,
0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66,
0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08,
0x06, 0x10, 0x07, 0x22, 0x29, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e,
0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x4b,
0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18,
0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64,
0x65, 0x72, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x73, 0x72,
0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x73, 0x72, 0x22, 0x3f, 0x0a, 0x15, 0x55,
0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65,
0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x22, 0x2e, 0x0a, 0x16,
0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18,
0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x32, 0x9f, 0x08, 0x0a,
0x15, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74,
0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x52, 0x65, 0x67,
0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65,
0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x12, 0x2e,
0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x22, 0x00, 0x12, 0x57, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67,
0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74,
0x12, 0x24, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69,
0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65,
0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x15,
0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74,
0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52,
0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a,
0x11, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x72, 0x61, 0x2e, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56,
0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x16, 0x44, 0x65, 0x61, 0x63, 0x74,
0x69, 0x76, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12,
0x48, 0x0a, 0x17, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74,
0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x13, 0x2e, 0x63, 0x6f, 0x72,
0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a,
0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x53, 0x0a, 0x15, 0x52, 0x65, 0x76,
0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61,
0x6e, 0x74, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65,
0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x47,
0x0a, 0x0f, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65,
0x79, 0x12, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72,
0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e,
0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x6b, 0x0a, 0x21, 0x41, 0x64, 0x6d, 0x69, 0x6e,
0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b,
0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x2c, 0x2e, 0x72,
0x61, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65,
0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f,
0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70,
0x74, 0x79, 0x22, 0x00, 0x12, 0x2e, 0x0a, 0x08, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72,
0x12, 0x13, 0x2e, 0x72, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64,
0x65, 0x72, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f,
0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x2e, 0x72, 0x61, 0x2e, 0x47, 0x65,
0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63,
0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x22, 0x00, 0x12, 0x48, 0x0a, 0x11, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c,
0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x72, 0x61, 0x2e, 0x50, 0x65, 0x72,
0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74,
0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x38, 0x0a, 0x0d,
0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x18, 0x2e,
0x72, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f,
0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61,
0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x72, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65,
0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63,
0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x19, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75,
0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63,
0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x29,
0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74,
0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72,
0x2f, 0x72, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x33,
0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x16,
0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65,
0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f,
0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70,
0x74, 0x79, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x17, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61,
0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x53,
0x0a, 0x15, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70,
0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76,
0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61,
0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74,
0x79, 0x22, 0x00, 0x12, 0x47, 0x0a, 0x0f, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72,
0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f,
0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x6b, 0x0a, 0x21,
0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79,
0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
0x65, 0x12, 0x2c, 0x2e, 0x72, 0x61, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72,
0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72,
0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x2e, 0x0a, 0x08, 0x4e, 0x65, 0x77,
0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x13, 0x2e, 0x72, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72,
0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72,
0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x10, 0x47, 0x65, 0x74,
0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x2e,
0x72, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72,
0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
0x00, 0x12, 0x38, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64,
0x65, 0x72, 0x12, 0x18, 0x2e, 0x72, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65,
0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63,
0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0c, 0x47,
0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x72, 0x61,
0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61,
0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x19, 0x2e, 0x72, 0x61, 0x2e,
0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75,
0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
0x65, 0x22, 0x00, 0x32, 0x3b, 0x0a, 0x0b, 0x53, 0x43, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
0x65, 0x72, 0x12, 0x2c, 0x0a, 0x07, 0x47, 0x65, 0x74, 0x53, 0x43, 0x54, 0x73, 0x12, 0x0e, 0x2e,
0x72, 0x61, 0x2e, 0x53, 0x43, 0x54, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0f, 0x2e,
0x72, 0x61, 0x2e, 0x53, 0x43, 0x54, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c,
0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64,
0x65, 0x72, 0x2f, 0x72, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x33,
}
var (
@ -960,63 +1063,67 @@ func file_ra_proto_rawDescGZIP() []byte {
return file_ra_proto_rawDescData
}
var file_ra_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
var file_ra_proto_msgTypes = make([]protoimpl.MessageInfo, 15)
var file_ra_proto_goTypes = []interface{}{
(*GenerateOCSPRequest)(nil), // 0: ra.GenerateOCSPRequest
(*UpdateRegistrationContactRequest)(nil), // 1: ra.UpdateRegistrationContactRequest
(*UpdateRegistrationKeyRequest)(nil), // 2: ra.UpdateRegistrationKeyRequest
(*UpdateAuthorizationRequest)(nil), // 3: ra.UpdateAuthorizationRequest
(*PerformValidationRequest)(nil), // 4: ra.PerformValidationRequest
(*RevokeCertByApplicantRequest)(nil), // 5: ra.RevokeCertByApplicantRequest
(*RevokeCertByKeyRequest)(nil), // 6: ra.RevokeCertByKeyRequest
(*AdministrativelyRevokeCertificateRequest)(nil), // 7: ra.AdministrativelyRevokeCertificateRequest
(*NewOrderRequest)(nil), // 8: ra.NewOrderRequest
(*GetAuthorizationRequest)(nil), // 9: ra.GetAuthorizationRequest
(*FinalizeOrderRequest)(nil), // 10: ra.FinalizeOrderRequest
(*UnpauseAccountRequest)(nil), // 11: ra.UnpauseAccountRequest
(*UnpauseAccountResponse)(nil), // 12: ra.UnpauseAccountResponse
(*proto.Authorization)(nil), // 13: core.Authorization
(*proto.Challenge)(nil), // 14: core.Challenge
(*proto.Order)(nil), // 15: core.Order
(*proto.Registration)(nil), // 16: core.Registration
(*emptypb.Empty)(nil), // 17: google.protobuf.Empty
(*proto1.OCSPResponse)(nil), // 18: ca.OCSPResponse
(*SCTRequest)(nil), // 0: ra.SCTRequest
(*SCTResponse)(nil), // 1: ra.SCTResponse
(*GenerateOCSPRequest)(nil), // 2: ra.GenerateOCSPRequest
(*UpdateRegistrationContactRequest)(nil), // 3: ra.UpdateRegistrationContactRequest
(*UpdateRegistrationKeyRequest)(nil), // 4: ra.UpdateRegistrationKeyRequest
(*UpdateAuthorizationRequest)(nil), // 5: ra.UpdateAuthorizationRequest
(*PerformValidationRequest)(nil), // 6: ra.PerformValidationRequest
(*RevokeCertByApplicantRequest)(nil), // 7: ra.RevokeCertByApplicantRequest
(*RevokeCertByKeyRequest)(nil), // 8: ra.RevokeCertByKeyRequest
(*AdministrativelyRevokeCertificateRequest)(nil), // 9: ra.AdministrativelyRevokeCertificateRequest
(*NewOrderRequest)(nil), // 10: ra.NewOrderRequest
(*GetAuthorizationRequest)(nil), // 11: ra.GetAuthorizationRequest
(*FinalizeOrderRequest)(nil), // 12: ra.FinalizeOrderRequest
(*UnpauseAccountRequest)(nil), // 13: ra.UnpauseAccountRequest
(*UnpauseAccountResponse)(nil), // 14: ra.UnpauseAccountResponse
(*proto.Authorization)(nil), // 15: core.Authorization
(*proto.Challenge)(nil), // 16: core.Challenge
(*proto.Order)(nil), // 17: core.Order
(*proto.Registration)(nil), // 18: core.Registration
(*emptypb.Empty)(nil), // 19: google.protobuf.Empty
(*proto1.OCSPResponse)(nil), // 20: ca.OCSPResponse
}
var file_ra_proto_depIdxs = []int32{
13, // 0: ra.UpdateAuthorizationRequest.authz:type_name -> core.Authorization
14, // 1: ra.UpdateAuthorizationRequest.response:type_name -> core.Challenge
13, // 2: ra.PerformValidationRequest.authz:type_name -> core.Authorization
15, // 3: ra.FinalizeOrderRequest.order:type_name -> core.Order
16, // 4: ra.RegistrationAuthority.NewRegistration:input_type -> core.Registration
1, // 5: ra.RegistrationAuthority.UpdateRegistrationContact:input_type -> ra.UpdateRegistrationContactRequest
2, // 6: ra.RegistrationAuthority.UpdateRegistrationKey:input_type -> ra.UpdateRegistrationKeyRequest
4, // 7: ra.RegistrationAuthority.PerformValidation:input_type -> ra.PerformValidationRequest
16, // 8: ra.RegistrationAuthority.DeactivateRegistration:input_type -> core.Registration
13, // 9: ra.RegistrationAuthority.DeactivateAuthorization:input_type -> core.Authorization
5, // 10: ra.RegistrationAuthority.RevokeCertByApplicant:input_type -> ra.RevokeCertByApplicantRequest
6, // 11: ra.RegistrationAuthority.RevokeCertByKey:input_type -> ra.RevokeCertByKeyRequest
7, // 12: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:input_type -> ra.AdministrativelyRevokeCertificateRequest
8, // 13: ra.RegistrationAuthority.NewOrder:input_type -> ra.NewOrderRequest
9, // 14: ra.RegistrationAuthority.GetAuthorization:input_type -> ra.GetAuthorizationRequest
10, // 15: ra.RegistrationAuthority.FinalizeOrder:input_type -> ra.FinalizeOrderRequest
0, // 16: ra.RegistrationAuthority.GenerateOCSP:input_type -> ra.GenerateOCSPRequest
11, // 17: ra.RegistrationAuthority.UnpauseAccount:input_type -> ra.UnpauseAccountRequest
16, // 18: ra.RegistrationAuthority.NewRegistration:output_type -> core.Registration
16, // 19: ra.RegistrationAuthority.UpdateRegistrationContact:output_type -> core.Registration
16, // 20: ra.RegistrationAuthority.UpdateRegistrationKey:output_type -> core.Registration
13, // 21: ra.RegistrationAuthority.PerformValidation:output_type -> core.Authorization
17, // 22: ra.RegistrationAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty
17, // 23: ra.RegistrationAuthority.DeactivateAuthorization:output_type -> google.protobuf.Empty
17, // 24: ra.RegistrationAuthority.RevokeCertByApplicant:output_type -> google.protobuf.Empty
17, // 25: ra.RegistrationAuthority.RevokeCertByKey:output_type -> google.protobuf.Empty
17, // 26: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:output_type -> google.protobuf.Empty
15, // 27: ra.RegistrationAuthority.NewOrder:output_type -> core.Order
13, // 28: ra.RegistrationAuthority.GetAuthorization:output_type -> core.Authorization
15, // 29: ra.RegistrationAuthority.FinalizeOrder:output_type -> core.Order
18, // 30: ra.RegistrationAuthority.GenerateOCSP:output_type -> ca.OCSPResponse
12, // 31: ra.RegistrationAuthority.UnpauseAccount:output_type -> ra.UnpauseAccountResponse
18, // [18:32] is the sub-list for method output_type
4, // [4:18] is the sub-list for method input_type
15, // 0: ra.UpdateAuthorizationRequest.authz:type_name -> core.Authorization
16, // 1: ra.UpdateAuthorizationRequest.response:type_name -> core.Challenge
15, // 2: ra.PerformValidationRequest.authz:type_name -> core.Authorization
17, // 3: ra.FinalizeOrderRequest.order:type_name -> core.Order
18, // 4: ra.RegistrationAuthority.NewRegistration:input_type -> core.Registration
3, // 5: ra.RegistrationAuthority.UpdateRegistrationContact:input_type -> ra.UpdateRegistrationContactRequest
4, // 6: ra.RegistrationAuthority.UpdateRegistrationKey:input_type -> ra.UpdateRegistrationKeyRequest
6, // 7: ra.RegistrationAuthority.PerformValidation:input_type -> ra.PerformValidationRequest
18, // 8: ra.RegistrationAuthority.DeactivateRegistration:input_type -> core.Registration
15, // 9: ra.RegistrationAuthority.DeactivateAuthorization:input_type -> core.Authorization
7, // 10: ra.RegistrationAuthority.RevokeCertByApplicant:input_type -> ra.RevokeCertByApplicantRequest
8, // 11: ra.RegistrationAuthority.RevokeCertByKey:input_type -> ra.RevokeCertByKeyRequest
9, // 12: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:input_type -> ra.AdministrativelyRevokeCertificateRequest
10, // 13: ra.RegistrationAuthority.NewOrder:input_type -> ra.NewOrderRequest
11, // 14: ra.RegistrationAuthority.GetAuthorization:input_type -> ra.GetAuthorizationRequest
12, // 15: ra.RegistrationAuthority.FinalizeOrder:input_type -> ra.FinalizeOrderRequest
2, // 16: ra.RegistrationAuthority.GenerateOCSP:input_type -> ra.GenerateOCSPRequest
13, // 17: ra.RegistrationAuthority.UnpauseAccount:input_type -> ra.UnpauseAccountRequest
0, // 18: ra.SCTProvider.GetSCTs:input_type -> ra.SCTRequest
18, // 19: ra.RegistrationAuthority.NewRegistration:output_type -> core.Registration
18, // 20: ra.RegistrationAuthority.UpdateRegistrationContact:output_type -> core.Registration
18, // 21: ra.RegistrationAuthority.UpdateRegistrationKey:output_type -> core.Registration
15, // 22: ra.RegistrationAuthority.PerformValidation:output_type -> core.Authorization
19, // 23: ra.RegistrationAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty
19, // 24: ra.RegistrationAuthority.DeactivateAuthorization:output_type -> google.protobuf.Empty
19, // 25: ra.RegistrationAuthority.RevokeCertByApplicant:output_type -> google.protobuf.Empty
19, // 26: ra.RegistrationAuthority.RevokeCertByKey:output_type -> google.protobuf.Empty
19, // 27: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:output_type -> google.protobuf.Empty
17, // 28: ra.RegistrationAuthority.NewOrder:output_type -> core.Order
15, // 29: ra.RegistrationAuthority.GetAuthorization:output_type -> core.Authorization
17, // 30: ra.RegistrationAuthority.FinalizeOrder:output_type -> core.Order
20, // 31: ra.RegistrationAuthority.GenerateOCSP:output_type -> ca.OCSPResponse
14, // 32: ra.RegistrationAuthority.UnpauseAccount:output_type -> ra.UnpauseAccountResponse
1, // 33: ra.SCTProvider.GetSCTs:output_type -> ra.SCTResponse
19, // [19:34] is the sub-list for method output_type
4, // [4:19] is the sub-list for method input_type
4, // [4:4] is the sub-list for extension type_name
4, // [4:4] is the sub-list for extension extendee
0, // [0:4] is the sub-list for field type_name
@ -1029,7 +1136,7 @@ func file_ra_proto_init() {
}
if !protoimpl.UnsafeEnabled {
file_ra_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GenerateOCSPRequest); i {
switch v := v.(*SCTRequest); i {
case 0:
return &v.state
case 1:
@ -1041,7 +1148,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UpdateRegistrationContactRequest); i {
switch v := v.(*SCTResponse); i {
case 0:
return &v.state
case 1:
@ -1053,7 +1160,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UpdateRegistrationKeyRequest); i {
switch v := v.(*GenerateOCSPRequest); i {
case 0:
return &v.state
case 1:
@ -1065,7 +1172,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UpdateAuthorizationRequest); i {
switch v := v.(*UpdateRegistrationContactRequest); i {
case 0:
return &v.state
case 1:
@ -1077,7 +1184,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*PerformValidationRequest); i {
switch v := v.(*UpdateRegistrationKeyRequest); i {
case 0:
return &v.state
case 1:
@ -1089,7 +1196,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*RevokeCertByApplicantRequest); i {
switch v := v.(*UpdateAuthorizationRequest); i {
case 0:
return &v.state
case 1:
@ -1101,7 +1208,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*RevokeCertByKeyRequest); i {
switch v := v.(*PerformValidationRequest); i {
case 0:
return &v.state
case 1:
@ -1113,7 +1220,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*AdministrativelyRevokeCertificateRequest); i {
switch v := v.(*RevokeCertByApplicantRequest); i {
case 0:
return &v.state
case 1:
@ -1125,7 +1232,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*NewOrderRequest); i {
switch v := v.(*RevokeCertByKeyRequest); i {
case 0:
return &v.state
case 1:
@ -1137,7 +1244,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*GetAuthorizationRequest); i {
switch v := v.(*AdministrativelyRevokeCertificateRequest); i {
case 0:
return &v.state
case 1:
@ -1149,7 +1256,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*FinalizeOrderRequest); i {
switch v := v.(*NewOrderRequest); i {
case 0:
return &v.state
case 1:
@ -1161,7 +1268,7 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UnpauseAccountRequest); i {
switch v := v.(*GetAuthorizationRequest); i {
case 0:
return &v.state
case 1:
@ -1173,6 +1280,30 @@ func file_ra_proto_init() {
}
}
file_ra_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*FinalizeOrderRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_ra_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UnpauseAccountRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_ra_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UnpauseAccountResponse); i {
case 0:
return &v.state
@ -1191,9 +1322,9 @@ func file_ra_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_ra_proto_rawDesc,
NumEnums: 0,
NumMessages: 13,
NumMessages: 15,
NumExtensions: 0,
NumServices: 1,
NumServices: 2,
},
GoTypes: file_ra_proto_goTypes,
DependencyIndexes: file_ra_proto_depIdxs,

12
ra/proto/ra.proto
View File

@ -25,6 +25,18 @@ service RegistrationAuthority {
rpc UnpauseAccount(UnpauseAccountRequest) returns (UnpauseAccountResponse) {}
}
service SCTProvider {
rpc GetSCTs(SCTRequest) returns (SCTResponse) {}
}
message SCTRequest {
bytes precertDER = 1;
}
message SCTResponse {
repeated bytes sctDER = 1;
}
message GenerateOCSPRequest {
string serial = 1;
}

91
ra/proto/ra_grpc.pb.go
View File

@ -607,3 +607,94 @@ var RegistrationAuthority_ServiceDesc = grpc.ServiceDesc{
Streams: []grpc.StreamDesc{},
Metadata: "ra.proto",
}
const (
SCTProvider_GetSCTs_FullMethodName = "/ra.SCTProvider/GetSCTs"
)
// SCTProviderClient is the client API for SCTProvider service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
type SCTProviderClient interface {
GetSCTs(ctx context.Context, in *SCTRequest, opts ...grpc.CallOption) (*SCTResponse, error)
}
type sCTProviderClient struct {
cc grpc.ClientConnInterface
}
func NewSCTProviderClient(cc grpc.ClientConnInterface) SCTProviderClient {
return &sCTProviderClient{cc}
}
func (c *sCTProviderClient) GetSCTs(ctx context.Context, in *SCTRequest, opts ...grpc.CallOption) (*SCTResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(SCTResponse)
err := c.cc.Invoke(ctx, SCTProvider_GetSCTs_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// SCTProviderServer is the server API for SCTProvider service.
// All implementations must embed UnimplementedSCTProviderServer
// for forward compatibility
type SCTProviderServer interface {
GetSCTs(context.Context, *SCTRequest) (*SCTResponse, error)
mustEmbedUnimplementedSCTProviderServer()
}
// UnimplementedSCTProviderServer must be embedded to have forward compatible implementations.
type UnimplementedSCTProviderServer struct {
}
func (UnimplementedSCTProviderServer) GetSCTs(context.Context, *SCTRequest) (*SCTResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetSCTs not implemented")
}
func (UnimplementedSCTProviderServer) mustEmbedUnimplementedSCTProviderServer() {}
// UnsafeSCTProviderServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to SCTProviderServer will
// result in compilation errors.
type UnsafeSCTProviderServer interface {
mustEmbedUnimplementedSCTProviderServer()
}
func RegisterSCTProviderServer(s grpc.ServiceRegistrar, srv SCTProviderServer) {
s.RegisterService(&SCTProvider_ServiceDesc, srv)
}
func _SCTProvider_GetSCTs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SCTRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(SCTProviderServer).GetSCTs(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: SCTProvider_GetSCTs_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(SCTProviderServer).GetSCTs(ctx, req.(*SCTRequest))
}
return interceptor(ctx, in, info, handler)
}
// SCTProvider_ServiceDesc is the grpc.ServiceDesc for SCTProvider service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var SCTProvider_ServiceDesc = grpc.ServiceDesc{
ServiceName: "ra.SCTProvider",
HandlerType: (*SCTProviderServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "GetSCTs",
Handler: _SCTProvider_GetSCTs_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "ra.proto",
}

121
ra/ra.go
View File

@ -4,7 +4,6 @@ import (
"context"
"crypto"
"crypto/x509"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
@ -74,6 +73,7 @@ var (
// populated, or there is a risk of panic.
type RegistrationAuthorityImpl struct {
rapb.UnsafeRegistrationAuthorityServer
rapb.UnsafeSCTProviderServer
CA capb.CertificateAuthorityClient
OCSP capb.OCSPGeneratorClient
VA va.RemoteClients
@ -103,7 +103,7 @@ type RegistrationAuthorityImpl struct {
namesPerCert *prometheus.HistogramVec
newRegCounter prometheus.Counter
recheckCAACounter prometheus.Counter
newCertCounter *prometheus.CounterVec
newCertCounter prometheus.Counter
authzAges *prometheus.HistogramVec
orderAges *prometheus.HistogramVec
inflightFinalizes prometheus.Gauge
@ -170,10 +170,10 @@ func NewRegistrationAuthorityImpl(
})
stats.MustRegister(recheckCAACounter)
newCertCounter := prometheus.NewCounterVec(prometheus.CounterOpts{
newCertCounter := prometheus.NewCounter(prometheus.CounterOpts{
Name: "new_certificates",
Help: "A counter of new certificates including the certificate profile name and hexadecimal certificate profile hash",
}, []string{"profileName", "profileHash"})
Help: "A counter of issued certificates",
})
stats.MustRegister(newCertCounter)
revocationReasonCounter := prometheus.NewCounterVec(prometheus.CounterOpts{
@ -1159,6 +1159,16 @@ func (ra *RegistrationAuthorityImpl) validateFinalizeRequest(
return csr, nil
}
func (ra *RegistrationAuthorityImpl) GetSCTs(ctx context.Context, sctRequest *rapb.SCTRequest) (*rapb.SCTResponse, error) {
scts, err := ra.getSCTs(ctx, sctRequest.PrecertDER)
if err != nil {
return nil, err
}
return &rapb.SCTResponse{
SctDER: scts,
}, nil
}
// issueCertificateOuter exists solely to ensure that all calls to
// issueCertificateInner have their result handled uniformly, no matter what
// return path that inner function takes. It takes ownership of the logEvent,
@ -1192,7 +1202,7 @@ func (ra *RegistrationAuthorityImpl) issueCertificateOuter(
}
// Step 3: Issue the Certificate
cert, cpId, err := ra.issueCertificateInner(
cert, err := ra.issueCertificateInner(
ctx, csr, isRenewal, profileName, accountID(order.RegistrationID), orderID(order.Id))
// Step 4: Fail the order if necessary, and update metrics and log fields
@ -1217,19 +1227,14 @@ func (ra *RegistrationAuthorityImpl) issueCertificateOuter(
prometheus.Labels{"type": "issued"},
).Observe(float64(len(order.DnsNames)))
ra.newCertCounter.With(
prometheus.Labels{
"profileName": cpId.name,
"profileHash": hex.EncodeToString(cpId.hash),
}).Inc()
ra.newCertCounter.Inc()
logEvent.SerialNumber = core.SerialToString(cert.SerialNumber)
logEvent.CommonName = cert.Subject.CommonName
logEvent.Names = cert.DNSNames
logEvent.NotBefore = cert.NotBefore
logEvent.NotAfter = cert.NotAfter
logEvent.CertProfileName = cpId.name
logEvent.CertProfileHash = hex.EncodeToString(cpId.hash)
logEvent.CertProfileName = profileName
result = "successful"
}
@ -1269,13 +1274,6 @@ func (ra *RegistrationAuthorityImpl) countCertificateIssued(ctx context.Context,
}
}
// certProfileID contains the name and hash of a certificate profile returned by
// a CA.
type certProfileID struct {
name string
hash []byte
}
// issueCertificateInner is part of the [issuance cycle].
//
// It gets a precertificate from the CA, submits it to CT logs to get SCTs,
@ -1299,7 +1297,7 @@ func (ra *RegistrationAuthorityImpl) issueCertificateInner(
isRenewal bool,
profileName string,
acctID accountID,
oID orderID) (*x509.Certificate, *certProfileID, error) {
oID orderID) (*x509.Certificate, error) {
// wrapError adds a prefix to an error. If the error is a boulder error then
// the problem detail is updated with the prefix. Otherwise a new error is
// returned with the message prefixed using `fmt.Errorf`
@ -1317,49 +1315,55 @@ func (ra *RegistrationAuthorityImpl) issueCertificateInner(
OrderID: int64(oID),
CertProfileName: profileName,
}
// Once we get a precert from IssuePrecertificate, we must attempt issuing
// a final certificate at most once. We achieve that by bailing on any error
// between here and IssueCertificateForPrecertificate.
precert, err := ra.CA.IssuePrecertificate(ctx, issueReq)
if err != nil {
return nil, nil, wrapError(err, "issuing precertificate")
var certDER []byte
if features.Get().UnsplitIssuance {
resp, err := ra.CA.IssueCertificate(ctx, issueReq)
if err != nil {
return nil, err
}
certDER = resp.DER
} else {
// Once we get a precert from IssuePrecertificate, we must attempt issuing
// a final certificate at most once. We achieve that by bailing on any error
// between here and IssueCertificateForPrecertificate.
precert, err := ra.CA.IssuePrecertificate(ctx, issueReq)
if err != nil {
return nil, wrapError(err, "issuing precertificate")
}
scts, err := ra.getSCTs(ctx, precert.DER)
if err != nil {
return nil, wrapError(err, "getting SCTs")
}
certPB, err := ra.CA.IssueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
DER: precert.DER,
SCTs: scts,
RegistrationID: int64(acctID),
OrderID: int64(oID),
CertProfileHash: precert.CertProfileHash,
})
if err != nil {
return nil, wrapError(err, "issuing certificate for precertificate")
}
certDER = certPB.Der
}
parsedPrecert, err := x509.ParseCertificate(precert.DER)
parsedCertificate, err := x509.ParseCertificate(certDER)
if err != nil {
return nil, nil, wrapError(err, "parsing precertificate")
}
scts, err := ra.getSCTs(ctx, precert.DER, parsedPrecert.NotAfter)
if err != nil {
return nil, nil, wrapError(err, "getting SCTs")
}
cert, err := ra.CA.IssueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
DER: precert.DER,
SCTs: scts,
RegistrationID: int64(acctID),
OrderID: int64(oID),
CertProfileHash: precert.CertProfileHash,
})
if err != nil {
return nil, nil, wrapError(err, "issuing certificate for precertificate")
}
parsedCertificate, err := x509.ParseCertificate(cert.Der)
if err != nil {
return nil, nil, wrapError(err, "parsing final certificate")
return nil, wrapError(err, "parsing final certificate")
}
ra.countCertificateIssued(ctx, int64(acctID), slices.Clone(parsedCertificate.DNSNames), isRenewal)
// Asynchronously submit the final certificate to any configured logs
go ra.ctpolicy.SubmitFinalCert(cert.Der, parsedCertificate.NotAfter)
go ra.ctpolicy.SubmitFinalCert(certDER, parsedCertificate.NotAfter)
err = ra.matchesCSR(parsedCertificate, csr)
if err != nil {
ra.certCSRMismatch.Inc()
return nil, nil, err
return nil, err
}
_, err = ra.SA.FinalizeOrder(ctx, &sapb.FinalizeOrderRequest{
@ -1367,15 +1371,20 @@ func (ra *RegistrationAuthorityImpl) issueCertificateInner(
CertificateSerial: core.SerialToString(parsedCertificate.SerialNumber),
})
if err != nil {
return nil, nil, wrapError(err, "persisting finalized order")
return nil, wrapError(err, "persisting finalized order")
}
return parsedCertificate, &certProfileID{name: precert.CertProfileName, hash: precert.CertProfileHash}, nil
return parsedCertificate, nil
}
func (ra *RegistrationAuthorityImpl) getSCTs(ctx context.Context, cert []byte, expiration time.Time) (core.SCTDERs, error) {
func (ra *RegistrationAuthorityImpl) getSCTs(ctx context.Context, precertDER []byte) (core.SCTDERs, error) {
started := ra.clk.Now()
scts, err := ra.ctpolicy.GetSCTs(ctx, cert, expiration)
precert, err := x509.ParseCertificate(precertDER)
if err != nil {
return nil, fmt.Errorf("parsing precertificate: %w", err)
}
scts, err := ra.ctpolicy.GetSCTs(ctx, precertDER, precert.NotAfter)
took := ra.clk.Since(started)
if err != nil {
state := "failure"

8
ra/ra_test.go
View File

@ -3337,7 +3337,7 @@ func TestIssueCertificateInnerErrs(t *testing.T) {
// Mock the CA
ra.CA = tc.Mock
// Attempt issuance
_, _, err = ra.issueCertificateInner(ctx, csrOb, false, order.CertificateProfileName, accountID(Registration.Id), orderID(order.Id))
_, err = ra.issueCertificateInner(ctx, csrOb, false, order.CertificateProfileName, accountID(Registration.Id), orderID(order.Id))
// We expect all of the testcases to fail because all use mocked CAs that deliberately error
test.AssertError(t, err, "issueCertificateInner with failing mock CA did not fail")
// If there is an expected `error` then match the error message
@ -3362,6 +3362,10 @@ type MockCARecordingProfile struct {
profileHash []byte
}
func (ca *MockCARecordingProfile) IssueCertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssueCertificateResponse, error) {
return nil, errors.New("IssueCertificate called in a test that didn't need it")
}
func (ca *MockCARecordingProfile) IssuePrecertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) {
ca.profileName = req.CertProfileName
return ca.inner.IssuePrecertificate(ctx, req)
@ -3468,8 +3472,6 @@ func TestIssueCertificateOuter(t *testing.T) {
if !bytes.Equal(mockCA.profileHash, wantHash) {
t.Errorf("recorded profileName = %x, want %x", mockCA.profileHash, wantHash)
}
test.AssertMetricWithLabelsEquals(t, ra.newCertCounter, prometheus.Labels{"profileName": tc.wantProfile, "profileHash": tc.wantHash}, 1)
ra.newCertCounter.Reset()
})
}
}

4
test/asserts.go
View File

@ -247,5 +247,7 @@ loop:
total += float64(iom.Histogram.GetSampleCount())
}
}
AssertEquals(t, total, expected)
if total != expected {
t.Errorf("metric with labels %+v: got %g, want %g", l, total, expected)
}
}

10
test/config-next/ca.json
View File

@ -31,6 +31,16 @@
}
}
},
"sctService": {
"dnsAuthority": "consul.service.consul",
"srvLookup": {
"service": "ra-sct-provider",
"domain": "service.consul"
},
"timeout": "15s",
"noWaitForReady": true,
"hostOverride": "ra.boulder"
},
"saService": {
"dnsAuthority": "consul.service.consul",
"srvLookup": {

6
test/config-next/ra.json
View File

@ -127,6 +127,11 @@
"sfe.boulder"
]
},
"ra.SCTProvider": {
"clientNames": [
"ca.boulder"
]
},
"grpc.health.v1.Health": {
"clientNames": [
"health-checker.boulder"
@ -138,6 +143,7 @@
"AsyncFinalize": true,
"AutomaticallyPauseZombieClients": true,
"NoPendingAuthzReuse": true,
"UnsplitIssuance": true,
"EnforceMPIC": true
},
"ctLogs": {

16
test/consul/config.hcl
View File

@ -144,6 +144,22 @@ services {
tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
}
services {
id = "ra-sct-provider-a"
name = "ra-sct-provider"
address = "10.77.77.77"
port = 9594
tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
}
services {
id = "ra-sct-provider-b"
name = "ra-sct-provider"
address = "10.77.77.77"
port = 9694
tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
}
services {
id = "ra-a"
name = "ra"

2
test/integration/otel_test.go
View File

@ -226,7 +226,7 @@ func TestTraces(t *testing.T) {
httpSpan("/acme/chall/"),
httpSpan("/acme/finalize/",
rpcSpan("ra.RegistrationAuthority/FinalizeOrder", wfe, ra,
rpcSpan("ca.CertificateAuthority/IssueCertificateForPrecertificate", ra, ca))),
rpcSpan("ca.CertificateAuthority/IssueCertificate", ra, ca))),
},
}

19
test/startservers.py
View File

@ -69,11 +69,11 @@ SERVICES = (
Service('boulder-ca-1',
8001, 9393, 'ca.boulder',
('./bin/boulder', 'boulder-ca', '--config', os.path.join(config_dir, 'ca.json'), '--addr', ':9393', '--debug-addr', ':8001'),
('boulder-sa-1', 'boulder-sa-2')),
('boulder-sa-1', 'boulder-sa-2', 'boulder-ra-sct-provider-1', 'boulder-ra-sct-provider-2')),
Service('boulder-ca-2',
8101, 9493, 'ca.boulder',
('./bin/boulder', 'boulder-ca', '--config', os.path.join(config_dir, 'ca.json'), '--addr', ':9493', '--debug-addr', ':8101'),
('boulder-sa-1', 'boulder-sa-2')),
('boulder-sa-1', 'boulder-sa-2', 'boulder-ra-sct-provider-1', 'boulder-ra-sct-provider-2')),
Service('akamai-test-srv',
6789, None, None,
('./bin/akamai-test-srv', '--listen', 'localhost:6789', '--secret', 'its-a-secret'),
@ -102,6 +102,21 @@ SERVICES = (
8102, 9494, 'ra.boulder',
('./bin/boulder', 'boulder-ra', '--config', os.path.join(config_dir, 'ra.json'), '--addr', ':9494', '--debug-addr', ':8102'),
('boulder-sa-1', 'boulder-sa-2', 'boulder-ca-1', 'boulder-ca-2', 'boulder-va-1', 'boulder-va-2', 'akamai-purger', 'boulder-publisher-1', 'boulder-publisher-2')),
# We run a separate instance of the RA for use as the SCTProvider service called by the CA.
# This solves a small problem of startup order: if a client (the CA in this case) starts
# up before its backends, gRPC will try to connect immediately (due to health checks),
# get a connection refused, and enter a backoff state. That backoff state can cause
# subsequent requests to fail. This issue only exists for the CA-RA pair because they
# have a circular relationship - the RA calls CA.IssueCertificate, and the CA calls
# SCTProvider.GetSCTs (offered by the RA).
Service('boulder-ra-sct-provider-1',
8118, 9594, 'ra.boulder',
('./bin/boulder', 'boulder-ra', '--config', os.path.join(config_dir, 'ra.json'), '--addr', ':9594', '--debug-addr', ':8118'),
('boulder-publisher-1', 'boulder-publisher-2')),
Service('boulder-ra-sct-provider-2',
8119, 9694, 'ra.boulder',
('./bin/boulder', 'boulder-ra', '--config', os.path.join(config_dir, 'ra.json'), '--addr', ':9694', '--debug-addr', ':8119'),
('boulder-publisher-1', 'boulder-publisher-2')),
Service('bad-key-revoker',
8020, None, None,
('./bin/boulder', 'bad-key-revoker', '--config', os.path.join(config_dir, 'bad-key-revoker.json'), '--debug-addr', ':8020'),