From 692bd53ae59171db86f941fd82c64262dd9d48a8 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Mon, 24 Feb 2025 11:37:17 -0800 Subject: [PATCH] ca: unsplit issuance flow (#8014) Add a new RPC to the CA: `IssueCertificate` covers issuance of both the precertificate and the final certificate. In between, it calls out to the RA's new method `GetSCTs`. The RA calls the new `CA.IssueCertificate` if the `UnsplitIssuance` feature flag is true. The RA had a metric that counted certificates by profile name and hash. Since the RA doesn't receive a profile hash in the new flow, simply record the total number of issuances. Fixes https://github.com/letsencrypt/boulder/issues/7983 --- ca/ca.go | 41 ++- ca/ca_test.go | 26 +- ca/ocsp_test.go | 1 + ca/proto/ca.pb.go | 338 +++++++++++------- ca/proto/ca.proto | 6 + ca/proto/ca_grpc.pb.go | 40 +++ cmd/boulder-ca/main.go | 15 +- cmd/boulder-ra/main.go | 4 +- features/features.go | 5 + mocks/ca.go | 19 + ra/proto/ra.pb.go | 643 ++++++++++++++++++++-------------- ra/proto/ra.proto | 12 + ra/proto/ra_grpc.pb.go | 91 +++++ ra/ra.go | 121 ++++--- ra/ra_test.go | 8 +- test/asserts.go | 4 +- test/config-next/ca.json | 10 + test/config-next/ra.json | 6 + test/consul/config.hcl | 16 + test/integration/otel_test.go | 2 +- test/startservers.py | 19 +- 21 files changed, 969 insertions(+), 458 deletions(-) diff --git a/ca/ca.go b/ca/ca.go index 3c4e8170c..a598fc5cd 100644 --- a/ca/ca.go +++ b/ca/ca.go @@ -39,6 +39,7 @@ import ( "github.com/letsencrypt/boulder/issuance" "github.com/letsencrypt/boulder/linter" blog "github.com/letsencrypt/boulder/log" + rapb "github.com/letsencrypt/boulder/ra/proto" sapb "github.com/letsencrypt/boulder/sa/proto" ) @@ -99,6 +100,7 @@ type caMetrics struct { signatureCount *prometheus.CounterVec signErrorCount *prometheus.CounterVec lintErrorCount prometheus.Counter + certificates *prometheus.CounterVec } func NewCAMetrics(stats prometheus.Registerer) *caMetrics { @@ -123,7 +125,15 @@ func NewCAMetrics(stats prometheus.Registerer) *caMetrics { }) stats.MustRegister(lintErrorCount) - return &caMetrics{signatureCount, signErrorCount, lintErrorCount} + certificates := prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "certificates", + Help: "Number of certificates issued", + }, + []string{"profile"}) + stats.MustRegister(certificates) + + return &caMetrics{signatureCount, signErrorCount, lintErrorCount, certificates} } func (m *caMetrics) noteSignError(err error) { @@ -138,6 +148,7 @@ func (m *caMetrics) noteSignError(err error) { type certificateAuthorityImpl struct { capb.UnsafeCertificateAuthorityServer sa sapb.StorageAuthorityCertificateClient + sctClient rapb.SCTProviderClient pa core.PolicyAuthority issuers issuerMaps certProfiles certProfilesMaps @@ -227,6 +238,7 @@ func makeCertificateProfilesMap(profiles map[string]*issuance.ProfileConfigNew) // OCSP (via delegation to an ocspImpl and its issuers). func NewCertificateAuthorityImpl( sa sapb.StorageAuthorityCertificateClient, + sctService rapb.SCTProviderClient, pa core.PolicyAuthority, boulderIssuers []*issuance.Issuer, certificateProfiles map[string]*issuance.ProfileConfigNew, @@ -261,6 +273,7 @@ func NewCertificateAuthorityImpl( ca = &certificateAuthorityImpl{ sa: sa, + sctClient: sctService, pa: pa, issuers: issuers, certProfiles: certProfiles, @@ -343,6 +356,31 @@ func (ca *certificateAuthorityImpl) IssuePrecertificate(ctx context.Context, iss }, nil } +func (ca *certificateAuthorityImpl) IssueCertificate(ctx context.Context, issueReq *capb.IssueCertificateRequest) (*capb.IssueCertificateResponse, error) { + if ca.sctClient == nil { + return nil, errors.New("IssueCertificate called with a nil SCT service") + } + precert, err := ca.IssuePrecertificate(ctx, issueReq) + if err != nil { + return nil, err + } + scts, err := ca.sctClient.GetSCTs(ctx, &rapb.SCTRequest{PrecertDER: precert.DER}) + if err != nil { + return nil, err + } + cert, err := ca.IssueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ + DER: precert.DER, + SCTs: scts.SctDER, + RegistrationID: issueReq.RegistrationID, + OrderID: issueReq.OrderID, + CertProfileHash: precert.CertProfileHash, + }) + if err != nil { + return nil, err + } + return &capb.IssueCertificateResponse{DER: cert.Der}, nil +} + // IssueCertificateForPrecertificate final step in the [issuance cycle]. // // Given a precertificate and a set of SCTs for that precertificate, it generates @@ -453,6 +491,7 @@ func (ca *certificateAuthorityImpl) IssueCertificateForPrecertificate(ctx contex } ca.metrics.signatureCount.With(prometheus.Labels{"purpose": string(certType), "issuer": issuer.Name()}).Inc() + ca.metrics.certificates.With(prometheus.Labels{"profile": certProfile.name}).Inc() logEvent.Result.Certificate = hex.EncodeToString(certDER) ca.log.AuditObject("Signing cert success", logEvent) diff --git a/ca/ca_test.go b/ca/ca_test.go index 80ff11a23..f6b4cc501 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -37,6 +37,7 @@ import ( "github.com/letsencrypt/boulder/metrics" "github.com/letsencrypt/boulder/must" "github.com/letsencrypt/boulder/policy" + rapb "github.com/letsencrypt/boulder/ra/proto" sapb "github.com/letsencrypt/boulder/sa/proto" "github.com/letsencrypt/boulder/test" ) @@ -204,7 +205,12 @@ func setup(t *testing.T) *testCtx { Name: "lint_errors", Help: "Number of issuances that were halted by linting errors", }) - cametrics := &caMetrics{signatureCount, signErrorCount, lintErrorCount} + certificatesCount := prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "certificates", + Help: "Number of certificates issued", + }, []string{"profile"}) + cametrics := &caMetrics{signatureCount, signErrorCount, lintErrorCount, certificatesCount} ocsp, err := NewOCSPImpl( boulderIssuers, @@ -254,6 +260,7 @@ func TestSerialPrefix(t *testing.T) { nil, nil, nil, + nil, 0x00, testCtx.maxNames, testCtx.keyPolicy, @@ -267,6 +274,7 @@ func TestSerialPrefix(t *testing.T) { nil, nil, nil, + nil, 0x80, testCtx.maxNames, testCtx.keyPolicy, @@ -354,11 +362,18 @@ func TestIssuePrecertificate(t *testing.T) { } } +type mockSCTService struct{} + +func (m mockSCTService) GetSCTs(ctx context.Context, sctRequest *rapb.SCTRequest, _ ...grpc.CallOption) (*rapb.SCTResponse, error) { + return &rapb.SCTResponse{}, nil +} + func issueCertificateSubTestSetup(t *testing.T) (*certificateAuthorityImpl, *mockSA) { testCtx := setup(t) sa := &mockSA{} ca, err := NewCertificateAuthorityImpl( sa, + mockSCTService{}, testCtx.pa, testCtx.boulderIssuers, testCtx.certProfiles, @@ -397,6 +412,7 @@ func TestNoIssuers(t *testing.T) { sa := &mockSA{} _, err := NewCertificateAuthorityImpl( sa, + mockSCTService{}, testCtx.pa, nil, // No issuers testCtx.certProfiles, @@ -417,6 +433,7 @@ func TestMultipleIssuers(t *testing.T) { sa := &mockSA{} ca, err := NewCertificateAuthorityImpl( sa, + mockSCTService{}, testCtx.pa, testCtx.boulderIssuers, testCtx.certProfiles, @@ -486,6 +503,7 @@ func TestUnpredictableIssuance(t *testing.T) { ca, err := NewCertificateAuthorityImpl( sa, + mockSCTService{}, testCtx.pa, boulderIssuers, testCtx.certProfiles, @@ -678,6 +696,7 @@ func TestInvalidCSRs(t *testing.T) { sa := &mockSA{} ca, err := NewCertificateAuthorityImpl( sa, + mockSCTService{}, testCtx.pa, testCtx.boulderIssuers, testCtx.certProfiles, @@ -716,6 +735,7 @@ func TestRejectValidityTooLong(t *testing.T) { ca, err := NewCertificateAuthorityImpl( &mockSA{}, + mockSCTService{}, testCtx.pa, testCtx.boulderIssuers, testCtx.certProfiles, @@ -808,6 +828,7 @@ func TestIssueCertificateForPrecertificate(t *testing.T) { sa := &mockSA{} ca, err := NewCertificateAuthorityImpl( sa, + mockSCTService{}, testCtx.pa, testCtx.boulderIssuers, testCtx.certProfiles, @@ -869,6 +890,7 @@ func TestIssueCertificateForPrecertificateWithSpecificCertificateProfile(t *test sa := &mockSA{} ca, err := NewCertificateAuthorityImpl( sa, + mockSCTService{}, testCtx.pa, testCtx.boulderIssuers, testCtx.certProfiles, @@ -984,6 +1006,7 @@ func TestIssueCertificateForPrecertificateDuplicateSerial(t *testing.T) { sa := &dupeSA{} ca, err := NewCertificateAuthorityImpl( sa, + mockSCTService{}, testCtx.pa, testCtx.boulderIssuers, testCtx.certProfiles, @@ -1026,6 +1049,7 @@ func TestIssueCertificateForPrecertificateDuplicateSerial(t *testing.T) { errorsa := &getCertErrorSA{} errorca, err := NewCertificateAuthorityImpl( errorsa, + mockSCTService{}, testCtx.pa, testCtx.boulderIssuers, testCtx.certProfiles, diff --git a/ca/ocsp_test.go b/ca/ocsp_test.go index ca42fc266..88c51e21c 100644 --- a/ca/ocsp_test.go +++ b/ca/ocsp_test.go @@ -31,6 +31,7 @@ func TestOCSP(t *testing.T) { testCtx := setup(t) ca, err := NewCertificateAuthorityImpl( &mockSA{}, + mockSCTService{}, testCtx.pa, testCtx.boulderIssuers, testCtx.certProfiles, diff --git a/ca/proto/ca.pb.go b/ca/proto/ca.pb.go index fec630087..a70d1d630 100644 --- a/ca/proto/ca.pb.go +++ b/ca/proto/ca.pb.go @@ -98,6 +98,53 @@ func (x *IssueCertificateRequest) GetCertProfileName() string { return "" } +type IssueCertificateResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + DER []byte `protobuf:"bytes,1,opt,name=DER,proto3" json:"DER,omitempty"` +} + +func (x *IssueCertificateResponse) Reset() { + *x = IssueCertificateResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_ca_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IssueCertificateResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IssueCertificateResponse) ProtoMessage() {} + +func (x *IssueCertificateResponse) ProtoReflect() protoreflect.Message { + mi := &file_ca_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IssueCertificateResponse.ProtoReflect.Descriptor instead. +func (*IssueCertificateResponse) Descriptor() ([]byte, []int) { + return file_ca_proto_rawDescGZIP(), []int{1} +} + +func (x *IssueCertificateResponse) GetDER() []byte { + if x != nil { + return x.DER + } + return nil +} + type IssuePrecertificateResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -118,7 +165,7 @@ type IssuePrecertificateResponse struct { func (x *IssuePrecertificateResponse) Reset() { *x = IssuePrecertificateResponse{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[1] + mi := &file_ca_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -131,7 +178,7 @@ func (x *IssuePrecertificateResponse) String() string { func (*IssuePrecertificateResponse) ProtoMessage() {} func (x *IssuePrecertificateResponse) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[1] + mi := &file_ca_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -144,7 +191,7 @@ func (x *IssuePrecertificateResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use IssuePrecertificateResponse.ProtoReflect.Descriptor instead. func (*IssuePrecertificateResponse) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{1} + return file_ca_proto_rawDescGZIP(), []int{2} } func (x *IssuePrecertificateResponse) GetDER() []byte { @@ -187,7 +234,7 @@ type IssueCertificateForPrecertificateRequest struct { func (x *IssueCertificateForPrecertificateRequest) Reset() { *x = IssueCertificateForPrecertificateRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[2] + mi := &file_ca_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -200,7 +247,7 @@ func (x *IssueCertificateForPrecertificateRequest) String() string { func (*IssueCertificateForPrecertificateRequest) ProtoMessage() {} func (x *IssueCertificateForPrecertificateRequest) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[2] + mi := &file_ca_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -213,7 +260,7 @@ func (x *IssueCertificateForPrecertificateRequest) ProtoReflect() protoreflect.M // Deprecated: Use IssueCertificateForPrecertificateRequest.ProtoReflect.Descriptor instead. func (*IssueCertificateForPrecertificateRequest) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{2} + return file_ca_proto_rawDescGZIP(), []int{3} } func (x *IssueCertificateForPrecertificateRequest) GetDER() []byte { @@ -268,7 +315,7 @@ type GenerateOCSPRequest struct { func (x *GenerateOCSPRequest) Reset() { *x = GenerateOCSPRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[3] + mi := &file_ca_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -281,7 +328,7 @@ func (x *GenerateOCSPRequest) String() string { func (*GenerateOCSPRequest) ProtoMessage() {} func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[3] + mi := &file_ca_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -294,7 +341,7 @@ func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GenerateOCSPRequest.ProtoReflect.Descriptor instead. func (*GenerateOCSPRequest) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{3} + return file_ca_proto_rawDescGZIP(), []int{4} } func (x *GenerateOCSPRequest) GetStatus() string { @@ -343,7 +390,7 @@ type OCSPResponse struct { func (x *OCSPResponse) Reset() { *x = OCSPResponse{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[4] + mi := &file_ca_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -356,7 +403,7 @@ func (x *OCSPResponse) String() string { func (*OCSPResponse) ProtoMessage() {} func (x *OCSPResponse) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[4] + mi := &file_ca_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -369,7 +416,7 @@ func (x *OCSPResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use OCSPResponse.ProtoReflect.Descriptor instead. func (*OCSPResponse) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{4} + return file_ca_proto_rawDescGZIP(), []int{5} } func (x *OCSPResponse) GetResponse() []byte { @@ -394,7 +441,7 @@ type GenerateCRLRequest struct { func (x *GenerateCRLRequest) Reset() { *x = GenerateCRLRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[5] + mi := &file_ca_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -407,7 +454,7 @@ func (x *GenerateCRLRequest) String() string { func (*GenerateCRLRequest) ProtoMessage() {} func (x *GenerateCRLRequest) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[5] + mi := &file_ca_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -420,7 +467,7 @@ func (x *GenerateCRLRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GenerateCRLRequest.ProtoReflect.Descriptor instead. func (*GenerateCRLRequest) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{5} + return file_ca_proto_rawDescGZIP(), []int{6} } func (m *GenerateCRLRequest) GetPayload() isGenerateCRLRequest_Payload { @@ -474,7 +521,7 @@ type CRLMetadata struct { func (x *CRLMetadata) Reset() { *x = CRLMetadata{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[6] + mi := &file_ca_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -487,7 +534,7 @@ func (x *CRLMetadata) String() string { func (*CRLMetadata) ProtoMessage() {} func (x *CRLMetadata) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[6] + mi := &file_ca_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -500,7 +547,7 @@ func (x *CRLMetadata) ProtoReflect() protoreflect.Message { // Deprecated: Use CRLMetadata.ProtoReflect.Descriptor instead. func (*CRLMetadata) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{6} + return file_ca_proto_rawDescGZIP(), []int{7} } func (x *CRLMetadata) GetIssuerNameID() int64 { @@ -535,7 +582,7 @@ type GenerateCRLResponse struct { func (x *GenerateCRLResponse) Reset() { *x = GenerateCRLResponse{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[7] + mi := &file_ca_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -548,7 +595,7 @@ func (x *GenerateCRLResponse) String() string { func (*GenerateCRLResponse) ProtoMessage() {} func (x *GenerateCRLResponse) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[7] + mi := &file_ca_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -561,7 +608,7 @@ func (x *GenerateCRLResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GenerateCRLResponse.ProtoReflect.Descriptor instead. func (*GenerateCRLResponse) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{7} + return file_ca_proto_rawDescGZIP(), []int{8} } func (x *GenerateCRLResponse) GetChunk() []byte { @@ -588,88 +635,96 @@ var file_ca_proto_rawDesc = []byte{ 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, - 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x83, 0x01, 0x0a, 0x1b, 0x49, 0x73, 0x73, 0x75, 0x65, + 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2c, 0x0a, 0x18, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x03, 0x44, 0x45, 0x52, 0x22, 0x83, 0x01, 0x0a, 0x1b, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, + 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, + 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, + 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, + 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, + 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xbc, 0x01, 0x0a, 0x28, 0x49, + 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, + 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x43, 0x54, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x04, 0x53, 0x43, 0x54, 0x73, 0x12, 0x26, 0x0a, + 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, + 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, + 0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, + 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x22, 0xb9, 0x01, 0x0a, 0x13, 0x47, 0x65, + 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, + 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, + 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, + 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, + 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x4a, + 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2a, 0x0a, 0x0c, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x76, 0x0a, 0x12, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x61, 0x2e, 0x43, + 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x08, 0x6d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x26, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x48, 0x00, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x09, + 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x8f, 0x01, 0x0a, 0x0b, 0x43, 0x52, + 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, + 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, 0x3a, 0x0a, + 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x74, + 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, + 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, + 0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x2b, 0x0a, 0x13, 0x47, + 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x32, 0xa6, 0x02, 0x0a, 0x14, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x12, 0x55, 0x0a, 0x13, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, + 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, - 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, - 0x73, 0x68, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, - 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x65, 0x72, - 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xbc, 0x01, 0x0a, - 0x28, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x12, 0x0a, 0x04, 0x53, - 0x43, 0x54, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x04, 0x53, 0x43, 0x54, 0x73, 0x12, - 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, - 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, - 0x49, 0x44, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, - 0x44, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, - 0x48, 0x61, 0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, - 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x22, 0xb9, 0x01, 0x0a, 0x13, - 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, - 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, - 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, - 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, - 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, - 0x44, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, - 0x44, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2a, 0x0a, 0x0c, 0x4f, 0x43, 0x53, 0x50, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x76, 0x0a, 0x12, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, - 0x52, 0x4c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x08, 0x6d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x61, - 0x2e, 0x43, 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x08, - 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x26, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, - 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x48, 0x00, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x8f, 0x01, 0x0a, 0x0b, - 0x43, 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x22, 0x0a, 0x0c, 0x69, - 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, - 0x3a, 0x0a, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, - 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, - 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, - 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x2b, 0x0a, - 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x32, 0xd5, 0x01, 0x0a, 0x14, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x12, 0x55, 0x0a, 0x13, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, 0x65, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e, - 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, - 0x75, 0x65, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x66, 0x0a, 0x21, 0x49, 0x73, - 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, - 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, - 0x2c, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x22, 0x00, 0x32, 0x4c, 0x0a, 0x0d, 0x4f, 0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, - 0x74, 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, - 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, - 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, - 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, - 0x32, 0x54, 0x0a, 0x0c, 0x43, 0x52, 0x4c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, - 0x12, 0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, - 0x16, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, - 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, - 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x66, 0x0a, 0x21, 0x49, 0x73, 0x73, 0x75, + 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50, + 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x2c, 0x2e, + 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, + 0x12, 0x4f, 0x0a, 0x10, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x00, 0x32, 0x4c, 0x0a, 0x0d, 0x4f, 0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, + 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, + 0x53, 0x50, 0x12, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, + 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, + 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x32, + 0x54, 0x0a, 0x0c, 0x43, 0x52, 0x4c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, + 0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, 0x16, + 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, + 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, + 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -684,35 +739,38 @@ func file_ca_proto_rawDescGZIP() []byte { return file_ca_proto_rawDescData } -var file_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 9) var file_ca_proto_goTypes = []interface{}{ (*IssueCertificateRequest)(nil), // 0: ca.IssueCertificateRequest - (*IssuePrecertificateResponse)(nil), // 1: ca.IssuePrecertificateResponse - (*IssueCertificateForPrecertificateRequest)(nil), // 2: ca.IssueCertificateForPrecertificateRequest - (*GenerateOCSPRequest)(nil), // 3: ca.GenerateOCSPRequest - (*OCSPResponse)(nil), // 4: ca.OCSPResponse - (*GenerateCRLRequest)(nil), // 5: ca.GenerateCRLRequest - (*CRLMetadata)(nil), // 6: ca.CRLMetadata - (*GenerateCRLResponse)(nil), // 7: ca.GenerateCRLResponse - (*timestamppb.Timestamp)(nil), // 8: google.protobuf.Timestamp - (*proto.CRLEntry)(nil), // 9: core.CRLEntry - (*proto.Certificate)(nil), // 10: core.Certificate + (*IssueCertificateResponse)(nil), // 1: ca.IssueCertificateResponse + (*IssuePrecertificateResponse)(nil), // 2: ca.IssuePrecertificateResponse + (*IssueCertificateForPrecertificateRequest)(nil), // 3: ca.IssueCertificateForPrecertificateRequest + (*GenerateOCSPRequest)(nil), // 4: ca.GenerateOCSPRequest + (*OCSPResponse)(nil), // 5: ca.OCSPResponse + (*GenerateCRLRequest)(nil), // 6: ca.GenerateCRLRequest + (*CRLMetadata)(nil), // 7: ca.CRLMetadata + (*GenerateCRLResponse)(nil), // 8: ca.GenerateCRLResponse + (*timestamppb.Timestamp)(nil), // 9: google.protobuf.Timestamp + (*proto.CRLEntry)(nil), // 10: core.CRLEntry + (*proto.Certificate)(nil), // 11: core.Certificate } var file_ca_proto_depIdxs = []int32{ - 8, // 0: ca.GenerateOCSPRequest.revokedAt:type_name -> google.protobuf.Timestamp - 6, // 1: ca.GenerateCRLRequest.metadata:type_name -> ca.CRLMetadata - 9, // 2: ca.GenerateCRLRequest.entry:type_name -> core.CRLEntry - 8, // 3: ca.CRLMetadata.thisUpdate:type_name -> google.protobuf.Timestamp + 9, // 0: ca.GenerateOCSPRequest.revokedAt:type_name -> google.protobuf.Timestamp + 7, // 1: ca.GenerateCRLRequest.metadata:type_name -> ca.CRLMetadata + 10, // 2: ca.GenerateCRLRequest.entry:type_name -> core.CRLEntry + 9, // 3: ca.CRLMetadata.thisUpdate:type_name -> google.protobuf.Timestamp 0, // 4: ca.CertificateAuthority.IssuePrecertificate:input_type -> ca.IssueCertificateRequest - 2, // 5: ca.CertificateAuthority.IssueCertificateForPrecertificate:input_type -> ca.IssueCertificateForPrecertificateRequest - 3, // 6: ca.OCSPGenerator.GenerateOCSP:input_type -> ca.GenerateOCSPRequest - 5, // 7: ca.CRLGenerator.GenerateCRL:input_type -> ca.GenerateCRLRequest - 1, // 8: ca.CertificateAuthority.IssuePrecertificate:output_type -> ca.IssuePrecertificateResponse - 10, // 9: ca.CertificateAuthority.IssueCertificateForPrecertificate:output_type -> core.Certificate - 4, // 10: ca.OCSPGenerator.GenerateOCSP:output_type -> ca.OCSPResponse - 7, // 11: ca.CRLGenerator.GenerateCRL:output_type -> ca.GenerateCRLResponse - 8, // [8:12] is the sub-list for method output_type - 4, // [4:8] is the sub-list for method input_type + 3, // 5: ca.CertificateAuthority.IssueCertificateForPrecertificate:input_type -> ca.IssueCertificateForPrecertificateRequest + 0, // 6: ca.CertificateAuthority.IssueCertificate:input_type -> ca.IssueCertificateRequest + 4, // 7: ca.OCSPGenerator.GenerateOCSP:input_type -> ca.GenerateOCSPRequest + 6, // 8: ca.CRLGenerator.GenerateCRL:input_type -> ca.GenerateCRLRequest + 2, // 9: ca.CertificateAuthority.IssuePrecertificate:output_type -> ca.IssuePrecertificateResponse + 11, // 10: ca.CertificateAuthority.IssueCertificateForPrecertificate:output_type -> core.Certificate + 1, // 11: ca.CertificateAuthority.IssueCertificate:output_type -> ca.IssueCertificateResponse + 5, // 12: ca.OCSPGenerator.GenerateOCSP:output_type -> ca.OCSPResponse + 8, // 13: ca.CRLGenerator.GenerateCRL:output_type -> ca.GenerateCRLResponse + 9, // [9:14] is the sub-list for method output_type + 4, // [4:9] is the sub-list for method input_type 4, // [4:4] is the sub-list for extension type_name 4, // [4:4] is the sub-list for extension extendee 0, // [0:4] is the sub-list for field type_name @@ -737,7 +795,7 @@ func file_ca_proto_init() { } } file_ca_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IssuePrecertificateResponse); i { + switch v := v.(*IssueCertificateResponse); i { case 0: return &v.state case 1: @@ -749,7 +807,7 @@ func file_ca_proto_init() { } } file_ca_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IssueCertificateForPrecertificateRequest); i { + switch v := v.(*IssuePrecertificateResponse); i { case 0: return &v.state case 1: @@ -761,7 +819,7 @@ func file_ca_proto_init() { } } file_ca_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GenerateOCSPRequest); i { + switch v := v.(*IssueCertificateForPrecertificateRequest); i { case 0: return &v.state case 1: @@ -773,7 +831,7 @@ func file_ca_proto_init() { } } file_ca_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OCSPResponse); i { + switch v := v.(*GenerateOCSPRequest); i { case 0: return &v.state case 1: @@ -785,7 +843,7 @@ func file_ca_proto_init() { } } file_ca_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GenerateCRLRequest); i { + switch v := v.(*OCSPResponse); i { case 0: return &v.state case 1: @@ -797,7 +855,7 @@ func file_ca_proto_init() { } } file_ca_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CRLMetadata); i { + switch v := v.(*GenerateCRLRequest); i { case 0: return &v.state case 1: @@ -809,6 +867,18 @@ func file_ca_proto_init() { } } file_ca_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CRLMetadata); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_ca_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GenerateCRLResponse); i { case 0: return &v.state @@ -821,7 +891,7 @@ func file_ca_proto_init() { } } } - file_ca_proto_msgTypes[5].OneofWrappers = []interface{}{ + file_ca_proto_msgTypes[6].OneofWrappers = []interface{}{ (*GenerateCRLRequest_Metadata)(nil), (*GenerateCRLRequest_Entry)(nil), } @@ -831,7 +901,7 @@ func file_ca_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_ca_proto_rawDesc, NumEnums: 0, - NumMessages: 8, + NumMessages: 9, NumExtensions: 0, NumServices: 3, }, diff --git a/ca/proto/ca.proto b/ca/proto/ca.proto index bb470e26d..cc438b268 100644 --- a/ca/proto/ca.proto +++ b/ca/proto/ca.proto @@ -10,6 +10,8 @@ import "google/protobuf/timestamp.proto"; service CertificateAuthority { rpc IssuePrecertificate(IssueCertificateRequest) returns (IssuePrecertificateResponse) {} rpc IssueCertificateForPrecertificate(IssueCertificateForPrecertificateRequest) returns (core.Certificate) {} + // IssueCertificate issues a precertificate, gets SCTs, issues a certificate, and returns that. + rpc IssueCertificate(IssueCertificateRequest) returns (IssueCertificateResponse) {} } message IssueCertificateRequest { @@ -26,6 +28,10 @@ message IssueCertificateRequest { string certProfileName = 5; } +message IssueCertificateResponse { + bytes DER = 1; +} + message IssuePrecertificateResponse { // Next unused field number: 4 bytes DER = 1; diff --git a/ca/proto/ca_grpc.pb.go b/ca/proto/ca_grpc.pb.go index c2d87bc0c..fb0653135 100644 --- a/ca/proto/ca_grpc.pb.go +++ b/ca/proto/ca_grpc.pb.go @@ -22,6 +22,7 @@ const _ = grpc.SupportPackageIsVersion9 const ( CertificateAuthority_IssuePrecertificate_FullMethodName = "/ca.CertificateAuthority/IssuePrecertificate" CertificateAuthority_IssueCertificateForPrecertificate_FullMethodName = "/ca.CertificateAuthority/IssueCertificateForPrecertificate" + CertificateAuthority_IssueCertificate_FullMethodName = "/ca.CertificateAuthority/IssueCertificate" ) // CertificateAuthorityClient is the client API for CertificateAuthority service. @@ -30,6 +31,8 @@ const ( type CertificateAuthorityClient interface { IssuePrecertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*IssuePrecertificateResponse, error) IssueCertificateForPrecertificate(ctx context.Context, in *IssueCertificateForPrecertificateRequest, opts ...grpc.CallOption) (*proto.Certificate, error) + // IssueCertificate issues a precertificate, gets SCTs, issues a certificate, and returns that. + IssueCertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*IssueCertificateResponse, error) } type certificateAuthorityClient struct { @@ -60,12 +63,24 @@ func (c *certificateAuthorityClient) IssueCertificateForPrecertificate(ctx conte return out, nil } +func (c *certificateAuthorityClient) IssueCertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*IssueCertificateResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(IssueCertificateResponse) + err := c.cc.Invoke(ctx, CertificateAuthority_IssueCertificate_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + // CertificateAuthorityServer is the server API for CertificateAuthority service. // All implementations must embed UnimplementedCertificateAuthorityServer // for forward compatibility type CertificateAuthorityServer interface { IssuePrecertificate(context.Context, *IssueCertificateRequest) (*IssuePrecertificateResponse, error) IssueCertificateForPrecertificate(context.Context, *IssueCertificateForPrecertificateRequest) (*proto.Certificate, error) + // IssueCertificate issues a precertificate, gets SCTs, issues a certificate, and returns that. + IssueCertificate(context.Context, *IssueCertificateRequest) (*IssueCertificateResponse, error) mustEmbedUnimplementedCertificateAuthorityServer() } @@ -79,6 +94,9 @@ func (UnimplementedCertificateAuthorityServer) IssuePrecertificate(context.Conte func (UnimplementedCertificateAuthorityServer) IssueCertificateForPrecertificate(context.Context, *IssueCertificateForPrecertificateRequest) (*proto.Certificate, error) { return nil, status.Errorf(codes.Unimplemented, "method IssueCertificateForPrecertificate not implemented") } +func (UnimplementedCertificateAuthorityServer) IssueCertificate(context.Context, *IssueCertificateRequest) (*IssueCertificateResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method IssueCertificate not implemented") +} func (UnimplementedCertificateAuthorityServer) mustEmbedUnimplementedCertificateAuthorityServer() {} // UnsafeCertificateAuthorityServer may be embedded to opt out of forward compatibility for this service. @@ -128,6 +146,24 @@ func _CertificateAuthority_IssueCertificateForPrecertificate_Handler(srv interfa return interceptor(ctx, in, info, handler) } +func _CertificateAuthority_IssueCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(IssueCertificateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CertificateAuthorityServer).IssueCertificate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CertificateAuthority_IssueCertificate_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CertificateAuthorityServer).IssueCertificate(ctx, req.(*IssueCertificateRequest)) + } + return interceptor(ctx, in, info, handler) +} + // CertificateAuthority_ServiceDesc is the grpc.ServiceDesc for CertificateAuthority service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) @@ -143,6 +179,10 @@ var CertificateAuthority_ServiceDesc = grpc.ServiceDesc{ MethodName: "IssueCertificateForPrecertificate", Handler: _CertificateAuthority_IssueCertificateForPrecertificate_Handler, }, + { + MethodName: "IssueCertificate", + Handler: _CertificateAuthority_IssueCertificate_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "ca.proto", diff --git a/cmd/boulder-ca/main.go b/cmd/boulder-ca/main.go index 64d952e09..d853a6259 100644 --- a/cmd/boulder-ca/main.go +++ b/cmd/boulder-ca/main.go @@ -19,6 +19,7 @@ import ( bgrpc "github.com/letsencrypt/boulder/grpc" "github.com/letsencrypt/boulder/issuance" "github.com/letsencrypt/boulder/policy" + rapb "github.com/letsencrypt/boulder/ra/proto" sapb "github.com/letsencrypt/boulder/sa/proto" ) @@ -32,6 +33,8 @@ type Config struct { SAService *cmd.GRPCClientConfig + SCTService *cmd.GRPCClientConfig + // Issuance contains all information necessary to load and initialize issuers. Issuance struct { // The name of the certificate profile to use if one wasn't provided @@ -203,9 +206,16 @@ func main() { tlsConfig, err := c.CA.TLS.Load(scope) cmd.FailOnError(err, "TLS config") - conn, err := bgrpc.ClientSetup(c.CA.SAService, tlsConfig, scope, clk) + saConn, err := bgrpc.ClientSetup(c.CA.SAService, tlsConfig, scope, clk) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") - sa := sapb.NewStorageAuthorityClient(conn) + sa := sapb.NewStorageAuthorityClient(saConn) + + var sctService rapb.SCTProviderClient + if c.CA.SCTService != nil { + sctConn, err := bgrpc.ClientSetup(c.CA.SCTService, tlsConfig, scope, clk) + cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA for SCTs") + sctService = rapb.NewSCTProviderClient(sctConn) + } kp, err := sagoodkey.NewPolicy(&c.CA.GoodKey, sa.KeyBlocked) cmd.FailOnError(err, "Unable to create key policy") @@ -246,6 +256,7 @@ func main() { if !c.CA.DisableCertService { cai, err := ca.NewCertificateAuthorityImpl( sa, + sctService, pa, issuers, c.CA.Issuance.CertProfiles, diff --git a/cmd/boulder-ra/main.go b/cmd/boulder-ra/main.go index 038935507..a6eb17c5f 100644 --- a/cmd/boulder-ra/main.go +++ b/cmd/boulder-ra/main.go @@ -310,7 +310,9 @@ func main() { rai.SA = sac start, err := bgrpc.NewServer(c.RA.GRPC, logger).Add( - &rapb.RegistrationAuthority_ServiceDesc, rai).Build(tlsConfig, scope, clk) + &rapb.RegistrationAuthority_ServiceDesc, rai).Add( + &rapb.SCTProvider_ServiceDesc, rai). + Build(tlsConfig, scope, clk) cmd.FailOnError(err, "Unable to setup RA gRPC server") cmd.FailOnError(start(), "RA gRPC service failed") diff --git a/features/features.go b/features/features.go index 8c29f906e..a167a981e 100644 --- a/features/features.go +++ b/features/features.go @@ -100,6 +100,11 @@ type Config struct { // This feature flag also causes CAA checks to happen after all remote VAs // have passed DCV. EnforceMPIC bool + + // UnsplitIssuance causes the RA to make a single call to the CA for issuance, + // calling the new `IssueCertificate` instead of the old `IssuePrecertficate` / + // `IssueCertificateForPrecertificate` pair. + UnsplitIssuance bool } var fMu = new(sync.RWMutex) diff --git a/mocks/ca.go b/mocks/ca.go index 929c204e7..c872da84c 100644 --- a/mocks/ca.go +++ b/mocks/ca.go @@ -21,6 +21,25 @@ type MockCA struct { PEM []byte } +// IssueCertificate is a mock +func (ca *MockCA) IssueCertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssueCertificateResponse, error) { + precert, err := ca.IssuePrecertificate(ctx, req) + if err != nil { + return nil, err + } + cert, err := ca.IssueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ + DER: precert.DER, + SCTs: nil, + RegistrationID: req.RegistrationID, + OrderID: req.OrderID, + CertProfileHash: precert.CertProfileHash, + }) + if err != nil { + return nil, err + } + return &capb.IssueCertificateResponse{DER: cert.Der}, nil +} + // IssuePrecertificate is a mock func (ca *MockCA) IssuePrecertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) { if ca.PEM == nil { diff --git a/ra/proto/ra.pb.go b/ra/proto/ra.pb.go index acac70b16..d10adab1e 100644 --- a/ra/proto/ra.pb.go +++ b/ra/proto/ra.pb.go @@ -23,6 +23,100 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +type SCTRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + PrecertDER []byte `protobuf:"bytes,1,opt,name=precertDER,proto3" json:"precertDER,omitempty"` +} + +func (x *SCTRequest) Reset() { + *x = SCTRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_ra_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SCTRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SCTRequest) ProtoMessage() {} + +func (x *SCTRequest) ProtoReflect() protoreflect.Message { + mi := &file_ra_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SCTRequest.ProtoReflect.Descriptor instead. +func (*SCTRequest) Descriptor() ([]byte, []int) { + return file_ra_proto_rawDescGZIP(), []int{0} +} + +func (x *SCTRequest) GetPrecertDER() []byte { + if x != nil { + return x.PrecertDER + } + return nil +} + +type SCTResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SctDER [][]byte `protobuf:"bytes,1,rep,name=sctDER,proto3" json:"sctDER,omitempty"` +} + +func (x *SCTResponse) Reset() { + *x = SCTResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_ra_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SCTResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SCTResponse) ProtoMessage() {} + +func (x *SCTResponse) ProtoReflect() protoreflect.Message { + mi := &file_ra_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SCTResponse.ProtoReflect.Descriptor instead. +func (*SCTResponse) Descriptor() ([]byte, []int) { + return file_ra_proto_rawDescGZIP(), []int{1} +} + +func (x *SCTResponse) GetSctDER() [][]byte { + if x != nil { + return x.SctDER + } + return nil +} + type GenerateOCSPRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -34,7 +128,7 @@ type GenerateOCSPRequest struct { func (x *GenerateOCSPRequest) Reset() { *x = GenerateOCSPRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[0] + mi := &file_ra_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -47,7 +141,7 @@ func (x *GenerateOCSPRequest) String() string { func (*GenerateOCSPRequest) ProtoMessage() {} func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[0] + mi := &file_ra_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -60,7 +154,7 @@ func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GenerateOCSPRequest.ProtoReflect.Descriptor instead. func (*GenerateOCSPRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{0} + return file_ra_proto_rawDescGZIP(), []int{2} } func (x *GenerateOCSPRequest) GetSerial() string { @@ -82,7 +176,7 @@ type UpdateRegistrationContactRequest struct { func (x *UpdateRegistrationContactRequest) Reset() { *x = UpdateRegistrationContactRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[1] + mi := &file_ra_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -95,7 +189,7 @@ func (x *UpdateRegistrationContactRequest) String() string { func (*UpdateRegistrationContactRequest) ProtoMessage() {} func (x *UpdateRegistrationContactRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[1] + mi := &file_ra_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -108,7 +202,7 @@ func (x *UpdateRegistrationContactRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateRegistrationContactRequest.ProtoReflect.Descriptor instead. func (*UpdateRegistrationContactRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{1} + return file_ra_proto_rawDescGZIP(), []int{3} } func (x *UpdateRegistrationContactRequest) GetRegistrationID() int64 { @@ -137,7 +231,7 @@ type UpdateRegistrationKeyRequest struct { func (x *UpdateRegistrationKeyRequest) Reset() { *x = UpdateRegistrationKeyRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[2] + mi := &file_ra_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -150,7 +244,7 @@ func (x *UpdateRegistrationKeyRequest) String() string { func (*UpdateRegistrationKeyRequest) ProtoMessage() {} func (x *UpdateRegistrationKeyRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[2] + mi := &file_ra_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -163,7 +257,7 @@ func (x *UpdateRegistrationKeyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateRegistrationKeyRequest.ProtoReflect.Descriptor instead. func (*UpdateRegistrationKeyRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{2} + return file_ra_proto_rawDescGZIP(), []int{4} } func (x *UpdateRegistrationKeyRequest) GetRegistrationID() int64 { @@ -193,7 +287,7 @@ type UpdateAuthorizationRequest struct { func (x *UpdateAuthorizationRequest) Reset() { *x = UpdateAuthorizationRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[3] + mi := &file_ra_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -206,7 +300,7 @@ func (x *UpdateAuthorizationRequest) String() string { func (*UpdateAuthorizationRequest) ProtoMessage() {} func (x *UpdateAuthorizationRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[3] + mi := &file_ra_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -219,7 +313,7 @@ func (x *UpdateAuthorizationRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateAuthorizationRequest.ProtoReflect.Descriptor instead. func (*UpdateAuthorizationRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{3} + return file_ra_proto_rawDescGZIP(), []int{5} } func (x *UpdateAuthorizationRequest) GetAuthz() *proto.Authorization { @@ -255,7 +349,7 @@ type PerformValidationRequest struct { func (x *PerformValidationRequest) Reset() { *x = PerformValidationRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[4] + mi := &file_ra_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -268,7 +362,7 @@ func (x *PerformValidationRequest) String() string { func (*PerformValidationRequest) ProtoMessage() {} func (x *PerformValidationRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[4] + mi := &file_ra_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -281,7 +375,7 @@ func (x *PerformValidationRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use PerformValidationRequest.ProtoReflect.Descriptor instead. func (*PerformValidationRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{4} + return file_ra_proto_rawDescGZIP(), []int{6} } func (x *PerformValidationRequest) GetAuthz() *proto.Authorization { @@ -311,7 +405,7 @@ type RevokeCertByApplicantRequest struct { func (x *RevokeCertByApplicantRequest) Reset() { *x = RevokeCertByApplicantRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[5] + mi := &file_ra_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -324,7 +418,7 @@ func (x *RevokeCertByApplicantRequest) String() string { func (*RevokeCertByApplicantRequest) ProtoMessage() {} func (x *RevokeCertByApplicantRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[5] + mi := &file_ra_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -337,7 +431,7 @@ func (x *RevokeCertByApplicantRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeCertByApplicantRequest.ProtoReflect.Descriptor instead. func (*RevokeCertByApplicantRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{5} + return file_ra_proto_rawDescGZIP(), []int{7} } func (x *RevokeCertByApplicantRequest) GetCert() []byte { @@ -372,7 +466,7 @@ type RevokeCertByKeyRequest struct { func (x *RevokeCertByKeyRequest) Reset() { *x = RevokeCertByKeyRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[6] + mi := &file_ra_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -385,7 +479,7 @@ func (x *RevokeCertByKeyRequest) String() string { func (*RevokeCertByKeyRequest) ProtoMessage() {} func (x *RevokeCertByKeyRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[6] + mi := &file_ra_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -398,7 +492,7 @@ func (x *RevokeCertByKeyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeCertByKeyRequest.ProtoReflect.Descriptor instead. func (*RevokeCertByKeyRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{6} + return file_ra_proto_rawDescGZIP(), []int{8} } func (x *RevokeCertByKeyRequest) GetCert() []byte { @@ -437,7 +531,7 @@ type AdministrativelyRevokeCertificateRequest struct { func (x *AdministrativelyRevokeCertificateRequest) Reset() { *x = AdministrativelyRevokeCertificateRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[7] + mi := &file_ra_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -450,7 +544,7 @@ func (x *AdministrativelyRevokeCertificateRequest) String() string { func (*AdministrativelyRevokeCertificateRequest) ProtoMessage() {} func (x *AdministrativelyRevokeCertificateRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[7] + mi := &file_ra_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -463,7 +557,7 @@ func (x *AdministrativelyRevokeCertificateRequest) ProtoReflect() protoreflect.M // Deprecated: Use AdministrativelyRevokeCertificateRequest.ProtoReflect.Descriptor instead. func (*AdministrativelyRevokeCertificateRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{7} + return file_ra_proto_rawDescGZIP(), []int{9} } func (x *AdministrativelyRevokeCertificateRequest) GetCert() []byte { @@ -530,7 +624,7 @@ type NewOrderRequest struct { func (x *NewOrderRequest) Reset() { *x = NewOrderRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[8] + mi := &file_ra_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -543,7 +637,7 @@ func (x *NewOrderRequest) String() string { func (*NewOrderRequest) ProtoMessage() {} func (x *NewOrderRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[8] + mi := &file_ra_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -556,7 +650,7 @@ func (x *NewOrderRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use NewOrderRequest.ProtoReflect.Descriptor instead. func (*NewOrderRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{8} + return file_ra_proto_rawDescGZIP(), []int{10} } func (x *NewOrderRequest) GetRegistrationID() int64 { @@ -598,7 +692,7 @@ type GetAuthorizationRequest struct { func (x *GetAuthorizationRequest) Reset() { *x = GetAuthorizationRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[9] + mi := &file_ra_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -611,7 +705,7 @@ func (x *GetAuthorizationRequest) String() string { func (*GetAuthorizationRequest) ProtoMessage() {} func (x *GetAuthorizationRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[9] + mi := &file_ra_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -624,7 +718,7 @@ func (x *GetAuthorizationRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetAuthorizationRequest.ProtoReflect.Descriptor instead. func (*GetAuthorizationRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{9} + return file_ra_proto_rawDescGZIP(), []int{11} } func (x *GetAuthorizationRequest) GetId() int64 { @@ -646,7 +740,7 @@ type FinalizeOrderRequest struct { func (x *FinalizeOrderRequest) Reset() { *x = FinalizeOrderRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[10] + mi := &file_ra_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -659,7 +753,7 @@ func (x *FinalizeOrderRequest) String() string { func (*FinalizeOrderRequest) ProtoMessage() {} func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[10] + mi := &file_ra_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -672,7 +766,7 @@ func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use FinalizeOrderRequest.ProtoReflect.Descriptor instead. func (*FinalizeOrderRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{10} + return file_ra_proto_rawDescGZIP(), []int{12} } func (x *FinalizeOrderRequest) GetOrder() *proto.Order { @@ -701,7 +795,7 @@ type UnpauseAccountRequest struct { func (x *UnpauseAccountRequest) Reset() { *x = UnpauseAccountRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[11] + mi := &file_ra_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -714,7 +808,7 @@ func (x *UnpauseAccountRequest) String() string { func (*UnpauseAccountRequest) ProtoMessage() {} func (x *UnpauseAccountRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[11] + mi := &file_ra_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -727,7 +821,7 @@ func (x *UnpauseAccountRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UnpauseAccountRequest.ProtoReflect.Descriptor instead. func (*UnpauseAccountRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{11} + return file_ra_proto_rawDescGZIP(), []int{13} } func (x *UnpauseAccountRequest) GetRegistrationID() int64 { @@ -749,7 +843,7 @@ type UnpauseAccountResponse struct { func (x *UnpauseAccountResponse) Reset() { *x = UnpauseAccountResponse{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[12] + mi := &file_ra_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -762,7 +856,7 @@ func (x *UnpauseAccountResponse) String() string { func (*UnpauseAccountResponse) ProtoMessage() {} func (x *UnpauseAccountResponse) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[12] + mi := &file_ra_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -775,7 +869,7 @@ func (x *UnpauseAccountResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use UnpauseAccountResponse.ProtoReflect.Descriptor instead. func (*UnpauseAccountResponse) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{12} + return file_ra_proto_rawDescGZIP(), []int{14} } func (x *UnpauseAccountResponse) GetCount() int64 { @@ -793,159 +887,168 @@ var file_ra_proto_rawDesc = []byte{ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x2d, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, - 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, - 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x22, 0x66, 0x0a, 0x20, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, - 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, - 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x2c, 0x0a, 0x0a, 0x53, 0x43, 0x54, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x44, 0x45, + 0x52, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, + 0x44, 0x45, 0x52, 0x22, 0x25, 0x0a, 0x0b, 0x53, 0x43, 0x54, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x74, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x0c, 0x52, 0x06, 0x73, 0x63, 0x74, 0x44, 0x45, 0x52, 0x22, 0x2d, 0x0a, 0x13, 0x47, 0x65, + 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0x66, 0x0a, 0x20, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, + 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, + 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, + 0x73, 0x22, 0x58, 0x0a, 0x1c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6a, 0x77, 0x6b, 0x22, 0x9c, 0x01, 0x0a, 0x1a, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, + 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, + 0x61, 0x75, 0x74, 0x68, 0x7a, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, + 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, + 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x2b, 0x0a, + 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x0f, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, + 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6d, 0x0a, 0x18, 0x50, 0x65, + 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, + 0x7a, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, + 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, + 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x5c, 0x0a, 0x1c, 0x52, 0x65, 0x76, + 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, + 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x12, 0x0a, + 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64, + 0x65, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x22, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x76, 0x6f, 0x6b, + 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x04, 0x63, 0x65, 0x72, 0x74, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xe6, 0x01, 0x0a, 0x28, + 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, + 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, + 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, + 0x72, 0x69, 0x61, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x64, 0x6d, 0x69, + 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x64, 0x6d, + 0x69, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c, + 0x6f, 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x73, 0x6b, + 0x69, 0x70, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x61, + 0x6c, 0x66, 0x6f, 0x72, 0x6d, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6d, + 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x6d, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x72, 0x6c, 0x53, + 0x68, 0x61, 0x72, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x63, 0x72, 0x6c, 0x53, + 0x68, 0x61, 0x72, 0x64, 0x22, 0xc1, 0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, + 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, - 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x22, 0x58, 0x0a, 0x1c, + 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0e, + 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, + 0x72, 0x69, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x4a, 0x04, 0x08, 0x04, + 0x10, 0x05, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x22, 0x29, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x02, 0x69, 0x64, 0x22, 0x4b, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, + 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x05, 0x6f, + 0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x72, + 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, + 0x0a, 0x03, 0x63, 0x73, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x73, 0x72, + 0x22, 0x3f, 0x0a, 0x15, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, + 0x44, 0x22, 0x2e, 0x0a, 0x16, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, + 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, + 0x74, 0x32, 0x9f, 0x08, 0x0a, 0x15, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, + 0x65, 0x77, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, + 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x57, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, + 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x24, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, + 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, + 0x00, 0x12, 0x4f, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, - 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x03, 0x6a, 0x77, 0x6b, 0x22, 0x9c, 0x01, 0x0a, 0x1a, 0x55, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, - 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, - 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, - 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x2b, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x6f, 0x72, - 0x65, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x72, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6d, 0x0a, 0x18, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, - 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x12, 0x26, 0x0a, 0x0e, - 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, - 0x6e, 0x64, 0x65, 0x78, 0x22, 0x5c, 0x0a, 0x1c, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, - 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x05, - 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, - 0x49, 0x44, 0x22, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, - 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, - 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, - 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xe6, 0x01, 0x0a, 0x28, 0x41, 0x64, 0x6d, 0x69, 0x6e, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, - 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, - 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, - 0x6f, 0x64, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x4e, 0x61, 0x6d, 0x65, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x4e, 0x61, 0x6d, - 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x4b, 0x65, - 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c, 0x6f, - 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x6d, - 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6d, 0x61, 0x6c, 0x66, 0x6f, 0x72, - 0x6d, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x72, 0x6c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x63, 0x72, 0x6c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x22, - 0xc1, 0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x64, - 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x64, - 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, - 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, - 0x36, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, - 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, - 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, - 0x06, 0x10, 0x07, 0x22, 0x29, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x4b, - 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, - 0x65, 0x72, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x73, 0x72, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x73, 0x72, 0x22, 0x3f, 0x0a, 0x15, 0x55, - 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, - 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x22, 0x2e, 0x0a, 0x16, - 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x32, 0x9f, 0x08, 0x0a, - 0x15, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x52, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, - 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x12, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x22, 0x00, 0x12, 0x57, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, - 0x12, 0x24, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, - 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x15, - 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, - 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a, - 0x11, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x72, 0x61, 0x2e, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x16, 0x44, 0x65, 0x61, 0x63, 0x74, - 0x69, 0x76, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, - 0x48, 0x0a, 0x17, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x13, 0x2e, 0x63, 0x6f, 0x72, - 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, - 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x53, 0x0a, 0x15, 0x52, 0x65, 0x76, - 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, - 0x6e, 0x74, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, - 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x47, - 0x0a, 0x0f, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, - 0x79, 0x12, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, - 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x6b, 0x0a, 0x21, 0x41, 0x64, 0x6d, 0x69, 0x6e, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x2c, 0x2e, 0x72, - 0x61, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, - 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, - 0x74, 0x79, 0x22, 0x00, 0x12, 0x2e, 0x0a, 0x08, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, - 0x12, 0x13, 0x2e, 0x72, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, - 0x65, 0x72, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x2e, 0x72, 0x61, 0x2e, 0x47, 0x65, - 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, + 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, + 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x22, 0x00, 0x12, 0x48, 0x0a, 0x11, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, + 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x72, 0x61, 0x2e, 0x50, 0x65, 0x72, + 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x38, 0x0a, 0x0d, - 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x18, 0x2e, - 0x72, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, - 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, - 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x72, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, - 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, - 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x19, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75, - 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x29, - 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, - 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, - 0x2f, 0x72, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x16, + 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, + 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, + 0x74, 0x79, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x17, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, + 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x53, + 0x0a, 0x15, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, + 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, + 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, + 0x79, 0x22, 0x00, 0x12, 0x47, 0x0a, 0x0f, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, + 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x6b, 0x0a, 0x21, + 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, + 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x12, 0x2c, 0x2e, 0x72, 0x61, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, + 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x2e, 0x0a, 0x08, 0x4e, 0x65, 0x77, + 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x13, 0x2e, 0x72, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, + 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, + 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x10, 0x47, 0x65, 0x74, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x2e, + 0x72, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, + 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, + 0x00, 0x12, 0x38, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, + 0x65, 0x72, 0x12, 0x18, 0x2e, 0x72, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, + 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, + 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0c, 0x47, + 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x72, 0x61, + 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61, + 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x19, 0x2e, 0x72, 0x61, 0x2e, + 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75, + 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x00, 0x32, 0x3b, 0x0a, 0x0b, 0x53, 0x43, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, + 0x65, 0x72, 0x12, 0x2c, 0x0a, 0x07, 0x47, 0x65, 0x74, 0x53, 0x43, 0x54, 0x73, 0x12, 0x0e, 0x2e, + 0x72, 0x61, 0x2e, 0x53, 0x43, 0x54, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0f, 0x2e, + 0x72, 0x61, 0x2e, 0x53, 0x43, 0x54, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, + 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, + 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, + 0x65, 0x72, 0x2f, 0x72, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( @@ -960,63 +1063,67 @@ func file_ra_proto_rawDescGZIP() []byte { return file_ra_proto_rawDescData } -var file_ra_proto_msgTypes = make([]protoimpl.MessageInfo, 13) +var file_ra_proto_msgTypes = make([]protoimpl.MessageInfo, 15) var file_ra_proto_goTypes = []interface{}{ - (*GenerateOCSPRequest)(nil), // 0: ra.GenerateOCSPRequest - (*UpdateRegistrationContactRequest)(nil), // 1: ra.UpdateRegistrationContactRequest - (*UpdateRegistrationKeyRequest)(nil), // 2: ra.UpdateRegistrationKeyRequest - (*UpdateAuthorizationRequest)(nil), // 3: ra.UpdateAuthorizationRequest - (*PerformValidationRequest)(nil), // 4: ra.PerformValidationRequest - (*RevokeCertByApplicantRequest)(nil), // 5: ra.RevokeCertByApplicantRequest - (*RevokeCertByKeyRequest)(nil), // 6: ra.RevokeCertByKeyRequest - (*AdministrativelyRevokeCertificateRequest)(nil), // 7: ra.AdministrativelyRevokeCertificateRequest - (*NewOrderRequest)(nil), // 8: ra.NewOrderRequest - (*GetAuthorizationRequest)(nil), // 9: ra.GetAuthorizationRequest - (*FinalizeOrderRequest)(nil), // 10: ra.FinalizeOrderRequest - (*UnpauseAccountRequest)(nil), // 11: ra.UnpauseAccountRequest - (*UnpauseAccountResponse)(nil), // 12: ra.UnpauseAccountResponse - (*proto.Authorization)(nil), // 13: core.Authorization - (*proto.Challenge)(nil), // 14: core.Challenge - (*proto.Order)(nil), // 15: core.Order - (*proto.Registration)(nil), // 16: core.Registration - (*emptypb.Empty)(nil), // 17: google.protobuf.Empty - (*proto1.OCSPResponse)(nil), // 18: ca.OCSPResponse + (*SCTRequest)(nil), // 0: ra.SCTRequest + (*SCTResponse)(nil), // 1: ra.SCTResponse + (*GenerateOCSPRequest)(nil), // 2: ra.GenerateOCSPRequest + (*UpdateRegistrationContactRequest)(nil), // 3: ra.UpdateRegistrationContactRequest + (*UpdateRegistrationKeyRequest)(nil), // 4: ra.UpdateRegistrationKeyRequest + (*UpdateAuthorizationRequest)(nil), // 5: ra.UpdateAuthorizationRequest + (*PerformValidationRequest)(nil), // 6: ra.PerformValidationRequest + (*RevokeCertByApplicantRequest)(nil), // 7: ra.RevokeCertByApplicantRequest + (*RevokeCertByKeyRequest)(nil), // 8: ra.RevokeCertByKeyRequest + (*AdministrativelyRevokeCertificateRequest)(nil), // 9: ra.AdministrativelyRevokeCertificateRequest + (*NewOrderRequest)(nil), // 10: ra.NewOrderRequest + (*GetAuthorizationRequest)(nil), // 11: ra.GetAuthorizationRequest + (*FinalizeOrderRequest)(nil), // 12: ra.FinalizeOrderRequest + (*UnpauseAccountRequest)(nil), // 13: ra.UnpauseAccountRequest + (*UnpauseAccountResponse)(nil), // 14: ra.UnpauseAccountResponse + (*proto.Authorization)(nil), // 15: core.Authorization + (*proto.Challenge)(nil), // 16: core.Challenge + (*proto.Order)(nil), // 17: core.Order + (*proto.Registration)(nil), // 18: core.Registration + (*emptypb.Empty)(nil), // 19: google.protobuf.Empty + (*proto1.OCSPResponse)(nil), // 20: ca.OCSPResponse } var file_ra_proto_depIdxs = []int32{ - 13, // 0: ra.UpdateAuthorizationRequest.authz:type_name -> core.Authorization - 14, // 1: ra.UpdateAuthorizationRequest.response:type_name -> core.Challenge - 13, // 2: ra.PerformValidationRequest.authz:type_name -> core.Authorization - 15, // 3: ra.FinalizeOrderRequest.order:type_name -> core.Order - 16, // 4: ra.RegistrationAuthority.NewRegistration:input_type -> core.Registration - 1, // 5: ra.RegistrationAuthority.UpdateRegistrationContact:input_type -> ra.UpdateRegistrationContactRequest - 2, // 6: ra.RegistrationAuthority.UpdateRegistrationKey:input_type -> ra.UpdateRegistrationKeyRequest - 4, // 7: ra.RegistrationAuthority.PerformValidation:input_type -> ra.PerformValidationRequest - 16, // 8: ra.RegistrationAuthority.DeactivateRegistration:input_type -> core.Registration - 13, // 9: ra.RegistrationAuthority.DeactivateAuthorization:input_type -> core.Authorization - 5, // 10: ra.RegistrationAuthority.RevokeCertByApplicant:input_type -> ra.RevokeCertByApplicantRequest - 6, // 11: ra.RegistrationAuthority.RevokeCertByKey:input_type -> ra.RevokeCertByKeyRequest - 7, // 12: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:input_type -> ra.AdministrativelyRevokeCertificateRequest - 8, // 13: ra.RegistrationAuthority.NewOrder:input_type -> ra.NewOrderRequest - 9, // 14: ra.RegistrationAuthority.GetAuthorization:input_type -> ra.GetAuthorizationRequest - 10, // 15: ra.RegistrationAuthority.FinalizeOrder:input_type -> ra.FinalizeOrderRequest - 0, // 16: ra.RegistrationAuthority.GenerateOCSP:input_type -> ra.GenerateOCSPRequest - 11, // 17: ra.RegistrationAuthority.UnpauseAccount:input_type -> ra.UnpauseAccountRequest - 16, // 18: ra.RegistrationAuthority.NewRegistration:output_type -> core.Registration - 16, // 19: ra.RegistrationAuthority.UpdateRegistrationContact:output_type -> core.Registration - 16, // 20: ra.RegistrationAuthority.UpdateRegistrationKey:output_type -> core.Registration - 13, // 21: ra.RegistrationAuthority.PerformValidation:output_type -> core.Authorization - 17, // 22: ra.RegistrationAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty - 17, // 23: ra.RegistrationAuthority.DeactivateAuthorization:output_type -> google.protobuf.Empty - 17, // 24: ra.RegistrationAuthority.RevokeCertByApplicant:output_type -> google.protobuf.Empty - 17, // 25: ra.RegistrationAuthority.RevokeCertByKey:output_type -> google.protobuf.Empty - 17, // 26: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:output_type -> google.protobuf.Empty - 15, // 27: ra.RegistrationAuthority.NewOrder:output_type -> core.Order - 13, // 28: ra.RegistrationAuthority.GetAuthorization:output_type -> core.Authorization - 15, // 29: ra.RegistrationAuthority.FinalizeOrder:output_type -> core.Order - 18, // 30: ra.RegistrationAuthority.GenerateOCSP:output_type -> ca.OCSPResponse - 12, // 31: ra.RegistrationAuthority.UnpauseAccount:output_type -> ra.UnpauseAccountResponse - 18, // [18:32] is the sub-list for method output_type - 4, // [4:18] is the sub-list for method input_type + 15, // 0: ra.UpdateAuthorizationRequest.authz:type_name -> core.Authorization + 16, // 1: ra.UpdateAuthorizationRequest.response:type_name -> core.Challenge + 15, // 2: ra.PerformValidationRequest.authz:type_name -> core.Authorization + 17, // 3: ra.FinalizeOrderRequest.order:type_name -> core.Order + 18, // 4: ra.RegistrationAuthority.NewRegistration:input_type -> core.Registration + 3, // 5: ra.RegistrationAuthority.UpdateRegistrationContact:input_type -> ra.UpdateRegistrationContactRequest + 4, // 6: ra.RegistrationAuthority.UpdateRegistrationKey:input_type -> ra.UpdateRegistrationKeyRequest + 6, // 7: ra.RegistrationAuthority.PerformValidation:input_type -> ra.PerformValidationRequest + 18, // 8: ra.RegistrationAuthority.DeactivateRegistration:input_type -> core.Registration + 15, // 9: ra.RegistrationAuthority.DeactivateAuthorization:input_type -> core.Authorization + 7, // 10: ra.RegistrationAuthority.RevokeCertByApplicant:input_type -> ra.RevokeCertByApplicantRequest + 8, // 11: ra.RegistrationAuthority.RevokeCertByKey:input_type -> ra.RevokeCertByKeyRequest + 9, // 12: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:input_type -> ra.AdministrativelyRevokeCertificateRequest + 10, // 13: ra.RegistrationAuthority.NewOrder:input_type -> ra.NewOrderRequest + 11, // 14: ra.RegistrationAuthority.GetAuthorization:input_type -> ra.GetAuthorizationRequest + 12, // 15: ra.RegistrationAuthority.FinalizeOrder:input_type -> ra.FinalizeOrderRequest + 2, // 16: ra.RegistrationAuthority.GenerateOCSP:input_type -> ra.GenerateOCSPRequest + 13, // 17: ra.RegistrationAuthority.UnpauseAccount:input_type -> ra.UnpauseAccountRequest + 0, // 18: ra.SCTProvider.GetSCTs:input_type -> ra.SCTRequest + 18, // 19: ra.RegistrationAuthority.NewRegistration:output_type -> core.Registration + 18, // 20: ra.RegistrationAuthority.UpdateRegistrationContact:output_type -> core.Registration + 18, // 21: ra.RegistrationAuthority.UpdateRegistrationKey:output_type -> core.Registration + 15, // 22: ra.RegistrationAuthority.PerformValidation:output_type -> core.Authorization + 19, // 23: ra.RegistrationAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty + 19, // 24: ra.RegistrationAuthority.DeactivateAuthorization:output_type -> google.protobuf.Empty + 19, // 25: ra.RegistrationAuthority.RevokeCertByApplicant:output_type -> google.protobuf.Empty + 19, // 26: ra.RegistrationAuthority.RevokeCertByKey:output_type -> google.protobuf.Empty + 19, // 27: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:output_type -> google.protobuf.Empty + 17, // 28: ra.RegistrationAuthority.NewOrder:output_type -> core.Order + 15, // 29: ra.RegistrationAuthority.GetAuthorization:output_type -> core.Authorization + 17, // 30: ra.RegistrationAuthority.FinalizeOrder:output_type -> core.Order + 20, // 31: ra.RegistrationAuthority.GenerateOCSP:output_type -> ca.OCSPResponse + 14, // 32: ra.RegistrationAuthority.UnpauseAccount:output_type -> ra.UnpauseAccountResponse + 1, // 33: ra.SCTProvider.GetSCTs:output_type -> ra.SCTResponse + 19, // [19:34] is the sub-list for method output_type + 4, // [4:19] is the sub-list for method input_type 4, // [4:4] is the sub-list for extension type_name 4, // [4:4] is the sub-list for extension extendee 0, // [0:4] is the sub-list for field type_name @@ -1029,7 +1136,7 @@ func file_ra_proto_init() { } if !protoimpl.UnsafeEnabled { file_ra_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GenerateOCSPRequest); i { + switch v := v.(*SCTRequest); i { case 0: return &v.state case 1: @@ -1041,7 +1148,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UpdateRegistrationContactRequest); i { + switch v := v.(*SCTResponse); i { case 0: return &v.state case 1: @@ -1053,7 +1160,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UpdateRegistrationKeyRequest); i { + switch v := v.(*GenerateOCSPRequest); i { case 0: return &v.state case 1: @@ -1065,7 +1172,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UpdateAuthorizationRequest); i { + switch v := v.(*UpdateRegistrationContactRequest); i { case 0: return &v.state case 1: @@ -1077,7 +1184,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PerformValidationRequest); i { + switch v := v.(*UpdateRegistrationKeyRequest); i { case 0: return &v.state case 1: @@ -1089,7 +1196,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RevokeCertByApplicantRequest); i { + switch v := v.(*UpdateAuthorizationRequest); i { case 0: return &v.state case 1: @@ -1101,7 +1208,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RevokeCertByKeyRequest); i { + switch v := v.(*PerformValidationRequest); i { case 0: return &v.state case 1: @@ -1113,7 +1220,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AdministrativelyRevokeCertificateRequest); i { + switch v := v.(*RevokeCertByApplicantRequest); i { case 0: return &v.state case 1: @@ -1125,7 +1232,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NewOrderRequest); i { + switch v := v.(*RevokeCertByKeyRequest); i { case 0: return &v.state case 1: @@ -1137,7 +1244,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetAuthorizationRequest); i { + switch v := v.(*AdministrativelyRevokeCertificateRequest); i { case 0: return &v.state case 1: @@ -1149,7 +1256,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FinalizeOrderRequest); i { + switch v := v.(*NewOrderRequest); i { case 0: return &v.state case 1: @@ -1161,7 +1268,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UnpauseAccountRequest); i { + switch v := v.(*GetAuthorizationRequest); i { case 0: return &v.state case 1: @@ -1173,6 +1280,30 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FinalizeOrderRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_ra_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UnpauseAccountRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_ra_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UnpauseAccountResponse); i { case 0: return &v.state @@ -1191,9 +1322,9 @@ func file_ra_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_ra_proto_rawDesc, NumEnums: 0, - NumMessages: 13, + NumMessages: 15, NumExtensions: 0, - NumServices: 1, + NumServices: 2, }, GoTypes: file_ra_proto_goTypes, DependencyIndexes: file_ra_proto_depIdxs, diff --git a/ra/proto/ra.proto b/ra/proto/ra.proto index ef81a19f4..61743d36e 100644 --- a/ra/proto/ra.proto +++ b/ra/proto/ra.proto @@ -25,6 +25,18 @@ service RegistrationAuthority { rpc UnpauseAccount(UnpauseAccountRequest) returns (UnpauseAccountResponse) {} } +service SCTProvider { + rpc GetSCTs(SCTRequest) returns (SCTResponse) {} +} + +message SCTRequest { + bytes precertDER = 1; +} + +message SCTResponse { + repeated bytes sctDER = 1; +} + message GenerateOCSPRequest { string serial = 1; } diff --git a/ra/proto/ra_grpc.pb.go b/ra/proto/ra_grpc.pb.go index 85dece89a..4a13e9674 100644 --- a/ra/proto/ra_grpc.pb.go +++ b/ra/proto/ra_grpc.pb.go @@ -607,3 +607,94 @@ var RegistrationAuthority_ServiceDesc = grpc.ServiceDesc{ Streams: []grpc.StreamDesc{}, Metadata: "ra.proto", } + +const ( + SCTProvider_GetSCTs_FullMethodName = "/ra.SCTProvider/GetSCTs" +) + +// SCTProviderClient is the client API for SCTProvider service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type SCTProviderClient interface { + GetSCTs(ctx context.Context, in *SCTRequest, opts ...grpc.CallOption) (*SCTResponse, error) +} + +type sCTProviderClient struct { + cc grpc.ClientConnInterface +} + +func NewSCTProviderClient(cc grpc.ClientConnInterface) SCTProviderClient { + return &sCTProviderClient{cc} +} + +func (c *sCTProviderClient) GetSCTs(ctx context.Context, in *SCTRequest, opts ...grpc.CallOption) (*SCTResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(SCTResponse) + err := c.cc.Invoke(ctx, SCTProvider_GetSCTs_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// SCTProviderServer is the server API for SCTProvider service. +// All implementations must embed UnimplementedSCTProviderServer +// for forward compatibility +type SCTProviderServer interface { + GetSCTs(context.Context, *SCTRequest) (*SCTResponse, error) + mustEmbedUnimplementedSCTProviderServer() +} + +// UnimplementedSCTProviderServer must be embedded to have forward compatible implementations. +type UnimplementedSCTProviderServer struct { +} + +func (UnimplementedSCTProviderServer) GetSCTs(context.Context, *SCTRequest) (*SCTResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSCTs not implemented") +} +func (UnimplementedSCTProviderServer) mustEmbedUnimplementedSCTProviderServer() {} + +// UnsafeSCTProviderServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to SCTProviderServer will +// result in compilation errors. +type UnsafeSCTProviderServer interface { + mustEmbedUnimplementedSCTProviderServer() +} + +func RegisterSCTProviderServer(s grpc.ServiceRegistrar, srv SCTProviderServer) { + s.RegisterService(&SCTProvider_ServiceDesc, srv) +} + +func _SCTProvider_GetSCTs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SCTRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SCTProviderServer).GetSCTs(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SCTProvider_GetSCTs_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SCTProviderServer).GetSCTs(ctx, req.(*SCTRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// SCTProvider_ServiceDesc is the grpc.ServiceDesc for SCTProvider service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var SCTProvider_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "ra.SCTProvider", + HandlerType: (*SCTProviderServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "GetSCTs", + Handler: _SCTProvider_GetSCTs_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "ra.proto", +} diff --git a/ra/ra.go b/ra/ra.go index 050bf85e0..a93337245 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -4,7 +4,6 @@ import ( "context" "crypto" "crypto/x509" - "encoding/hex" "encoding/json" "errors" "fmt" @@ -74,6 +73,7 @@ var ( // populated, or there is a risk of panic. type RegistrationAuthorityImpl struct { rapb.UnsafeRegistrationAuthorityServer + rapb.UnsafeSCTProviderServer CA capb.CertificateAuthorityClient OCSP capb.OCSPGeneratorClient VA va.RemoteClients @@ -103,7 +103,7 @@ type RegistrationAuthorityImpl struct { namesPerCert *prometheus.HistogramVec newRegCounter prometheus.Counter recheckCAACounter prometheus.Counter - newCertCounter *prometheus.CounterVec + newCertCounter prometheus.Counter authzAges *prometheus.HistogramVec orderAges *prometheus.HistogramVec inflightFinalizes prometheus.Gauge @@ -170,10 +170,10 @@ func NewRegistrationAuthorityImpl( }) stats.MustRegister(recheckCAACounter) - newCertCounter := prometheus.NewCounterVec(prometheus.CounterOpts{ + newCertCounter := prometheus.NewCounter(prometheus.CounterOpts{ Name: "new_certificates", - Help: "A counter of new certificates including the certificate profile name and hexadecimal certificate profile hash", - }, []string{"profileName", "profileHash"}) + Help: "A counter of issued certificates", + }) stats.MustRegister(newCertCounter) revocationReasonCounter := prometheus.NewCounterVec(prometheus.CounterOpts{ @@ -1159,6 +1159,16 @@ func (ra *RegistrationAuthorityImpl) validateFinalizeRequest( return csr, nil } +func (ra *RegistrationAuthorityImpl) GetSCTs(ctx context.Context, sctRequest *rapb.SCTRequest) (*rapb.SCTResponse, error) { + scts, err := ra.getSCTs(ctx, sctRequest.PrecertDER) + if err != nil { + return nil, err + } + return &rapb.SCTResponse{ + SctDER: scts, + }, nil +} + // issueCertificateOuter exists solely to ensure that all calls to // issueCertificateInner have their result handled uniformly, no matter what // return path that inner function takes. It takes ownership of the logEvent, @@ -1192,7 +1202,7 @@ func (ra *RegistrationAuthorityImpl) issueCertificateOuter( } // Step 3: Issue the Certificate - cert, cpId, err := ra.issueCertificateInner( + cert, err := ra.issueCertificateInner( ctx, csr, isRenewal, profileName, accountID(order.RegistrationID), orderID(order.Id)) // Step 4: Fail the order if necessary, and update metrics and log fields @@ -1217,19 +1227,14 @@ func (ra *RegistrationAuthorityImpl) issueCertificateOuter( prometheus.Labels{"type": "issued"}, ).Observe(float64(len(order.DnsNames))) - ra.newCertCounter.With( - prometheus.Labels{ - "profileName": cpId.name, - "profileHash": hex.EncodeToString(cpId.hash), - }).Inc() + ra.newCertCounter.Inc() logEvent.SerialNumber = core.SerialToString(cert.SerialNumber) logEvent.CommonName = cert.Subject.CommonName logEvent.Names = cert.DNSNames logEvent.NotBefore = cert.NotBefore logEvent.NotAfter = cert.NotAfter - logEvent.CertProfileName = cpId.name - logEvent.CertProfileHash = hex.EncodeToString(cpId.hash) + logEvent.CertProfileName = profileName result = "successful" } @@ -1269,13 +1274,6 @@ func (ra *RegistrationAuthorityImpl) countCertificateIssued(ctx context.Context, } } -// certProfileID contains the name and hash of a certificate profile returned by -// a CA. -type certProfileID struct { - name string - hash []byte -} - // issueCertificateInner is part of the [issuance cycle]. // // It gets a precertificate from the CA, submits it to CT logs to get SCTs, @@ -1299,7 +1297,7 @@ func (ra *RegistrationAuthorityImpl) issueCertificateInner( isRenewal bool, profileName string, acctID accountID, - oID orderID) (*x509.Certificate, *certProfileID, error) { + oID orderID) (*x509.Certificate, error) { // wrapError adds a prefix to an error. If the error is a boulder error then // the problem detail is updated with the prefix. Otherwise a new error is // returned with the message prefixed using `fmt.Errorf` @@ -1317,49 +1315,55 @@ func (ra *RegistrationAuthorityImpl) issueCertificateInner( OrderID: int64(oID), CertProfileName: profileName, } - // Once we get a precert from IssuePrecertificate, we must attempt issuing - // a final certificate at most once. We achieve that by bailing on any error - // between here and IssueCertificateForPrecertificate. - precert, err := ra.CA.IssuePrecertificate(ctx, issueReq) - if err != nil { - return nil, nil, wrapError(err, "issuing precertificate") + + var certDER []byte + if features.Get().UnsplitIssuance { + resp, err := ra.CA.IssueCertificate(ctx, issueReq) + if err != nil { + return nil, err + } + certDER = resp.DER + } else { + // Once we get a precert from IssuePrecertificate, we must attempt issuing + // a final certificate at most once. We achieve that by bailing on any error + // between here and IssueCertificateForPrecertificate. + precert, err := ra.CA.IssuePrecertificate(ctx, issueReq) + if err != nil { + return nil, wrapError(err, "issuing precertificate") + } + + scts, err := ra.getSCTs(ctx, precert.DER) + if err != nil { + return nil, wrapError(err, "getting SCTs") + } + + certPB, err := ra.CA.IssueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ + DER: precert.DER, + SCTs: scts, + RegistrationID: int64(acctID), + OrderID: int64(oID), + CertProfileHash: precert.CertProfileHash, + }) + if err != nil { + return nil, wrapError(err, "issuing certificate for precertificate") + } + certDER = certPB.Der } - parsedPrecert, err := x509.ParseCertificate(precert.DER) + parsedCertificate, err := x509.ParseCertificate(certDER) if err != nil { - return nil, nil, wrapError(err, "parsing precertificate") - } - - scts, err := ra.getSCTs(ctx, precert.DER, parsedPrecert.NotAfter) - if err != nil { - return nil, nil, wrapError(err, "getting SCTs") - } - - cert, err := ra.CA.IssueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ - DER: precert.DER, - SCTs: scts, - RegistrationID: int64(acctID), - OrderID: int64(oID), - CertProfileHash: precert.CertProfileHash, - }) - if err != nil { - return nil, nil, wrapError(err, "issuing certificate for precertificate") - } - - parsedCertificate, err := x509.ParseCertificate(cert.Der) - if err != nil { - return nil, nil, wrapError(err, "parsing final certificate") + return nil, wrapError(err, "parsing final certificate") } ra.countCertificateIssued(ctx, int64(acctID), slices.Clone(parsedCertificate.DNSNames), isRenewal) // Asynchronously submit the final certificate to any configured logs - go ra.ctpolicy.SubmitFinalCert(cert.Der, parsedCertificate.NotAfter) + go ra.ctpolicy.SubmitFinalCert(certDER, parsedCertificate.NotAfter) err = ra.matchesCSR(parsedCertificate, csr) if err != nil { ra.certCSRMismatch.Inc() - return nil, nil, err + return nil, err } _, err = ra.SA.FinalizeOrder(ctx, &sapb.FinalizeOrderRequest{ @@ -1367,15 +1371,20 @@ func (ra *RegistrationAuthorityImpl) issueCertificateInner( CertificateSerial: core.SerialToString(parsedCertificate.SerialNumber), }) if err != nil { - return nil, nil, wrapError(err, "persisting finalized order") + return nil, wrapError(err, "persisting finalized order") } - return parsedCertificate, &certProfileID{name: precert.CertProfileName, hash: precert.CertProfileHash}, nil + return parsedCertificate, nil } -func (ra *RegistrationAuthorityImpl) getSCTs(ctx context.Context, cert []byte, expiration time.Time) (core.SCTDERs, error) { +func (ra *RegistrationAuthorityImpl) getSCTs(ctx context.Context, precertDER []byte) (core.SCTDERs, error) { started := ra.clk.Now() - scts, err := ra.ctpolicy.GetSCTs(ctx, cert, expiration) + precert, err := x509.ParseCertificate(precertDER) + if err != nil { + return nil, fmt.Errorf("parsing precertificate: %w", err) + } + + scts, err := ra.ctpolicy.GetSCTs(ctx, precertDER, precert.NotAfter) took := ra.clk.Since(started) if err != nil { state := "failure" diff --git a/ra/ra_test.go b/ra/ra_test.go index 636846374..f5fcea7d0 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -3337,7 +3337,7 @@ func TestIssueCertificateInnerErrs(t *testing.T) { // Mock the CA ra.CA = tc.Mock // Attempt issuance - _, _, err = ra.issueCertificateInner(ctx, csrOb, false, order.CertificateProfileName, accountID(Registration.Id), orderID(order.Id)) + _, err = ra.issueCertificateInner(ctx, csrOb, false, order.CertificateProfileName, accountID(Registration.Id), orderID(order.Id)) // We expect all of the testcases to fail because all use mocked CAs that deliberately error test.AssertError(t, err, "issueCertificateInner with failing mock CA did not fail") // If there is an expected `error` then match the error message @@ -3362,6 +3362,10 @@ type MockCARecordingProfile struct { profileHash []byte } +func (ca *MockCARecordingProfile) IssueCertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssueCertificateResponse, error) { + return nil, errors.New("IssueCertificate called in a test that didn't need it") +} + func (ca *MockCARecordingProfile) IssuePrecertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) { ca.profileName = req.CertProfileName return ca.inner.IssuePrecertificate(ctx, req) @@ -3468,8 +3472,6 @@ func TestIssueCertificateOuter(t *testing.T) { if !bytes.Equal(mockCA.profileHash, wantHash) { t.Errorf("recorded profileName = %x, want %x", mockCA.profileHash, wantHash) } - test.AssertMetricWithLabelsEquals(t, ra.newCertCounter, prometheus.Labels{"profileName": tc.wantProfile, "profileHash": tc.wantHash}, 1) - ra.newCertCounter.Reset() }) } } diff --git a/test/asserts.go b/test/asserts.go index 0f64b7a0d..d0dbf29bb 100644 --- a/test/asserts.go +++ b/test/asserts.go @@ -247,5 +247,7 @@ loop: total += float64(iom.Histogram.GetSampleCount()) } } - AssertEquals(t, total, expected) + if total != expected { + t.Errorf("metric with labels %+v: got %g, want %g", l, total, expected) + } } diff --git a/test/config-next/ca.json b/test/config-next/ca.json index 05f66cbbb..1fb58b416 100644 --- a/test/config-next/ca.json +++ b/test/config-next/ca.json @@ -31,6 +31,16 @@ } } }, + "sctService": { + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "ra-sct-provider", + "domain": "service.consul" + }, + "timeout": "15s", + "noWaitForReady": true, + "hostOverride": "ra.boulder" + }, "saService": { "dnsAuthority": "consul.service.consul", "srvLookup": { diff --git a/test/config-next/ra.json b/test/config-next/ra.json index 3fe1a9521..c2170b65e 100644 --- a/test/config-next/ra.json +++ b/test/config-next/ra.json @@ -127,6 +127,11 @@ "sfe.boulder" ] }, + "ra.SCTProvider": { + "clientNames": [ + "ca.boulder" + ] + }, "grpc.health.v1.Health": { "clientNames": [ "health-checker.boulder" @@ -138,6 +143,7 @@ "AsyncFinalize": true, "AutomaticallyPauseZombieClients": true, "NoPendingAuthzReuse": true, + "UnsplitIssuance": true, "EnforceMPIC": true }, "ctLogs": { diff --git a/test/consul/config.hcl b/test/consul/config.hcl index d00af2681..c29718730 100644 --- a/test/consul/config.hcl +++ b/test/consul/config.hcl @@ -144,6 +144,22 @@ services { tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. } +services { + id = "ra-sct-provider-a" + name = "ra-sct-provider" + address = "10.77.77.77" + port = 9594 + tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. +} + +services { + id = "ra-sct-provider-b" + name = "ra-sct-provider" + address = "10.77.77.77" + port = 9694 + tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. +} + services { id = "ra-a" name = "ra" diff --git a/test/integration/otel_test.go b/test/integration/otel_test.go index d2f944394..5cc6bd49e 100644 --- a/test/integration/otel_test.go +++ b/test/integration/otel_test.go @@ -226,7 +226,7 @@ func TestTraces(t *testing.T) { httpSpan("/acme/chall/"), httpSpan("/acme/finalize/", rpcSpan("ra.RegistrationAuthority/FinalizeOrder", wfe, ra, - rpcSpan("ca.CertificateAuthority/IssueCertificateForPrecertificate", ra, ca))), + rpcSpan("ca.CertificateAuthority/IssueCertificate", ra, ca))), }, } diff --git a/test/startservers.py b/test/startservers.py index 2d94c53e5..99a21b5f8 100644 --- a/test/startservers.py +++ b/test/startservers.py @@ -69,11 +69,11 @@ SERVICES = ( Service('boulder-ca-1', 8001, 9393, 'ca.boulder', ('./bin/boulder', 'boulder-ca', '--config', os.path.join(config_dir, 'ca.json'), '--addr', ':9393', '--debug-addr', ':8001'), - ('boulder-sa-1', 'boulder-sa-2')), + ('boulder-sa-1', 'boulder-sa-2', 'boulder-ra-sct-provider-1', 'boulder-ra-sct-provider-2')), Service('boulder-ca-2', 8101, 9493, 'ca.boulder', ('./bin/boulder', 'boulder-ca', '--config', os.path.join(config_dir, 'ca.json'), '--addr', ':9493', '--debug-addr', ':8101'), - ('boulder-sa-1', 'boulder-sa-2')), + ('boulder-sa-1', 'boulder-sa-2', 'boulder-ra-sct-provider-1', 'boulder-ra-sct-provider-2')), Service('akamai-test-srv', 6789, None, None, ('./bin/akamai-test-srv', '--listen', 'localhost:6789', '--secret', 'its-a-secret'), @@ -102,6 +102,21 @@ SERVICES = ( 8102, 9494, 'ra.boulder', ('./bin/boulder', 'boulder-ra', '--config', os.path.join(config_dir, 'ra.json'), '--addr', ':9494', '--debug-addr', ':8102'), ('boulder-sa-1', 'boulder-sa-2', 'boulder-ca-1', 'boulder-ca-2', 'boulder-va-1', 'boulder-va-2', 'akamai-purger', 'boulder-publisher-1', 'boulder-publisher-2')), + # We run a separate instance of the RA for use as the SCTProvider service called by the CA. + # This solves a small problem of startup order: if a client (the CA in this case) starts + # up before its backends, gRPC will try to connect immediately (due to health checks), + # get a connection refused, and enter a backoff state. That backoff state can cause + # subsequent requests to fail. This issue only exists for the CA-RA pair because they + # have a circular relationship - the RA calls CA.IssueCertificate, and the CA calls + # SCTProvider.GetSCTs (offered by the RA). + Service('boulder-ra-sct-provider-1', + 8118, 9594, 'ra.boulder', + ('./bin/boulder', 'boulder-ra', '--config', os.path.join(config_dir, 'ra.json'), '--addr', ':9594', '--debug-addr', ':8118'), + ('boulder-publisher-1', 'boulder-publisher-2')), + Service('boulder-ra-sct-provider-2', + 8119, 9694, 'ra.boulder', + ('./bin/boulder', 'boulder-ra', '--config', os.path.join(config_dir, 'ra.json'), '--addr', ':9694', '--debug-addr', ':8119'), + ('boulder-publisher-1', 'boulder-publisher-2')), Service('bad-key-revoker', 8020, None, None, ('./bin/boulder', 'bad-key-revoker', '--config', os.path.join(config_dir, 'bad-key-revoker.json'), '--debug-addr', ':8020'),