letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add gRPC server to RA (#2350) 

Fixes #2348.
This commit is contained in:
Roland Bracewell Shoemaker 2016-11-29 15:34:35 -08:00 committed by Jacob Hoffman-Andrews
parent 1df986b858
commit a87379bc6e
19 changed files with 1730 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
ca/proto/ca.pb.go
View File

@ -1,16 +1,15 @@
// Code generated by protoc-gen-go.
// source: ca.proto
// source: ca/proto/ca.proto
// DO NOT EDIT!
/*
Package proto is a generated protocol buffer package.
It is generated from these files:
ca.proto
ca/proto/ca.proto
It has these top-level messages:
IssueCertificateRequest
Certificate
GenerateOCSPRequest
OCSPResponse
*/
@ -19,6 +18,7 @@ package proto
import proto1 "github.com/golang/protobuf/proto"
import fmt "fmt"
import math "math"
import core "github.com/letsencrypt/boulder/core/proto"
import (
context "golang.org/x/net/context"
@ -61,63 +61,6 @@ func (m *IssueCertificateRequest) GetRegistrationID() int64 {
return 0
}
type Certificate struct {
RegistrationID *int64 `protobuf:"varint,1,opt,name=registrationID" json:"registrationID,omitempty"`
Serial *string `protobuf:"bytes,2,opt,name=serial" json:"serial,omitempty"`
Digest *string `protobuf:"bytes,3,opt,name=digest" json:"digest,omitempty"`
Der []byte `protobuf:"bytes,4,opt,name=der" json:"der,omitempty"`
Issued *int64 `protobuf:"varint,5,opt,name=issued" json:"issued,omitempty"`
Expires *int64 `protobuf:"varint,6,opt,name=expires" json:"expires,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *Certificate) Reset() { *m = Certificate{} }
func (m *Certificate) String() string { return proto1.CompactTextString(m) }
func (*Certificate) ProtoMessage() {}
func (*Certificate) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
func (m *Certificate) GetRegistrationID() int64 {
if m != nil && m.RegistrationID != nil {
return *m.RegistrationID
}
return 0
}
func (m *Certificate) GetSerial() string {
if m != nil && m.Serial != nil {
return *m.Serial
}
return ""
}
func (m *Certificate) GetDigest() string {
if m != nil && m.Digest != nil {
return *m.Digest
}
return ""
}
func (m *Certificate) GetDer() []byte {
if m != nil {
return m.Der
}
return nil
}
func (m *Certificate) GetIssued() int64 {
if m != nil && m.Issued != nil {
return *m.Issued
}
return 0
}
func (m *Certificate) GetExpires() int64 {
if m != nil && m.Expires != nil {
return *m.Expires
}
return 0
}
type GenerateOCSPRequest struct {
CertDER []byte `protobuf:"bytes,1,opt,name=certDER" json:"certDER,omitempty"`
Status *string `protobuf:"bytes,2,opt,name=status" json:"status,omitempty"`
@ -129,7 +72,7 @@ type GenerateOCSPRequest struct {
func (m *GenerateOCSPRequest) Reset() { *m = GenerateOCSPRequest{} }
func (m *GenerateOCSPRequest) String() string { return proto1.CompactTextString(m) }
func (*GenerateOCSPRequest) ProtoMessage() {}
func (*GenerateOCSPRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
func (*GenerateOCSPRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
func (m *GenerateOCSPRequest) GetCertDER() []byte {
if m != nil {
@ -167,7 +110,7 @@ type OCSPResponse struct {
func (m *OCSPResponse) Reset() { *m = OCSPResponse{} }
func (m *OCSPResponse) String() string { return proto1.CompactTextString(m) }
func (*OCSPResponse) ProtoMessage() {}
func (*OCSPResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
func (*OCSPResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
func (m *OCSPResponse) GetResponse() []byte {
if m != nil {
@ -178,7 +121,6 @@ func (m *OCSPResponse) GetResponse() []byte {
func init() {
proto1.RegisterType((*IssueCertificateRequest)(nil), "ca.IssueCertificateRequest")
proto1.RegisterType((*Certificate)(nil), "ca.Certificate")
proto1.RegisterType((*GenerateOCSPRequest)(nil), "ca.GenerateOCSPRequest")
proto1.RegisterType((*OCSPResponse)(nil), "ca.OCSPResponse")
}
@ -194,7 +136,7 @@ const _ = grpc.SupportPackageIsVersion3
// Client API for CertificateAuthority service
type CertificateAuthorityClient interface {
IssueCertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
IssueCertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*core.Certificate, error)
GenerateOCSP(ctx context.Context, in *GenerateOCSPRequest, opts ...grpc.CallOption) (*OCSPResponse, error)
}
@ -206,8 +148,8 @@ func NewCertificateAuthorityClient(cc *grpc.ClientConn) CertificateAuthorityClie
return &certificateAuthorityClient{cc}
}
func (c *certificateAuthorityClient) IssueCertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*Certificate, error) {
out := new(Certificate)
func (c *certificateAuthorityClient) IssueCertificate(ctx context.Context, in *IssueCertificateRequest, opts ...grpc.CallOption) (*core.Certificate, error) {
out := new(core.Certificate)
err := grpc.Invoke(ctx, "/ca.CertificateAuthority/IssueCertificate", in, out, c.cc, opts...)
if err != nil {
return nil, err
@ -227,7 +169,7 @@ func (c *certificateAuthorityClient) GenerateOCSP(ctx context.Context, in *Gener
// Server API for CertificateAuthority service
type CertificateAuthorityServer interface {
IssueCertificate(context.Context, *IssueCertificateRequest) (*Certificate, error)
IssueCertificate(context.Context, *IssueCertificateRequest) (*core.Certificate, error)
GenerateOCSP(context.Context, *GenerateOCSPRequest) (*OCSPResponse, error)
}
@ -288,27 +230,25 @@ var _CertificateAuthority_serviceDesc = grpc.ServiceDesc{
Metadata: fileDescriptor0,
}
func init() { proto1.RegisterFile("ca.proto", fileDescriptor0) }
func init() { proto1.RegisterFile("ca/proto/ca.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{
// 302 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x74, 0x91, 0x4f, 0x4f, 0xc2, 0x40,
0x10, 0xc5, 0x29, 0x95, 0x7f, 0x03, 0x01, 0x5c, 0x8d, 0x34, 0x78, 0x21, 0x3d, 0x71, 0xe2, 0xe0,
0xd5, 0xc4, 0x84, 0x3f, 0xc6, 0x70, 0xd2, 0xe0, 0x49, 0x6f, 0x9b, 0xed, 0x88, 0x1b, 0x4d, 0xb7,
0xce, 0x4c, 0x8d, 0x7e, 0x12, 0xbf, 0xae, 0xd9, 0x05, 0x63, 0x63, 0xf0, 0xd6, 0xe9, 0xcc, 0x9b,
0xdf, 0x7b, 0xb3, 0xd0, 0x36, 0x7a, 0x56, 0x90, 0x13, 0xa7, 0xea, 0x46, 0xa7, 0x57, 0x30, 0x5a,
0x33, 0x97, 0xb8, 0x44, 0x12, 0xfb, 0x64, 0x8d, 0x16, 0xdc, 0xe0, 0x5b, 0x89, 0x2c, 0xaa, 0x0b,
0xb1, 0x61, 0x4a, 0xa2, 0x49, 0x34, 0xed, 0xa9, 0x33, 0xe8, 0x13, 0x6e, 0x2d, 0x0b, 0x69, 0xb1,
0x2e, 0x5f, 0xaf, 0x92, 0xfa, 0x24, 0x9a, 0xc6, 0x29, 0x43, 0xb7, 0x22, 0x3d, 0x30, 0xe6, 0xe5,
0xb1, 0xea, 0x43, 0x93, 0x91, 0xac, 0x7e, 0x0d, 0xb2, 0x8e, 0xaf, 0x33, 0xbb, 0x45, 0x96, 0x24,
0x0e, 0x75, 0x17, 0xe2, 0x0c, 0x29, 0x39, 0x0a, 0xac, 0x3e, 0x34, 0xad, 0xf7, 0x94, 0x25, 0x8d,
0x20, 0x1e, 0x40, 0x0b, 0x3f, 0x0a, 0x4b, 0xc8, 0x49, 0x33, 0x40, 0x1f, 0xe0, 0xe4, 0x06, 0x73,
0x24, 0x2d, 0x78, 0xbb, 0xbc, 0xbf, 0xfb, 0x31, 0x3c, 0x80, 0x96, 0x41, 0x92, 0xd5, 0xf5, 0x66,
0x6f, 0xda, 0x53, 0x45, 0x4b, 0xc9, 0xbf, 0x54, 0x42, 0xcd, 0x2e, 0x0f, 0xd4, 0x86, 0x3a, 0x86,
0x0e, 0xe1, 0xbb, 0x7b, 0xc1, 0x6c, 0x2e, 0x81, 0x1d, 0xa7, 0x13, 0xe8, 0xed, 0x56, 0x72, 0xe1,
0x72, 0x46, 0x35, 0x84, 0x36, 0xed, 0xbf, 0x77, 0x4b, 0x2f, 0xbe, 0x22, 0x38, 0xad, 0x44, 0x9e,
0x97, 0xf2, 0xec, 0xc8, 0xca, 0xa7, 0x5a, 0xc0, 0xf0, 0xef, 0x29, 0xd5, 0xf9, 0xcc, 0xe8, 0xd9,
0x3f, 0x07, 0x1e, 0x0f, 0x7c, 0xb3, 0xf2, 0x3f, 0xad, 0xa9, 0x4b, 0xe8, 0x55, 0x93, 0xa9, 0x91,
0x1f, 0x39, 0x90, 0x75, 0x3c, 0xf4, 0x8d, 0xaa, 0xd3, 0xb4, 0xb6, 0x68, 0x3d, 0x36, 0xc2, 0xc3,
0x7e, 0x07, 0x00, 0x00, 0xff, 0xff, 0x25, 0xda, 0x9b, 0x25, 0xe3, 0x01, 0x00, 0x00,
// 267 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x74, 0x90, 0x4d, 0x4b, 0xc3, 0x40,
0x10, 0x86, 0x9b, 0xc6, 0x5a, 0x3b, 0x86, 0x9a, 0xac, 0x1f, 0x0d, 0xf1, 0x12, 0x72, 0xca, 0x29,
0x05, 0xaf, 0x82, 0x50, 0x1b, 0x91, 0x9e, 0x94, 0x7a, 0xd2, 0xdb, 0xb2, 0x8e, 0x1a, 0x84, 0x6c,
0x9d, 0x99, 0x08, 0xfe, 0x14, 0xff, 0xad, 0x64, 0xd3, 0x42, 0x10, 0xbd, 0xcd, 0xf0, 0xf2, 0x3e,
0xcc, 0x33, 0x10, 0x19, 0x3d, 0xdf, 0x90, 0x15, 0x3b, 0x37, 0xba, 0x70, 0x83, 0x1a, 0x1a, 0x9d,
0x9c, 0x1a, 0x4b, 0xb8, 0x0b, 0x2c, 0x61, 0x17, 0x65, 0x57, 0x30, 0x5b, 0x31, 0x37, 0xb8, 0x44,
0x92, 0xea, 0xa5, 0x32, 0x5a, 0x70, 0x8d, 0x1f, 0x0d, 0xb2, 0xa8, 0x43, 0xf0, 0x0d, 0x53, 0xec,
0xa5, 0x5e, 0x1e, 0xa8, 0x33, 0x98, 0x12, 0xbe, 0x56, 0x2c, 0xa4, 0xa5, 0xb2, 0xf5, 0xaa, 0x8c,
0x87, 0xa9, 0x97, 0xfb, 0xd9, 0x23, 0x1c, 0xdf, 0x62, 0x8d, 0xa4, 0x05, 0xef, 0x96, 0x0f, 0xf7,
0xbb, 0xee, 0x11, 0x8c, 0x0d, 0x92, 0x94, 0x37, 0xeb, 0x6d, 0x7f, 0x0a, 0xfb, 0x2c, 0x5a, 0x1a,
0x76, 0xbd, 0x49, 0xbb, 0x13, 0x6a, 0xb6, 0x75, 0xec, 0xa7, 0x5e, 0x3e, 0x52, 0x11, 0x4c, 0x08,
0x3f, 0xed, 0x3b, 0x3e, 0x2f, 0x24, 0xde, 0x73, 0xe8, 0x14, 0x82, 0x0e, 0xc9, 0x1b, 0x5b, 0x33,
0xaa, 0x10, 0x0e, 0x68, 0x3b, 0x77, 0xd0, 0x8b, 0x6f, 0x0f, 0x4e, 0x7a, 0x87, 0x2f, 0x1a, 0x79,
0xb3, 0x54, 0xc9, 0x97, 0x2a, 0x21, 0xfc, 0x6d, 0xa5, 0xce, 0x0b, 0xa3, 0x8b, 0x7f, 0x5c, 0x93,
0xa8, 0x70, 0x3f, 0xe9, 0x25, 0xd9, 0x40, 0x5d, 0x42, 0xd0, 0x77, 0x53, 0xb3, 0x96, 0xf0, 0x87,
0x6d, 0x12, 0xb6, 0x41, 0xff, 0xd6, 0x6c, 0x70, 0x3d, 0x7e, 0x1a, 0xb9, 0x0f, 0xff, 0x04, 0x00,
0x00, 0xff, 0xff, 0x08, 0x1f, 0xbb, 0xea, 0x90, 0x01, 0x00, 0x00,
}

13
ca/proto/ca.proto
View File

@ -3,8 +3,10 @@ syntax = "proto2";
package ca;
option go_package = "proto";
import "core/proto/core.proto";
service CertificateAuthority {
rpc IssueCertificate(IssueCertificateRequest) returns (Certificate) {}
rpc IssueCertificate(IssueCertificateRequest) returns (core.Certificate) {}
rpc GenerateOCSP(GenerateOCSPRequest) returns (OCSPResponse) {}
}
@ -13,15 +15,6 @@ message IssueCertificateRequest {
optional int64 registrationID = 2;
}
message Certificate {
optional int64 registrationID = 1;
optional string serial = 2;
optional string digest = 3;
optional bytes der = 4;
optional int64 issued = 5; // Unix timestamp (nanoseconds)
optional int64 expires = 6; // Unix timestamp (nanoseconds)
}
message GenerateOCSPRequest {
optional bytes certDER = 1;
optional string status = 2;

2
ca/proto/generate.go
View File

@ -1,3 +1,3 @@
package proto
//go:generate sh -c "protoc --go_out=plugins=grpc:. ca.proto"
//go:generate sh -c "cd ../.. && protoc --go_out=plugins=grpc,Mcore/proto/core.proto=github.com/letsencrypt/boulder/core/proto:. ca/proto/ca.proto"

32
cmd/admin-revoker/main.go
View File

@ -16,8 +16,10 @@ import (
"github.com/letsencrypt/boulder/cmd"
"github.com/letsencrypt/boulder/core"
bgrpc "github.com/letsencrypt/boulder/grpc"
blog "github.com/letsencrypt/boulder/log"
"github.com/letsencrypt/boulder/metrics"
rapb "github.com/letsencrypt/boulder/ra/proto"
"github.com/letsencrypt/boulder/revocation"
"github.com/letsencrypt/boulder/rpc"
"github.com/letsencrypt/boulder/sa"
@ -48,6 +50,8 @@ type config struct {
// The revoker isn't a long running service, so doesn't get a full
// ServiceConfig, just an AMQPConfig.
AMQP *cmd.AMQPConfig
RAService *cmd.GRPCClientConfig
}
Statsd cmd.StatsdConfig
@ -55,13 +59,21 @@ type config struct {
Syslog cmd.SyslogConfig
}
func setupContext(c config) (rpc.RegistrationAuthorityClient, blog.Logger, *gorp.DbMap, rpc.StorageAuthorityClient, metrics.Scope) {
func setupContext(c config) (core.RegistrationAuthority, blog.Logger, *gorp.DbMap, rpc.StorageAuthorityClient, metrics.Scope) {
stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog)
scope := metrics.NewStatsdScope(stats, "AdminRevoker")
amqpConf := c.Revoker.AMQP
rac, err := rpc.NewRegistrationAuthorityClient(clientName, amqpConf, scope)
cmd.FailOnError(err, "Unable to create CA client")
var rac core.RegistrationAuthority
if c.Revoker.RAService != nil {
conn, err := bgrpc.ClientSetup(c.Revoker.RAService, scope)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
rac = bgrpc.NewRegistrationAuthorityClient(rapb.NewRegistrationAuthorityClient(conn), c.Revoker.RAService.Timeout.Duration)
} else {
var err error
rac, err = rpc.NewRegistrationAuthorityClient(clientName, amqpConf, scope)
cmd.FailOnError(err, "Unable to create RA AMQP client")
}
dbURL, err := c.Revoker.DBConfig.URL()
cmd.FailOnError(err, "Couldn't load DB URL")
@ -72,10 +84,10 @@ func setupContext(c config) (rpc.RegistrationAuthorityClient, blog.Logger, *gorp
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, scope)
cmd.FailOnError(err, "Failed to create SA client")
return *rac, logger, dbMap, *sac, scope
return rac, logger, dbMap, *sac, scope
}
func revokeBySerial(ctx context.Context, serial string, reasonCode revocation.Reason, rac rpc.RegistrationAuthorityClient, logger blog.Logger, tx *gorp.Transaction) (err error) {
func revokeBySerial(ctx context.Context, serial string, reasonCode revocation.Reason, rac core.RegistrationAuthority, logger blog.Logger, tx *gorp.Transaction) (err error) {
if reasonCode < 0 || reasonCode == 7 || reasonCode > 10 {
panic(fmt.Sprintf("Invalid reason code: %d", reasonCode))
}
@ -102,7 +114,7 @@ func revokeBySerial(ctx context.Context, serial string, reasonCode revocation.Re
return
}
func revokeByReg(ctx context.Context, regID int64, reasonCode revocation.Reason, rac rpc.RegistrationAuthorityClient, logger blog.Logger, tx *gorp.Transaction) (err error) {
func revokeByReg(ctx context.Context, regID int64, reasonCode revocation.Reason, rac core.RegistrationAuthority, logger blog.Logger, tx *gorp.Transaction) (err error) {
var certs []core.Certificate
_, err = tx.Select(&certs, "SELECT serial FROM certificates WHERE registrationID = :regID", map[string]interface{}{"regID": regID})
if err != nil {
@ -158,14 +170,14 @@ func main() {
reasonCode, err := strconv.Atoi(args[1])
cmd.FailOnError(err, "Reason code argument must be an integer")
cac, logger, dbMap, _, _ := setupContext(c)
rac, logger, dbMap, _, _ := setupContext(c)
tx, err := dbMap.Begin()
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't begin transaction")
}
err = revokeBySerial(ctx, serial, revocation.Reason(reasonCode), cac, logger, tx)
err = revokeBySerial(ctx, serial, revocation.Reason(reasonCode), rac, logger, tx)
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
}
@ -180,7 +192,7 @@ func main() {
reasonCode, err := strconv.Atoi(args[1])
cmd.FailOnError(err, "Reason code argument must be an integer")
cac, logger, dbMap, sac, _ := setupContext(c)
rac, logger, dbMap, sac, _ := setupContext(c)
defer logger.AuditPanic()
tx, err := dbMap.Begin()
@ -193,7 +205,7 @@ func main() {
cmd.FailOnError(err, "Couldn't fetch registration")
}
err = revokeByReg(ctx, regID, revocation.Reason(reasonCode), cac, logger, tx)
err = revokeByReg(ctx, regID, revocation.Reason(reasonCode), rac, logger, tx)
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
}

23
cmd/boulder-ra/main.go
View File

@ -3,10 +3,12 @@ package main
import (
"flag"
"fmt"
"net"
"os"
"time"
"github.com/jmhodges/clock"
"google.golang.org/grpc"
"github.com/letsencrypt/boulder/bdns"
caPB "github.com/letsencrypt/boulder/ca/proto"
@ -19,6 +21,7 @@ import (
"github.com/letsencrypt/boulder/policy"
pubPB "github.com/letsencrypt/boulder/publisher/proto"
"github.com/letsencrypt/boulder/ra"
rapb "github.com/letsencrypt/boulder/ra/proto"
"github.com/letsencrypt/boulder/rpc"
)
@ -206,10 +209,28 @@ func main() {
err = rai.UpdateIssuedCountForever()
cmd.FailOnError(err, "Updating total issuance count")
var grpcSrv *grpc.Server
if c.RA.GRPC != nil {
var listener net.Listener
grpcSrv, listener, err = bgrpc.NewServer(c.RA.GRPC, scope)
cmd.FailOnError(err, "Unable to setup RA gRPC server")
gw := bgrpc.NewRegistrationAuthorityServer(rai)
rapb.RegisterRegistrationAuthorityServer(grpcSrv, gw)
go func() {
err = grpcSrv.Serve(listener)
cmd.FailOnError(err, "RA gRPC service failed")
}()
}
ras, err := rpc.NewAmqpRPCServer(amqpConf, c.RA.MaxConcurrentRPCServerRequests, scope, logger)
cmd.FailOnError(err, "Unable to create RA RPC server")
go cmd.CatchSignals(logger, ras.Stop)
go cmd.CatchSignals(logger, func() {
ras.Stop()
if grpcSrv != nil {
grpcSrv.GracefulStop()
}
})
err = rpc.NewRegistrationAuthorityServer(ras, rai, logger)
cmd.FailOnError(err, "Unable to setup RA RPC server")

19
cmd/boulder-wfe/main.go
View File

@ -10,10 +10,13 @@ import (
"github.com/jmhodges/clock"
"github.com/letsencrypt/boulder/cmd"
"github.com/letsencrypt/boulder/core"
"github.com/letsencrypt/boulder/features"
"github.com/letsencrypt/boulder/goodkey"
bgrpc "github.com/letsencrypt/boulder/grpc"
blog "github.com/letsencrypt/boulder/log"
"github.com/letsencrypt/boulder/metrics"
rapb "github.com/letsencrypt/boulder/ra/proto"
"github.com/letsencrypt/boulder/rpc"
"github.com/letsencrypt/boulder/wfe"
)
@ -41,6 +44,8 @@ type config struct {
AcceptRevocationReason bool
AllowAuthzDeactivation bool
RAService *cmd.GRPCClientConfig
Features map[string]bool
}
@ -56,10 +61,18 @@ type config struct {
}
}
func setupWFE(c config, logger blog.Logger, stats metrics.Scope) (*rpc.RegistrationAuthorityClient, *rpc.StorageAuthorityClient) {
func setupWFE(c config, logger blog.Logger, stats metrics.Scope) (core.RegistrationAuthority, *rpc.StorageAuthorityClient) {
amqpConf := c.WFE.AMQP
rac, err := rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create RA client")
var rac core.RegistrationAuthority
if c.WFE.RAService != nil {
conn, err := bgrpc.ClientSetup(c.WFE.RAService, stats)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
rac = bgrpc.NewRegistrationAuthorityClient(rapb.NewRegistrationAuthorityClient(conn), c.WFE.RAService.Timeout.Duration)
} else {
var err error
rac, err = rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create RA AMQP client")
}
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")

116
core/proto/core.pb.go
View File

@ -12,6 +12,8 @@ It has these top-level messages:
Challenge
ValidationRecord
ProblemDetails
Certificate
Empty
*/
package proto
@ -193,34 +195,106 @@ func (m *ProblemDetails) GetHttpStatus() int32 {
return 0
}
type Certificate struct {
RegistrationID *int64 `protobuf:"varint,1,opt,name=registrationID" json:"registrationID,omitempty"`
Serial *string `protobuf:"bytes,2,opt,name=serial" json:"serial,omitempty"`
Digest *string `protobuf:"bytes,3,opt,name=digest" json:"digest,omitempty"`
Der []byte `protobuf:"bytes,4,opt,name=der" json:"der,omitempty"`
Issued *int64 `protobuf:"varint,5,opt,name=issued" json:"issued,omitempty"`
Expires *int64 `protobuf:"varint,6,opt,name=expires" json:"expires,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *Certificate) Reset() { *m = Certificate{} }
func (m *Certificate) String() string { return proto1.CompactTextString(m) }
func (*Certificate) ProtoMessage() {}
func (*Certificate) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
func (m *Certificate) GetRegistrationID() int64 {
if m != nil && m.RegistrationID != nil {
return *m.RegistrationID
}
return 0
}
func (m *Certificate) GetSerial() string {
if m != nil && m.Serial != nil {
return *m.Serial
}
return ""
}
func (m *Certificate) GetDigest() string {
if m != nil && m.Digest != nil {
return *m.Digest
}
return ""
}
func (m *Certificate) GetDer() []byte {
if m != nil {
return m.Der
}
return nil
}
func (m *Certificate) GetIssued() int64 {
if m != nil && m.Issued != nil {
return *m.Issued
}
return 0
}
func (m *Certificate) GetExpires() int64 {
if m != nil && m.Expires != nil {
return *m.Expires
}
return 0
}
type Empty struct {
XXX_unrecognized []byte `json:"-"`
}
func (m *Empty) Reset() { *m = Empty{} }
func (m *Empty) String() string { return proto1.CompactTextString(m) }
func (*Empty) ProtoMessage() {}
func (*Empty) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
func init() {
proto1.RegisterType((*Challenge)(nil), "core.Challenge")
proto1.RegisterType((*ValidationRecord)(nil), "core.ValidationRecord")
proto1.RegisterType((*ProblemDetails)(nil), "core.ProblemDetails")
proto1.RegisterType((*Certificate)(nil), "core.Certificate")
proto1.RegisterType((*Empty)(nil), "core.Empty")
}
func init() { proto1.RegisterFile("core/proto/core.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{
// 312 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x64, 0x91, 0xcb, 0x6e, 0xf2, 0x30,
0x10, 0x85, 0x65, 0x42, 0xe0, 0xcf, 0x84, 0x1f, 0x81, 0x7b, 0x91, 0xbb, 0xb3, 0xe8, 0x26, 0x2b,
0x50, 0x79, 0x83, 0x5e, 0x36, 0xdd, 0x55, 0xf4, 0xb2, 0xe8, 0xce, 0xc5, 0xa3, 0xc6, 0xc2, 0xc4,
0x91, 0x3d, 0x20, 0xd1, 0x75, 0xdf, 0xac, 0x2f, 0x56, 0xc5, 0x09, 0x95, 0xaa, 0xee, 0x66, 0xce,
0xf1, 0x48, 0xe7, 0x7c, 0x86, 0xb3, 0xb5, 0xf3, 0xb8, 0xa8, 0xbd, 0x23, 0xb7, 0x68, 0xc6, 0x79,
0x1c, 0x79, 0xbf, 0x99, 0x67, 0x5f, 0x0c, 0xb2, 0xdb, 0x52, 0x59, 0x8b, 0xd5, 0x3b, 0x72, 0x80,
0x9e, 0xd1, 0x82, 0x49, 0x56, 0x24, 0x7c, 0x04, 0x7d, 0x3a, 0xd4, 0x28, 0x7a, 0x92, 0x15, 0x19,
0x1f, 0xc3, 0x20, 0x90, 0xa2, 0x5d, 0x10, 0x83, 0xb8, 0xe7, 0x90, 0xec, 0xbc, 0x11, 0x59, 0x5c,
0xfe, 0x43, 0x4a, 0x6e, 0x83, 0x95, 0x48, 0xe2, 0x2a, 0x60, 0xb2, 0xc1, 0xc3, 0xf5, 0x8e, 0x4a,
0xe7, 0xcd, 0x87, 0x22, 0xe3, 0x2a, 0x91, 0x46, 0xe7, 0x0a, 0xa6, 0x7b, 0x65, 0x8d, 0x8e, 0x9a,
0xc7, 0xb5, 0xf3, 0x3a, 0x08, 0x90, 0x49, 0x91, 0x2f, 0xcf, 0xe7, 0x31, 0xdb, 0xcb, 0x8f, 0xbd,
0x8a, 0x36, 0xbf, 0x84, 0x14, 0xbd, 0x77, 0x5e, 0x0c, 0x25, 0x2b, 0xf2, 0xe5, 0x69, 0xfb, 0xec,
0xc1, 0xbb, 0x37, 0x8b, 0xdb, 0x3b, 0x24, 0x65, 0x6c, 0x98, 0x7d, 0x32, 0x98, 0xfc, 0xb9, 0x9c,
0xc0, 0xbf, 0xd2, 0x05, 0xaa, 0xd4, 0x16, 0x63, 0xa5, 0xac, 0xa9, 0x54, 0x3b, 0x4f, 0x5d, 0xa5,
0x0b, 0x98, 0x2a, 0xad, 0x3d, 0x86, 0x80, 0x61, 0x85, 0xc1, 0xd9, 0x3d, 0x6a, 0x91, 0xc8, 0xa4,
0x18, 0xf1, 0x13, 0xc8, 0x3b, 0xeb, 0x39, 0xa0, 0x16, 0x7d, 0xc9, 0x3a, 0xb1, 0xed, 0x44, 0x06,
0x83, 0x48, 0x65, 0x72, 0xe4, 0x60, 0x5b, 0x28, 0xb3, 0x7b, 0x18, 0xff, 0x0e, 0xd6, 0xdc, 0xd4,
0xad, 0xf2, 0xd4, 0xb0, 0x64, 0x47, 0x96, 0x3a, 0xfa, 0x5d, 0x10, 0x0e, 0x50, 0x12, 0xd5, 0x8f,
0x2d, 0xdf, 0x86, 0x61, 0x7a, 0x33, 0x7c, 0x4d, 0xe3, 0x37, 0x7d, 0x07, 0x00, 0x00, 0xff, 0xff,
0x1c, 0xa6, 0xad, 0x9d, 0xbe, 0x01, 0x00, 0x00,
// 383 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x64, 0x92, 0xcf, 0x6e, 0x13, 0x31,
0x10, 0xc6, 0xe5, 0x3a, 0x9b, 0x90, 0xd9, 0x12, 0x52, 0x03, 0x95, 0xb9, 0xad, 0x96, 0xcb, 0x9e,
0x5a, 0xd1, 0x37, 0x80, 0x96, 0x43, 0x6f, 0xa8, 0xfc, 0x39, 0x70, 0x33, 0xf1, 0x90, 0x58, 0x75,
0xd6, 0xab, 0x99, 0xd9, 0x8a, 0x70, 0xe6, 0xcd, 0x78, 0x31, 0xb4, 0xde, 0x0d, 0x08, 0xf5, 0x36,
0x33, 0x9f, 0x47, 0x9a, 0xef, 0xfb, 0x19, 0x5e, 0x6e, 0x12, 0xe1, 0x65, 0x47, 0x49, 0xd2, 0xe5,
0x50, 0x5e, 0xe4, 0xd2, 0xcc, 0x86, 0xba, 0xfe, 0xad, 0x60, 0x79, 0xbd, 0x73, 0x31, 0x62, 0xbb,
0x45, 0x03, 0x70, 0x12, 0xbc, 0x55, 0x95, 0x6a, 0xb4, 0x39, 0x85, 0x99, 0x1c, 0x3a, 0xb4, 0x27,
0x95, 0x6a, 0x96, 0x66, 0x05, 0x73, 0x16, 0x27, 0x3d, 0xdb, 0x79, 0xee, 0x4b, 0xd0, 0x3d, 0x05,
0xbb, 0xcc, 0xcd, 0x53, 0x28, 0x24, 0xdd, 0x63, 0x6b, 0x75, 0x6e, 0x2d, 0xac, 0xef, 0xf1, 0xf0,
0xb6, 0x97, 0x5d, 0xa2, 0xf0, 0xd3, 0x49, 0x48, 0xad, 0x2d, 0xb2, 0xf2, 0x06, 0xce, 0x1e, 0x5c,
0x0c, 0x3e, 0xcf, 0x08, 0x37, 0x89, 0x3c, 0x5b, 0xa8, 0x74, 0x53, 0x5e, 0x9d, 0x5f, 0xe4, 0xdb,
0xbe, 0xfc, 0x95, 0xef, 0xb2, 0x6c, 0x5e, 0x43, 0x81, 0x44, 0x89, 0xec, 0xa2, 0x52, 0x4d, 0x79,
0xf5, 0x62, 0x7c, 0xf6, 0x81, 0xd2, 0xb7, 0x88, 0xfb, 0x1b, 0x14, 0x17, 0x22, 0xd7, 0xbf, 0x14,
0xac, 0x1f, 0x6d, 0xae, 0xe1, 0xc9, 0x2e, 0xb1, 0xb4, 0x6e, 0x8f, 0xd9, 0xd2, 0x72, 0xb0, 0xd4,
0x25, 0x92, 0xc9, 0xd2, 0x2b, 0x38, 0x73, 0xde, 0x13, 0x32, 0x23, 0xdf, 0x21, 0xa7, 0xf8, 0x80,
0xde, 0xea, 0x4a, 0x37, 0xa7, 0xe6, 0x39, 0x94, 0x93, 0xf4, 0x99, 0xd1, 0xdb, 0x59, 0xa5, 0xa6,
0xe1, 0xe8, 0x49, 0x02, 0xb2, 0x2d, 0x2a, 0x7d, 0xcc, 0x21, 0x8e, 0xa1, 0xd4, 0xb7, 0xb0, 0xfa,
0xff, 0xb0, 0x61, 0xa7, 0x1b, 0x27, 0x9f, 0x86, 0x2c, 0xd5, 0x31, 0x4b, 0x9f, 0xf5, 0xe9, 0x10,
0x03, 0xb0, 0x13, 0xe9, 0x3e, 0x8e, 0xf9, 0x0e, 0x19, 0x16, 0x35, 0x43, 0x79, 0x8d, 0x24, 0xe1,
0x7b, 0xd8, 0x38, 0x41, 0x73, 0x0e, 0x2b, 0xc2, 0x6d, 0x60, 0xa1, 0xec, 0xf0, 0xf6, 0x66, 0x82,
0x34, 0x60, 0x41, 0x0a, 0x2e, 0xfe, 0xc3, 0xe4, 0xc3, 0x16, 0x59, 0x26, 0x14, 0x25, 0x68, 0x8f,
0x34, 0x19, 0x58, 0xc1, 0x3c, 0x30, 0xf7, 0xe8, 0x33, 0x0d, 0x6d, 0x9e, 0xc1, 0x02, 0x7f, 0x74,
0x81, 0x70, 0x84, 0xaa, 0xeb, 0x05, 0x14, 0xef, 0xf7, 0x9d, 0x1c, 0xde, 0x2d, 0xbe, 0x16, 0xf9,
0x93, 0xfc, 0x09, 0x00, 0x00, 0xff, 0xff, 0xb7, 0xb8, 0x1e, 0x88, 0x3c, 0x02, 0x00, 0x00,
}

11
core/proto/core.proto
View File

@ -30,3 +30,14 @@ message ProblemDetails {
optional string detail = 2;
optional int32 httpStatus = 3;
}
message Certificate {
optional int64 registrationID = 1;
optional string serial = 2;
optional string digest = 3;
optional bytes der = 4;
optional int64 issued = 5; // Unix timestamp (nanoseconds)
optional int64 expires = 6; // Unix timestamp (nanoseconds)
}
message Empty {}

83
grpc/bcodes.go
View File

@ -4,36 +4,81 @@ import (
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"github.com/letsencrypt/boulder/probs"
"github.com/letsencrypt/boulder/core"
)
// gRPC error codes used by Boulder. While the gRPC codes
// end at 16 we start at 100 to provide a little leeway
// in case they ever decide to add more
const (
// DNSQueryTimeout is used when DNS queries timeout
DNSQueryTimeout codes.Code = 100
// DNSError is used when DNS queries fail for some reason
DNSError codes.Code = 101
MalformedRequestError = iota + 100
NotSupportedError
UnauthorizedError
NotFoundError
LengthRequiredError
SignatureValidationError
RateLimitedError
BadNonceError
NoSuchRegistrationError
InternalServerError
)
// CodeToProblem takes a gRPC error code and translates it to
// a Boulder ProblemType
func CodeToProblem(c codes.Code) probs.ProblemType {
switch c {
case DNSQueryTimeout, DNSError:
return probs.ConnectionProblem
func errorToCode(err error) codes.Code {
switch err.(type) {
case core.MalformedRequestError:
return MalformedRequestError
case core.NotSupportedError:
return NotSupportedError
case core.UnauthorizedError:
return UnauthorizedError
case core.NotFoundError:
return NotFoundError
case core.LengthRequiredError:
return LengthRequiredError
case core.SignatureValidationError:
return SignatureValidationError
case core.RateLimitedError:
return RateLimitedError
case core.BadNonceError:
return BadNonceError
case core.NoSuchRegistrationError:
return NoSuchRegistrationError
case core.InternalServerError:
return InternalServerError
default:
return probs.ServerInternalProblem
return codes.Unknown
}
}
// ErrorToProb converts a error returned by a gRPC call to a
// probs.ProblemDetails
func ErrorToProb(err error) *probs.ProblemDetails {
return &probs.ProblemDetails{
Type: CodeToProblem(grpc.Code(err)),
Detail: grpc.ErrorDesc(err),
func wrapError(err error) error {
return grpc.Errorf(errorToCode(err), err.Error())
}
func unwrapError(err error) error {
code := grpc.Code(err)
errBody := grpc.ErrorDesc(err)
switch code {
case InternalServerError:
return core.InternalServerError(errBody)
case NotSupportedError:
return core.NotSupportedError(errBody)
case MalformedRequestError:
return core.MalformedRequestError(errBody)
case UnauthorizedError:
return core.UnauthorizedError(errBody)
case NotFoundError:
return core.NotFoundError(errBody)
case SignatureValidationError:
return core.SignatureValidationError(errBody)
case NoSuchRegistrationError:
return core.NoSuchRegistrationError(errBody)
case RateLimitedError:
return core.RateLimitedError(errBody)
case LengthRequiredError:
return core.LengthRequiredError(errBody)
case BadNonceError:
return core.BadNonceError(errBody)
default:
return err
}
}

33
grpc/bcodes_test.go
View File

@ -3,18 +3,33 @@ package grpc
import (
"testing"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"github.com/letsencrypt/boulder/probs"
"github.com/letsencrypt/boulder/core"
"github.com/letsencrypt/boulder/test"
)
func TestErrorToProb(t *testing.T) {
prob := ErrorToProb(CodedError(codes.Aborted, "it's an error!"))
test.AssertEquals(t, prob.Detail, "it's an error!")
test.AssertEquals(t, prob.Type, probs.ServerInternalProblem)
prob = ErrorToProb(CodedError(DNSQueryTimeout, ""))
test.AssertEquals(t, prob.Type, probs.ConnectionProblem)
prob = ErrorToProb(CodedError(DNSError, ""))
test.AssertEquals(t, prob.Type, probs.ConnectionProblem)
func TestErrors(t *testing.T) {
testcases := []struct {
err error
expectedCode codes.Code
}{
{core.MalformedRequestError("test 1"), MalformedRequestError},
{core.NotSupportedError("test 2"), NotSupportedError},
{core.UnauthorizedError("test 3"), UnauthorizedError},
{core.NotFoundError("test 4"), NotFoundError},
{core.LengthRequiredError("test 5"), LengthRequiredError},
{core.SignatureValidationError("test 6"), SignatureValidationError},
{core.RateLimitedError("test 7"), RateLimitedError},
{core.BadNonceError("test 8"), BadNonceError},
{core.NoSuchRegistrationError("test 9"), NoSuchRegistrationError},
{core.InternalServerError("test 10"), InternalServerError},
}
for _, tc := range testcases {
wrappedErr := wrapError(tc.err)
test.AssertEquals(t, grpc.Code(wrappedErr), tc.expectedCode)
test.AssertEquals(t, tc.err, unwrapError(wrappedErr))
}
}

141
grpc/pb-marshalling.go
View File

@ -6,7 +6,9 @@
package grpc
import (
"encoding/json"
"net"
"time"
"google.golang.org/grpc/codes"
"gopkg.in/square/go-jose.v1"
@ -14,6 +16,7 @@ import (
"github.com/letsencrypt/boulder/core"
corepb "github.com/letsencrypt/boulder/core/proto"
"github.com/letsencrypt/boulder/probs"
rapb "github.com/letsencrypt/boulder/ra/proto"
vapb "github.com/letsencrypt/boulder/va/proto"
)
@ -85,7 +88,7 @@ func pbToProblemDetails(in *corepb.ProblemDetails) (*probs.ProblemDetails, error
return prob, nil
}
func vaChallengeToPB(challenge core.Challenge) (*corepb.Challenge, error) {
func challengeToPB(challenge core.Challenge) (*corepb.Challenge, error) {
st := string(challenge.Status)
return &corepb.Challenge{
Id: &challenge.ID,
@ -96,7 +99,7 @@ func vaChallengeToPB(challenge core.Challenge) (*corepb.Challenge, error) {
}, nil
}
func pbToVAChallenge(in *corepb.Challenge) (challenge core.Challenge, err error) {
func pbToChallenge(in *corepb.Challenge) (challenge core.Challenge, err error) {
if in == nil {
return core.Challenge{}, ErrMissingParameters
}
@ -206,7 +209,7 @@ func performValidationReqToArgs(in *vapb.PerformValidationRequest) (domain strin
return
}
domain = *in.Domain
challenge, err = pbToVAChallenge(in.Challenge)
challenge, err = pbToChallenge(in.Challenge)
if err != nil {
return
}
@ -219,7 +222,7 @@ func performValidationReqToArgs(in *vapb.PerformValidationRequest) (domain strin
}
func argsToPerformValidationRequest(domain string, challenge core.Challenge, authz core.Authorization) (*vapb.PerformValidationRequest, error) {
pbChall, err := vaChallengeToPB(challenge)
pbChall, err := challengeToPB(challenge)
if err != nil {
return nil, err
}
@ -234,3 +237,133 @@ func argsToPerformValidationRequest(domain string, challenge core.Challenge, aut
}, nil
}
func registrationToPB(reg core.Registration) (*rapb.Registration, error) {
keyBytes, err := reg.Key.MarshalJSON()
if err != nil {
return nil, err
}
ipBytes, err := reg.InitialIP.MarshalText()
if err != nil {
return nil, err
}
createdAt := reg.CreatedAt.UnixNano()
status := string(reg.Status)
var contacts []string
// Since the default value of rapb.Registration.Contact is a slice
// we need a indicator as to if the value is actually important on
// the other side (pb -> reg).
contactsPresent := reg.Contact != nil
if reg.Contact != nil {
contacts = *reg.Contact
}
return &rapb.Registration{
Id: &reg.ID,
Key: keyBytes,
Contact: contacts,
ContactsPresent: &contactsPresent,
Agreement: &reg.Agreement,
InitialIP: ipBytes,
CreatedAt: &createdAt,
Status: &status,
}, nil
}
func pbToRegistration(pb *rapb.Registration) (core.Registration, error) {
var key jose.JsonWebKey
err := key.UnmarshalJSON(pb.Key)
if err != nil {
return core.Registration{}, err
}
var initialIP net.IP
err = initialIP.UnmarshalText(pb.InitialIP)
if err != nil {
return core.Registration{}, err
}
var contacts *[]string
if *pb.ContactsPresent {
if len(pb.Contact) != 0 {
contacts = &pb.Contact
} else {
// When gRPC creates an empty slice it is actually a nil slice. Since
// certain things boulder uses, like encoding/json, differentiate between
// these we need to de-nil these slices. Without this we are unable to
// properly do registration updates as contacts would always be removed
// as we use the difference between a nil and empty slice in ra.mergeUpdate.
empty := []string{}
contacts = &empty
}
}
return core.Registration{
ID: *pb.Id,
Key: &key,
Contact: contacts,
Agreement: *pb.Agreement,
InitialIP: initialIP,
CreatedAt: time.Unix(0, *pb.CreatedAt),
Status: core.AcmeStatus(*pb.Status),
}, nil
}
func authzToPB(authz core.Authorization) (*rapb.Authorization, error) {
challs := make([]*corepb.Challenge, len(authz.Challenges))
for i, c := range authz.Challenges {
pbChall, err := challengeToPB(c)
if err != nil {
return nil, err
}
challs[i] = pbChall
}
comboBytes, err := json.Marshal(authz.Combinations)
if err != nil {
return nil, err
}
status := string(authz.Status)
var expires int64
if authz.Expires != nil {
expires = authz.Expires.UnixNano()
}
return &rapb.Authorization{
Id: &authz.ID,
Identifier: &authz.Identifier.Value,
RegistrationID: &authz.RegistrationID,
Status: &status,
Expires: &expires,
Challenges: challs,
Combinations: comboBytes,
}, nil
}
func pbToAuthz(pb *rapb.Authorization) (core.Authorization, error) {
challs := make([]core.Challenge, len(pb.Challenges))
for i, c := range pb.Challenges {
chall, err := pbToChallenge(c)
if err != nil {
return core.Authorization{}, err
}
challs[i] = chall
}
var combos [][]int
err := json.Unmarshal(pb.Combinations, &combos)
if err != nil {
return core.Authorization{}, err
}
expires := time.Unix(0, *pb.Expires)
return core.Authorization{
ID: *pb.Id,
Identifier: core.AcmeIdentifier{Type: core.IdentifierDNS, Value: *pb.Identifier},
RegistrationID: *pb.RegistrationID,
Status: core.AcmeStatus(*pb.Status),
Expires: &expires,
Challenges: challs,
Combinations: combos,
}, nil
}
func registrationValid(reg *rapb.Registration) bool {
return !(reg.Id == nil || reg.Key == nil || reg.Agreement == nil || reg.InitialIP == nil || reg.CreatedAt == nil || reg.Status == nil || reg.ContactsPresent == nil)
}
func authorizationValid(authz *rapb.Authorization) bool {
return !(authz.Id == nil || authz.Identifier == nil || authz.RegistrationID == nil || authz.Status == nil || authz.Expires == nil)
}

98
grpc/pb-marshalling_test.go
View File

@ -4,6 +4,7 @@ import (
"encoding/json"
"net"
"testing"
"time"
"gopkg.in/square/go-jose.v1"
@ -93,7 +94,7 @@ func TestProblemDetails(t *testing.T) {
test.AssertEquals(t, err, ErrMissingParameters)
}
func TestVAChallenge(t *testing.T) {
func TestChallenge(t *testing.T) {
var jwk jose.JsonWebKey
err := json.Unmarshal([]byte(JWK1JSON), &jwk)
test.AssertNotError(t, err, "Failed to unmarshal test key")
@ -105,19 +106,19 @@ func TestVAChallenge(t *testing.T) {
ProvidedKeyAuthorization: "keyauth",
}
pb, err := vaChallengeToPB(chall)
test.AssertNotError(t, err, "vaChallengeToPB failed")
pb, err := challengeToPB(chall)
test.AssertNotError(t, err, "challengeToPB failed")
test.Assert(t, pb != nil, "Returned corepb.Challenge is nil")
recon, err := pbToVAChallenge(pb)
test.AssertNotError(t, err, "pbToVAChallenge failed")
recon, err := pbToChallenge(pb)
test.AssertNotError(t, err, "pbToChallenge failed")
test.AssertDeepEquals(t, recon, chall)
_, err = pbToVAChallenge(nil)
test.AssertError(t, err, "pbToVAChallenge did not fail")
_, err = pbToChallenge(nil)
test.AssertError(t, err, "pbToChallenge did not fail")
test.AssertEquals(t, err, ErrMissingParameters)
_, err = pbToVAChallenge(&corepb.Challenge{})
test.AssertError(t, err, "pbToVAChallenge did not fail")
_, err = pbToChallenge(&corepb.Challenge{})
test.AssertError(t, err, "pbToChallenge did not fail")
test.AssertEquals(t, err, ErrMissingParameters)
}
@ -196,3 +197,82 @@ func TestPerformValidationReq(t *testing.T) {
test.AssertDeepEquals(t, reconChall, chall)
test.AssertDeepEquals(t, reconAuthz, authz)
}
func TestRegistration(t *testing.T) {
contacts := []string{"email"}
var key jose.JsonWebKey
err := json.Unmarshal([]byte(`
{
"e": "AQAB",
"kty": "RSA",
"n": "tSwgy3ORGvc7YJI9B2qqkelZRUC6F1S5NwXFvM4w5-M0TsxbFsH5UH6adigV0jzsDJ5imAechcSoOhAh9POceCbPN1sTNwLpNbOLiQQ7RD5mY_pSUHWXNmS9R4NZ3t2fQAzPeW7jOfF0LKuJRGkekx6tXP1uSnNibgpJULNc4208dgBaCHo3mvaE2HV2GmVl1yxwWX5QZZkGQGjNDZYnjFfa2DKVvFs0QbAk21ROm594kAxlRlMMrvqlf24Eq4ERO0ptzpZgm_3j_e4hGRD39gJS7kAzK-j2cacFQ5Qi2Y6wZI2p-FCq_wiYsfEAIkATPBiLKl_6d_Jfcvs_impcXQ"
}
`), &key)
test.AssertNotError(t, err, "Could not unmarshal testing key")
inReg := core.Registration{
ID: 1,
Key: &key,
Contact: &contacts,
Agreement: "yup",
InitialIP: net.ParseIP("1.1.1.1"),
CreatedAt: time.Now(),
Status: core.StatusValid,
}
pbReg, err := registrationToPB(inReg)
test.AssertNotError(t, err, "registrationToPB failed")
outReg, err := pbToRegistration(pbReg)
test.AssertNotError(t, err, "pbToRegistration failed")
test.AssertDeepEquals(t, inReg, outReg)
inReg.Contact = nil
pbReg, err = registrationToPB(inReg)
test.AssertNotError(t, err, "registrationToPB failed")
pbReg.Contact = []string{}
outReg, err = pbToRegistration(pbReg)
test.AssertNotError(t, err, "pbToRegistration failed")
test.AssertDeepEquals(t, inReg, outReg)
var empty []string
inReg.Contact = &empty
pbReg, err = registrationToPB(inReg)
test.AssertNotError(t, err, "registrationToPB failed")
outReg, err = pbToRegistration(pbReg)
test.AssertNotError(t, err, "pbToRegistration failed")
test.Assert(t, *outReg.Contact != nil, "Empty slice was converted to a nil slice")
}
func TestAuthz(t *testing.T) {
exp := time.Now().AddDate(0, 0, 1)
identifier := core.AcmeIdentifier{Type: core.IdentifierDNS, Value: "example.com"}
combos := make([][]int, 1)
combos[0] = []int{0, 1}
challA := core.Challenge{
ID: 10,
Type: core.ChallengeTypeDNS01,
Status: core.StatusPending,
Token: "asd",
ProvidedKeyAuthorization: "keyauth",
}
challB := core.Challenge{
ID: 11,
Type: core.ChallengeTypeDNS01,
Status: core.StatusPending,
Token: "asd2",
ProvidedKeyAuthorization: "keyauth4",
}
inAuthz := core.Authorization{
ID: "1",
Identifier: identifier,
RegistrationID: 5,
Status: core.StatusPending,
Expires: &exp,
Challenges: []core.Challenge{challA, challB},
Combinations: combos,
}
pbAuthz, err := authzToPB(inAuthz)
test.AssertNotError(t, err, "authzToPB failed")
outAuthz, err := pbToAuthz(pbAuthz)
test.AssertNotError(t, err, "pbToAuthz failed")
test.AssertDeepEquals(t, inAuthz, outAuthz)
}

370
grpc/wrappers.go
View File

@ -16,9 +16,11 @@ import (
caPB "github.com/letsencrypt/boulder/ca/proto"
"github.com/letsencrypt/boulder/core"
corepb "github.com/letsencrypt/boulder/core/proto"
"github.com/letsencrypt/boulder/probs"
"github.com/letsencrypt/boulder/publisher"
pubPB "github.com/letsencrypt/boulder/publisher/proto"
rapb "github.com/letsencrypt/boulder/ra/proto"
"github.com/letsencrypt/boulder/revocation"
vaPB "github.com/letsencrypt/boulder/va/proto"
)
@ -27,6 +29,9 @@ type ValidationAuthorityGRPCServer struct {
impl core.ValidationAuthority
}
var errIncompleteRequest = errors.New("Incomplete gRPC request message")
var errIncompleteResponse = errors.New("Incomplete gRPC response message")
func (s *ValidationAuthorityGRPCServer) PerformValidation(ctx context.Context, in *vaPB.PerformValidationRequest) (*vaPB.ValidationResult, error) {
domain, challenge, authz, err := performValidationReqToArgs(in)
if err != nil {
@ -185,7 +190,7 @@ func NewCertificateAuthorityServer(inner core.CertificateAuthority) *Certificate
return &CertificateAuthorityServerWrapper{inner}
}
func (cas *CertificateAuthorityServerWrapper) IssueCertificate(ctx context.Context, request *caPB.IssueCertificateRequest) (*caPB.Certificate, error) {
func (cas *CertificateAuthorityServerWrapper) IssueCertificate(ctx context.Context, request *caPB.IssueCertificateRequest) (*corepb.Certificate, error) {
csr, err := x509.ParseCertificateRequest(request.Csr)
if err != nil {
return nil, err
@ -195,7 +200,7 @@ func (cas *CertificateAuthorityServerWrapper) IssueCertificate(ctx context.Conte
return nil, err
}
issued, expires := res.Issued.UnixNano(), res.Expires.UnixNano()
return &caPB.Certificate{
return &corepb.Certificate{
RegistrationID: &res.RegistrationID,
Serial: &res.Serial,
Digest: &res.Digest,
@ -217,3 +222,364 @@ func (cas *CertificateAuthorityServerWrapper) GenerateOCSP(ctx context.Context,
}
return &caPB.OCSPResponse{Response: res}, nil
}
// RegistrationAuthorityClientWrapper is the gRPC version of a core.RegistrationAuthority client
type RegistrationAuthorityClientWrapper struct {
inner rapb.RegistrationAuthorityClient
timeout time.Duration
}
func NewRegistrationAuthorityClient(inner rapb.RegistrationAuthorityClient, timeout time.Duration) *RegistrationAuthorityClientWrapper {
return &RegistrationAuthorityClientWrapper{inner, timeout}
}
func (rac RegistrationAuthorityClientWrapper) NewRegistration(ctx context.Context, reg core.Registration) (core.Registration, error) {
localCtx, cancel := context.WithTimeout(ctx, rac.timeout)
defer cancel()
req, err := registrationToPB(reg)
if err != nil {
return core.Registration{}, err
}
response, err := rac.inner.NewRegistration(localCtx, req)
if err != nil {
return core.Registration{}, unwrapError(err)
}
if response == nil || !registrationValid(response) {
return core.Registration{}, errIncompleteResponse
}
r, err := pbToRegistration(response)
return r, err
}
func (rac RegistrationAuthorityClientWrapper) NewAuthorization(ctx context.Context, authz core.Authorization, regID int64) (core.Authorization, error) {
localCtx, cancel := context.WithTimeout(ctx, rac.timeout)
defer cancel()
req, err := authzToPB(authz)
if err != nil {
return core.Authorization{}, err
}
response, err := rac.inner.NewAuthorization(localCtx, &rapb.NewAuthorizationRequest{Authz: req, RegID: &regID})
if err != nil {
return core.Authorization{}, unwrapError(err)
}
if response == nil || !authorizationValid(response) {
return core.Authorization{}, errIncompleteResponse
}
return pbToAuthz(response)
}
func (rac RegistrationAuthorityClientWrapper) NewCertificate(ctx context.Context, csr core.CertificateRequest, regID int64) (core.Certificate, error) {
localCtx, cancel := context.WithTimeout(ctx, rac.timeout)
defer cancel()
response, err := rac.inner.NewCertificate(localCtx, &rapb.NewCertificateRequest{Csr: csr.Bytes, RegID: &regID})
if err != nil {
return core.Certificate{}, unwrapError(err)
}
if response == nil || response.RegistrationID == nil || response.Serial == nil || response.Digest == nil || response.Der == nil || response.Issued == nil || response.Expires == nil {
return core.Certificate{}, errIncompleteResponse
}
return core.Certificate{
RegistrationID: *response.RegistrationID,
Serial: *response.Serial,
Digest: *response.Digest,
DER: response.Der,
Issued: time.Unix(0, *response.Issued),
Expires: time.Unix(0, *response.Expires),
}, nil
}
func (rac RegistrationAuthorityClientWrapper) UpdateRegistration(ctx context.Context, base, updates core.Registration) (core.Registration, error) {
localCtx, cancel := context.WithTimeout(ctx, rac.timeout)
defer cancel()
basePB, err := registrationToPB(base)
if err != nil {
return core.Registration{}, err
}
updatePB, err := registrationToPB(updates)
if err != nil {
return core.Registration{}, err
}
response, err := rac.inner.UpdateRegistration(localCtx, &rapb.UpdateRegistrationRequest{Base: basePB, Update: updatePB})
if err != nil {
return core.Registration{}, unwrapError(err)
}
if response == nil || !registrationValid(response) {
return core.Registration{}, errIncompleteResponse
}
return pbToRegistration(response)
}
func (rac RegistrationAuthorityClientWrapper) UpdateAuthorization(ctx context.Context, authz core.Authorization, challengeIndex int, chall core.Challenge) (core.Authorization, error) {
localCtx, cancel := context.WithTimeout(ctx, rac.timeout)
defer cancel()
authzPB, err := authzToPB(authz)
if err != nil {
return core.Authorization{}, err
}
challPB, err := challengeToPB(chall)
if err != nil {
return core.Authorization{}, err
}
ind := int64(challengeIndex)
response, err := rac.inner.UpdateAuthorization(localCtx, &rapb.UpdateAuthorizationRequest{
Authz: authzPB,
ChallengeIndex: &ind,
Response: challPB,
})
if err != nil {
return core.Authorization{}, unwrapError(err)
}
if response == nil || !authorizationValid(response) {
return core.Authorization{}, errIncompleteResponse
}
return pbToAuthz(response)
}
func (rac RegistrationAuthorityClientWrapper) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, code revocation.Reason, regID int64) error {
localCtx, cancel := context.WithTimeout(ctx, rac.timeout)
defer cancel()
reason := int64(code)
_, err := rac.inner.RevokeCertificateWithReg(localCtx, &rapb.RevokeCertificateWithRegRequest{
Cert: cert.Raw,
Code: &reason,
RegID: &regID,
})
if err != nil {
return unwrapError(err)
}
return nil
}
func (rac RegistrationAuthorityClientWrapper) DeactivateRegistration(ctx context.Context, reg core.Registration) error {
localCtx, cancel := context.WithTimeout(ctx, rac.timeout)
defer cancel()
regPB, err := registrationToPB(reg)
if err != nil {
return err
}
_, err = rac.inner.DeactivateRegistration(localCtx, regPB)
if err != nil {
return unwrapError(err)
}
return nil
}
func (rac RegistrationAuthorityClientWrapper) DeactivateAuthorization(ctx context.Context, auth core.Authorization) error {
localCtx, cancel := context.WithTimeout(ctx, rac.timeout)
defer cancel()
authzPB, err := authzToPB(auth)
if err != nil {
return err
}
_, err = rac.inner.DeactivateAuthorization(localCtx, authzPB)
if err != nil {
return unwrapError(err)
}
return nil
}
func (rac RegistrationAuthorityClientWrapper) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, code revocation.Reason, adminName string) error {
localCtx, cancel := context.WithTimeout(ctx, rac.timeout)
defer cancel()
reason := int64(code)
_, err := rac.inner.AdministrativelyRevokeCertificate(localCtx, &rapb.AdministrativelyRevokeCertificateRequest{
Cert: cert.Raw,
Code: &reason,
AdminName: &adminName,
})
if err != nil {
return unwrapError(err)
}
return nil
}
// RegistrationAuthorityServerWrapper is the gRPC version of a core.RegistrationAuthority server
type RegistrationAuthorityServerWrapper struct {
inner core.RegistrationAuthority
}
func NewRegistrationAuthorityServer(inner core.RegistrationAuthority) *RegistrationAuthorityServerWrapper {
return &RegistrationAuthorityServerWrapper{inner}
}
func (ras *RegistrationAuthorityServerWrapper) NewRegistration(ctx context.Context, request *rapb.Registration) (*rapb.Registration, error) {
if request == nil || !registrationValid(request) {
return nil, errIncompleteRequest
}
reg, err := pbToRegistration(request)
if err != nil {
return nil, err
}
newReg, err := ras.inner.NewRegistration(ctx, reg)
if err != nil {
return nil, wrapError(err)
}
return registrationToPB(newReg)
}
func (ras *RegistrationAuthorityServerWrapper) NewAuthorization(ctx context.Context, request *rapb.NewAuthorizationRequest) (*rapb.Authorization, error) {
if request == nil || !authorizationValid(request.Authz) || request.RegID == nil {
return nil, errIncompleteRequest
}
authz, err := pbToAuthz(request.Authz)
if err != nil {
return nil, err
}
newAuthz, err := ras.inner.NewAuthorization(ctx, authz, *request.RegID)
if err != nil {
return nil, wrapError(err)
}
return authzToPB(newAuthz)
}
func (ras *RegistrationAuthorityServerWrapper) NewCertificate(ctx context.Context, request *rapb.NewCertificateRequest) (*corepb.Certificate, error) {
if request == nil || request.Csr == nil || request.RegID == nil {
return nil, errIncompleteRequest
}
csr, err := x509.ParseCertificateRequest(request.Csr)
if err != nil {
return nil, err
}
cert, err := ras.inner.NewCertificate(ctx, core.CertificateRequest{CSR: csr, Bytes: request.Csr}, *request.RegID)
if err != nil {
return nil, wrapError(err)
}
issued := cert.Issued.UnixNano()
expires := cert.Expires.UnixNano()
return &corepb.Certificate{
RegistrationID: &cert.RegistrationID,
Serial: &cert.Serial,
Digest: &cert.Digest,
Der: cert.DER,
Issued: &issued,
Expires: &expires,
}, nil
}
func (ras *RegistrationAuthorityServerWrapper) UpdateRegistration(ctx context.Context, request *rapb.UpdateRegistrationRequest) (*rapb.Registration, error) {
if request == nil || !registrationValid(request.Base) || !registrationValid(request.Update) {
return nil, errIncompleteRequest
}
base, err := pbToRegistration(request.Base)
if err != nil {
return nil, err
}
update, err := pbToRegistration(request.Update)
if err != nil {
return nil, err
}
newReg, err := ras.inner.UpdateRegistration(ctx, base, update)
if err != nil {
return nil, wrapError(err)
}
return registrationToPB(newReg)
}
func (ras *RegistrationAuthorityServerWrapper) UpdateAuthorization(ctx context.Context, request *rapb.UpdateAuthorizationRequest) (*rapb.Authorization, error) {
if request == nil || !authorizationValid(request.Authz) || request.ChallengeIndex == nil || request.Response == nil {
return nil, errIncompleteRequest
}
authz, err := pbToAuthz(request.Authz)
if err != nil {
return nil, err
}
chall, err := pbToChallenge(request.Response)
if err != nil {
return nil, err
}
newAuthz, err := ras.inner.UpdateAuthorization(ctx, authz, int(*request.ChallengeIndex), chall)
if err != nil {
return nil, wrapError(err)
}
return authzToPB(newAuthz)
}
func (ras *RegistrationAuthorityServerWrapper) RevokeCertificateWithReg(ctx context.Context, request *rapb.RevokeCertificateWithRegRequest) (*corepb.Empty, error) {
if request == nil || request.Cert == nil || request.Code == nil || request.RegID == nil {
return nil, errIncompleteRequest
}
cert, err := x509.ParseCertificate(request.Cert)
if err != nil {
return nil, err
}
err = ras.inner.RevokeCertificateWithReg(ctx, *cert, revocation.Reason(*request.Code), *request.RegID)
if err != nil {
return nil, wrapError(err)
}
return &corepb.Empty{}, nil
}
func (ras *RegistrationAuthorityServerWrapper) DeactivateRegistration(ctx context.Context, request *rapb.Registration) (*corepb.Empty, error) {
if request == nil || !registrationValid(request) {
return nil, errIncompleteRequest
}
reg, err := pbToRegistration(request)
if err != nil {
return nil, err
}
err = ras.inner.DeactivateRegistration(ctx, reg)
if err != nil {
return nil, wrapError(err)
}
return &corepb.Empty{}, nil
}
func (ras *RegistrationAuthorityServerWrapper) DeactivateAuthorization(ctx context.Context, request *rapb.Authorization) (*corepb.Empty, error) {
if request == nil || !authorizationValid(request) {
return nil, errIncompleteRequest
}
authz, err := pbToAuthz(request)
if err != nil {
return nil, err
}
err = ras.inner.DeactivateAuthorization(ctx, authz)
if err != nil {
return nil, wrapError(err)
}
return &corepb.Empty{}, nil
}
func (ras *RegistrationAuthorityServerWrapper) AdministrativelyRevokeCertificate(ctx context.Context, request *rapb.AdministrativelyRevokeCertificateRequest) (*corepb.Empty, error) {
if request == nil || request.Cert == nil || request.Code == nil || request.AdminName == nil {
return nil, errIncompleteRequest
}
cert, err := x509.ParseCertificate(request.Cert)
if err != nil {
return nil, err
}
err = ras.inner.AdministrativelyRevokeCertificate(ctx, *cert, revocation.Reason(*request.Code), *request.AdminName)
if err != nil {
return nil, wrapError(err)
}
return &corepb.Empty{}, nil
}

3
ra/proto/generate.go Normal file
View File

@ -0,0 +1,3 @@
package proto
//go:generate sh -c "cd ../.. && protoc --go_out=plugins=grpc,Mcore/proto/core.proto=github.com/letsencrypt/boulder/core/proto:. ra/proto/ra.proto"

751
ra/proto/ra.pb.go Normal file
View File

@ -0,0 +1,751 @@
// Code generated by protoc-gen-go.
// source: ra/proto/ra.proto
// DO NOT EDIT!
/*
Package proto is a generated protocol buffer package.
It is generated from these files:
ra/proto/ra.proto
It has these top-level messages:
Registration
Authorization
NewAuthorizationRequest
NewCertificateRequest
UpdateRegistrationRequest
UpdateAuthorizationRequest
RevokeCertificateWithRegRequest
AdministrativelyRevokeCertificateRequest
*/
package proto
import proto1 "github.com/golang/protobuf/proto"
import fmt "fmt"
import math "math"
import core "github.com/letsencrypt/boulder/core/proto"
import (
context "golang.org/x/net/context"
grpc "google.golang.org/grpc"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto1.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto1.ProtoPackageIsVersion2 // please upgrade the proto package
type Registration struct {
Id *int64 `protobuf:"varint,1,opt,name=id" json:"id,omitempty"`
Key []byte `protobuf:"bytes,2,opt,name=key" json:"key,omitempty"`
Contact []string `protobuf:"bytes,3,rep,name=contact" json:"contact,omitempty"`
ContactsPresent *bool `protobuf:"varint,4,opt,name=contactsPresent" json:"contactsPresent,omitempty"`
Agreement *string `protobuf:"bytes,5,opt,name=agreement" json:"agreement,omitempty"`
InitialIP []byte `protobuf:"bytes,6,opt,name=initialIP" json:"initialIP,omitempty"`
CreatedAt *int64 `protobuf:"varint,7,opt,name=createdAt" json:"createdAt,omitempty"`
Status *string `protobuf:"bytes,8,opt,name=status" json:"status,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *Registration) Reset() { *m = Registration{} }
func (m *Registration) String() string { return proto1.CompactTextString(m) }
func (*Registration) ProtoMessage() {}
func (*Registration) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
func (m *Registration) GetId() int64 {
if m != nil && m.Id != nil {
return *m.Id
}
return 0
}
func (m *Registration) GetKey() []byte {
if m != nil {
return m.Key
}
return nil
}
func (m *Registration) GetContact() []string {
if m != nil {
return m.Contact
}
return nil
}
func (m *Registration) GetContactsPresent() bool {
if m != nil && m.ContactsPresent != nil {
return *m.ContactsPresent
}
return false
}
func (m *Registration) GetAgreement() string {
if m != nil && m.Agreement != nil {
return *m.Agreement
}
return ""
}
func (m *Registration) GetInitialIP() []byte {
if m != nil {
return m.InitialIP
}
return nil
}
func (m *Registration) GetCreatedAt() int64 {
if m != nil && m.CreatedAt != nil {
return *m.CreatedAt
}
return 0
}
func (m *Registration) GetStatus() string {
if m != nil && m.Status != nil {
return *m.Status
}
return ""
}
type Authorization struct {
Id *string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
Identifier *string `protobuf:"bytes,2,opt,name=identifier" json:"identifier,omitempty"`
RegistrationID *int64 `protobuf:"varint,3,opt,name=registrationID" json:"registrationID,omitempty"`
Status *string `protobuf:"bytes,4,opt,name=status" json:"status,omitempty"`
Expires *int64 `protobuf:"varint,5,opt,name=expires" json:"expires,omitempty"`
Challenges []*core.Challenge `protobuf:"bytes,6,rep,name=challenges" json:"challenges,omitempty"`
Combinations []byte `protobuf:"bytes,7,opt,name=combinations" json:"combinations,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *Authorization) Reset() { *m = Authorization{} }
func (m *Authorization) String() string { return proto1.CompactTextString(m) }
func (*Authorization) ProtoMessage() {}
func (*Authorization) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
func (m *Authorization) GetId() string {
if m != nil && m.Id != nil {
return *m.Id
}
return ""
}
func (m *Authorization) GetIdentifier() string {
if m != nil && m.Identifier != nil {
return *m.Identifier
}
return ""
}
func (m *Authorization) GetRegistrationID() int64 {
if m != nil && m.RegistrationID != nil {
return *m.RegistrationID
}
return 0
}
func (m *Authorization) GetStatus() string {
if m != nil && m.Status != nil {
return *m.Status
}
return ""
}
func (m *Authorization) GetExpires() int64 {
if m != nil && m.Expires != nil {
return *m.Expires
}
return 0
}
func (m *Authorization) GetChallenges() []*core.Challenge {
if m != nil {
return m.Challenges
}
return nil
}
func (m *Authorization) GetCombinations() []byte {
if m != nil {
return m.Combinations
}
return nil
}
type NewAuthorizationRequest struct {
Authz *Authorization `protobuf:"bytes,1,opt,name=authz" json:"authz,omitempty"`
RegID *int64 `protobuf:"varint,2,opt,name=regID" json:"regID,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *NewAuthorizationRequest) Reset() { *m = NewAuthorizationRequest{} }
func (m *NewAuthorizationRequest) String() string { return proto1.CompactTextString(m) }
func (*NewAuthorizationRequest) ProtoMessage() {}
func (*NewAuthorizationRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
func (m *NewAuthorizationRequest) GetAuthz() *Authorization {
if m != nil {
return m.Authz
}
return nil
}
func (m *NewAuthorizationRequest) GetRegID() int64 {
if m != nil && m.RegID != nil {
return *m.RegID
}
return 0
}
type NewCertificateRequest struct {
Csr []byte `protobuf:"bytes,1,opt,name=csr" json:"csr,omitempty"`
RegID *int64 `protobuf:"varint,2,opt,name=regID" json:"regID,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *NewCertificateRequest) Reset() { *m = NewCertificateRequest{} }
func (m *NewCertificateRequest) String() string { return proto1.CompactTextString(m) }
func (*NewCertificateRequest) ProtoMessage() {}
func (*NewCertificateRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
func (m *NewCertificateRequest) GetCsr() []byte {
if m != nil {
return m.Csr
}
return nil
}
func (m *NewCertificateRequest) GetRegID() int64 {
if m != nil && m.RegID != nil {
return *m.RegID
}
return 0
}
type UpdateRegistrationRequest struct {
Base *Registration `protobuf:"bytes,1,opt,name=base" json:"base,omitempty"`
Update *Registration `protobuf:"bytes,2,opt,name=update" json:"update,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *UpdateRegistrationRequest) Reset() { *m = UpdateRegistrationRequest{} }
func (m *UpdateRegistrationRequest) String() string { return proto1.CompactTextString(m) }
func (*UpdateRegistrationRequest) ProtoMessage() {}
func (*UpdateRegistrationRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
func (m *UpdateRegistrationRequest) GetBase() *Registration {
if m != nil {
return m.Base
}
return nil
}
func (m *UpdateRegistrationRequest) GetUpdate() *Registration {
if m != nil {
return m.Update
}
return nil
}
type UpdateAuthorizationRequest struct {
Authz *Authorization `protobuf:"bytes,1,opt,name=authz" json:"authz,omitempty"`
ChallengeIndex *int64 `protobuf:"varint,2,opt,name=challengeIndex" json:"challengeIndex,omitempty"`
Response *core.Challenge `protobuf:"bytes,3,opt,name=response" json:"response,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *UpdateAuthorizationRequest) Reset() { *m = UpdateAuthorizationRequest{} }
func (m *UpdateAuthorizationRequest) String() string { return proto1.CompactTextString(m) }
func (*UpdateAuthorizationRequest) ProtoMessage() {}
func (*UpdateAuthorizationRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} }
func (m *UpdateAuthorizationRequest) GetAuthz() *Authorization {
if m != nil {
return m.Authz
}
return nil
}
func (m *UpdateAuthorizationRequest) GetChallengeIndex() int64 {
if m != nil && m.ChallengeIndex != nil {
return *m.ChallengeIndex
}
return 0
}
func (m *UpdateAuthorizationRequest) GetResponse() *core.Challenge {
if m != nil {
return m.Response
}
return nil
}
type RevokeCertificateWithRegRequest struct {
Cert []byte `protobuf:"bytes,1,opt,name=cert" json:"cert,omitempty"`
Code *int64 `protobuf:"varint,2,opt,name=code" json:"code,omitempty"`
RegID *int64 `protobuf:"varint,3,opt,name=regID" json:"regID,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *RevokeCertificateWithRegRequest) Reset() { *m = RevokeCertificateWithRegRequest{} }
func (m *RevokeCertificateWithRegRequest) String() string { return proto1.CompactTextString(m) }
func (*RevokeCertificateWithRegRequest) ProtoMessage() {}
func (*RevokeCertificateWithRegRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} }
func (m *RevokeCertificateWithRegRequest) GetCert() []byte {
if m != nil {
return m.Cert
}
return nil
}
func (m *RevokeCertificateWithRegRequest) GetCode() int64 {
if m != nil && m.Code != nil {
return *m.Code
}
return 0
}
func (m *RevokeCertificateWithRegRequest) GetRegID() int64 {
if m != nil && m.RegID != nil {
return *m.RegID
}
return 0
}
type AdministrativelyRevokeCertificateRequest struct {
Cert []byte `protobuf:"bytes,1,opt,name=cert" json:"cert,omitempty"`
Code *int64 `protobuf:"varint,2,opt,name=code" json:"code,omitempty"`
AdminName *string `protobuf:"bytes,3,opt,name=adminName" json:"adminName,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *AdministrativelyRevokeCertificateRequest) Reset() {
*m = AdministrativelyRevokeCertificateRequest{}
}
func (m *AdministrativelyRevokeCertificateRequest) String() string { return proto1.CompactTextString(m) }
func (*AdministrativelyRevokeCertificateRequest) ProtoMessage() {}
func (*AdministrativelyRevokeCertificateRequest) Descriptor() ([]byte, []int) {
return fileDescriptor0, []int{7}
}
func (m *AdministrativelyRevokeCertificateRequest) GetCert() []byte {
if m != nil {
return m.Cert
}
return nil
}
func (m *AdministrativelyRevokeCertificateRequest) GetCode() int64 {
if m != nil && m.Code != nil {
return *m.Code
}
return 0
}
func (m *AdministrativelyRevokeCertificateRequest) GetAdminName() string {
if m != nil && m.AdminName != nil {
return *m.AdminName
}
return ""
}
func init() {
proto1.RegisterType((*Registration)(nil), "ra.Registration")
proto1.RegisterType((*Authorization)(nil), "ra.Authorization")
proto1.RegisterType((*NewAuthorizationRequest)(nil), "ra.NewAuthorizationRequest")
proto1.RegisterType((*NewCertificateRequest)(nil), "ra.NewCertificateRequest")
proto1.RegisterType((*UpdateRegistrationRequest)(nil), "ra.UpdateRegistrationRequest")
proto1.RegisterType((*UpdateAuthorizationRequest)(nil), "ra.UpdateAuthorizationRequest")
proto1.RegisterType((*RevokeCertificateWithRegRequest)(nil), "ra.RevokeCertificateWithRegRequest")
proto1.RegisterType((*AdministrativelyRevokeCertificateRequest)(nil), "ra.AdministrativelyRevokeCertificateRequest")
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
const _ = grpc.SupportPackageIsVersion3
// Client API for RegistrationAuthority service
type RegistrationAuthorityClient interface {
NewRegistration(ctx context.Context, in *Registration, opts ...grpc.CallOption) (*Registration, error)
NewAuthorization(ctx context.Context, in *NewAuthorizationRequest, opts ...grpc.CallOption) (*Authorization, error)
NewCertificate(ctx context.Context, in *NewCertificateRequest, opts ...grpc.CallOption) (*core.Certificate, error)
UpdateRegistration(ctx context.Context, in *UpdateRegistrationRequest, opts ...grpc.CallOption) (*Registration, error)
UpdateAuthorization(ctx context.Context, in *UpdateAuthorizationRequest, opts ...grpc.CallOption) (*Authorization, error)
RevokeCertificateWithReg(ctx context.Context, in *RevokeCertificateWithRegRequest, opts ...grpc.CallOption) (*core.Empty, error)
DeactivateRegistration(ctx context.Context, in *Registration, opts ...grpc.CallOption) (*core.Empty, error)
DeactivateAuthorization(ctx context.Context, in *Authorization, opts ...grpc.CallOption) (*core.Empty, error)
AdministrativelyRevokeCertificate(ctx context.Context, in *AdministrativelyRevokeCertificateRequest, opts ...grpc.CallOption) (*core.Empty, error)
}
type registrationAuthorityClient struct {
cc *grpc.ClientConn
}
func NewRegistrationAuthorityClient(cc *grpc.ClientConn) RegistrationAuthorityClient {
return &registrationAuthorityClient{cc}
}
func (c *registrationAuthorityClient) NewRegistration(ctx context.Context, in *Registration, opts ...grpc.CallOption) (*Registration, error) {
out := new(Registration)
err := grpc.Invoke(ctx, "/ra.RegistrationAuthority/NewRegistration", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *registrationAuthorityClient) NewAuthorization(ctx context.Context, in *NewAuthorizationRequest, opts ...grpc.CallOption) (*Authorization, error) {
out := new(Authorization)
err := grpc.Invoke(ctx, "/ra.RegistrationAuthority/NewAuthorization", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *registrationAuthorityClient) NewCertificate(ctx context.Context, in *NewCertificateRequest, opts ...grpc.CallOption) (*core.Certificate, error) {
out := new(core.Certificate)
err := grpc.Invoke(ctx, "/ra.RegistrationAuthority/NewCertificate", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *registrationAuthorityClient) UpdateRegistration(ctx context.Context, in *UpdateRegistrationRequest, opts ...grpc.CallOption) (*Registration, error) {
out := new(Registration)
err := grpc.Invoke(ctx, "/ra.RegistrationAuthority/UpdateRegistration", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *registrationAuthorityClient) UpdateAuthorization(ctx context.Context, in *UpdateAuthorizationRequest, opts ...grpc.CallOption) (*Authorization, error) {
out := new(Authorization)
err := grpc.Invoke(ctx, "/ra.RegistrationAuthority/UpdateAuthorization", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *registrationAuthorityClient) RevokeCertificateWithReg(ctx context.Context, in *RevokeCertificateWithRegRequest, opts ...grpc.CallOption) (*core.Empty, error) {
out := new(core.Empty)
err := grpc.Invoke(ctx, "/ra.RegistrationAuthority/RevokeCertificateWithReg", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *registrationAuthorityClient) DeactivateRegistration(ctx context.Context, in *Registration, opts ...grpc.CallOption) (*core.Empty, error) {
out := new(core.Empty)
err := grpc.Invoke(ctx, "/ra.RegistrationAuthority/DeactivateRegistration", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *registrationAuthorityClient) DeactivateAuthorization(ctx context.Context, in *Authorization, opts ...grpc.CallOption) (*core.Empty, error) {
out := new(core.Empty)
err := grpc.Invoke(ctx, "/ra.RegistrationAuthority/DeactivateAuthorization", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *registrationAuthorityClient) AdministrativelyRevokeCertificate(ctx context.Context, in *AdministrativelyRevokeCertificateRequest, opts ...grpc.CallOption) (*core.Empty, error) {
out := new(core.Empty)
err := grpc.Invoke(ctx, "/ra.RegistrationAuthority/AdministrativelyRevokeCertificate", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// Server API for RegistrationAuthority service
type RegistrationAuthorityServer interface {
NewRegistration(context.Context, *Registration) (*Registration, error)
NewAuthorization(context.Context, *NewAuthorizationRequest) (*Authorization, error)
NewCertificate(context.Context, *NewCertificateRequest) (*core.Certificate, error)
UpdateRegistration(context.Context, *UpdateRegistrationRequest) (*Registration, error)
UpdateAuthorization(context.Context, *UpdateAuthorizationRequest) (*Authorization, error)
RevokeCertificateWithReg(context.Context, *RevokeCertificateWithRegRequest) (*core.Empty, error)
DeactivateRegistration(context.Context, *Registration) (*core.Empty, error)
DeactivateAuthorization(context.Context, *Authorization) (*core.Empty, error)
AdministrativelyRevokeCertificate(context.Context, *AdministrativelyRevokeCertificateRequest) (*core.Empty, error)
}
func RegisterRegistrationAuthorityServer(s *grpc.Server, srv RegistrationAuthorityServer) {
s.RegisterService(&_RegistrationAuthority_serviceDesc, srv)
}
func _RegistrationAuthority_NewRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(Registration)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RegistrationAuthorityServer).NewRegistration(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/ra.RegistrationAuthority/NewRegistration",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RegistrationAuthorityServer).NewRegistration(ctx, req.(*Registration))
}
return interceptor(ctx, in, info, handler)
}
func _RegistrationAuthority_NewAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(NewAuthorizationRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RegistrationAuthorityServer).NewAuthorization(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/ra.RegistrationAuthority/NewAuthorization",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RegistrationAuthorityServer).NewAuthorization(ctx, req.(*NewAuthorizationRequest))
}
return interceptor(ctx, in, info, handler)
}
func _RegistrationAuthority_NewCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(NewCertificateRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RegistrationAuthorityServer).NewCertificate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/ra.RegistrationAuthority/NewCertificate",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RegistrationAuthorityServer).NewCertificate(ctx, req.(*NewCertificateRequest))
}
return interceptor(ctx, in, info, handler)
}
func _RegistrationAuthority_UpdateRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(UpdateRegistrationRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RegistrationAuthorityServer).UpdateRegistration(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/ra.RegistrationAuthority/UpdateRegistration",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RegistrationAuthorityServer).UpdateRegistration(ctx, req.(*UpdateRegistrationRequest))
}
return interceptor(ctx, in, info, handler)
}
func _RegistrationAuthority_UpdateAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(UpdateAuthorizationRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RegistrationAuthorityServer).UpdateAuthorization(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/ra.RegistrationAuthority/UpdateAuthorization",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RegistrationAuthorityServer).UpdateAuthorization(ctx, req.(*UpdateAuthorizationRequest))
}
return interceptor(ctx, in, info, handler)
}
func _RegistrationAuthority_RevokeCertificateWithReg_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RevokeCertificateWithRegRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RegistrationAuthorityServer).RevokeCertificateWithReg(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/ra.RegistrationAuthority/RevokeCertificateWithReg",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RegistrationAuthorityServer).RevokeCertificateWithReg(ctx, req.(*RevokeCertificateWithRegRequest))
}
return interceptor(ctx, in, info, handler)
}
func _RegistrationAuthority_DeactivateRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(Registration)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RegistrationAuthorityServer).DeactivateRegistration(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/ra.RegistrationAuthority/DeactivateRegistration",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RegistrationAuthorityServer).DeactivateRegistration(ctx, req.(*Registration))
}
return interceptor(ctx, in, info, handler)
}
func _RegistrationAuthority_DeactivateAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(Authorization)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RegistrationAuthorityServer).DeactivateAuthorization(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/ra.RegistrationAuthority/DeactivateAuthorization",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RegistrationAuthorityServer).DeactivateAuthorization(ctx, req.(*Authorization))
}
return interceptor(ctx, in, info, handler)
}
func _RegistrationAuthority_AdministrativelyRevokeCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(AdministrativelyRevokeCertificateRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RegistrationAuthorityServer).AdministrativelyRevokeCertificate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/ra.RegistrationAuthority/AdministrativelyRevokeCertificate",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RegistrationAuthorityServer).AdministrativelyRevokeCertificate(ctx, req.(*AdministrativelyRevokeCertificateRequest))
}
return interceptor(ctx, in, info, handler)
}
var _RegistrationAuthority_serviceDesc = grpc.ServiceDesc{
ServiceName: "ra.RegistrationAuthority",
HandlerType: (*RegistrationAuthorityServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "NewRegistration",
Handler: _RegistrationAuthority_NewRegistration_Handler,
},
{
MethodName: "NewAuthorization",
Handler: _RegistrationAuthority_NewAuthorization_Handler,
},
{
MethodName: "NewCertificate",
Handler: _RegistrationAuthority_NewCertificate_Handler,
},
{
MethodName: "UpdateRegistration",
Handler: _RegistrationAuthority_UpdateRegistration_Handler,
},
{
MethodName: "UpdateAuthorization",
Handler: _RegistrationAuthority_UpdateAuthorization_Handler,
},
{
MethodName: "RevokeCertificateWithReg",
Handler: _RegistrationAuthority_RevokeCertificateWithReg_Handler,
},
{
MethodName: "DeactivateRegistration",
Handler: _RegistrationAuthority_DeactivateRegistration_Handler,
},
{
MethodName: "DeactivateAuthorization",
Handler: _RegistrationAuthority_DeactivateAuthorization_Handler,
},
{
MethodName: "AdministrativelyRevokeCertificate",
Handler: _RegistrationAuthority_AdministrativelyRevokeCertificate_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: fileDescriptor0,
}
func init() { proto1.RegisterFile("ra/proto/ra.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{
// 632 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x9c, 0x54, 0x4d, 0x6f, 0xd3, 0x40,
0x10, 0x8d, 0xeb, 0x7c, 0xd4, 0x93, 0x34, 0x69, 0x06, 0xda, 0xba, 0x41, 0x14, 0xd7, 0xbd, 0xf8,
0x80, 0x52, 0xa9, 0x1c, 0x10, 0xe2, 0x42, 0x69, 0x10, 0x4a, 0x85, 0xa2, 0x2a, 0x12, 0x42, 0x20,
0x21, 0xb1, 0xb5, 0x87, 0x64, 0xd5, 0xc4, 0x0e, 0xbb, 0x9b, 0xb6, 0xe9, 0x1f, 0x41, 0xe2, 0xca,
0x1f, 0x45, 0xde, 0x38, 0x4d, 0x6d, 0xb7, 0x10, 0x71, 0x5b, 0xcf, 0xce, 0xbc, 0x79, 0xef, 0xed,
0x93, 0xa1, 0x29, 0xd8, 0xe1, 0x44, 0x44, 0x2a, 0x3a, 0x14, 0xac, 0xad, 0x0f, 0xb8, 0x26, 0x58,
0x6b, 0xcb, 0x8f, 0x04, 0x25, 0x17, 0xf1, 0x71, 0x7e, 0xe5, 0xfe, 0x32, 0xa0, 0xd6, 0xa7, 0x01,
0x97, 0x4a, 0x30, 0xc5, 0xa3, 0x10, 0x01, 0xd6, 0x78, 0x60, 0x1b, 0x8e, 0xe1, 0x99, 0x58, 0x05,
0xf3, 0x82, 0x66, 0xf6, 0x9a, 0x63, 0x78, 0x35, 0x6c, 0x40, 0xc5, 0x8f, 0x42, 0xc5, 0x7c, 0x65,
0x9b, 0x8e, 0xe9, 0x59, 0xb8, 0x03, 0x8d, 0xa4, 0x20, 0xcf, 0x04, 0x49, 0x0a, 0x95, 0x5d, 0x74,
0x0c, 0x6f, 0x1d, 0x9b, 0x60, 0xb1, 0x81, 0x20, 0x1a, 0xc7, 0xa5, 0x92, 0x63, 0x78, 0x56, 0x5c,
0xe2, 0x21, 0x57, 0x9c, 0x8d, 0xba, 0x67, 0x76, 0x59, 0xe3, 0x35, 0xc1, 0xf2, 0x05, 0x31, 0x45,
0xc1, 0xb1, 0xb2, 0x2b, 0x7a, 0x5f, 0x1d, 0xca, 0x52, 0x31, 0x35, 0x95, 0xf6, 0x7a, 0x3c, 0xe5,
0xfe, 0x36, 0x60, 0xe3, 0x78, 0xaa, 0x86, 0x91, 0xe0, 0x37, 0x59, 0x76, 0x16, 0x22, 0x00, 0x0f,
0x28, 0x54, 0xfc, 0x3b, 0x27, 0xa1, 0x49, 0x5a, 0xb8, 0x0d, 0x75, 0x71, 0x47, 0x4d, 0xb7, 0x63,
0x9b, 0x19, 0xe4, 0xa2, 0xee, 0x6b, 0x40, 0x85, 0xae, 0x27, 0x5c, 0x90, 0xd4, 0x04, 0x4d, 0x3c,
0x00, 0xf0, 0x87, 0x6c, 0x34, 0xa2, 0x70, 0x40, 0xd2, 0x2e, 0x3b, 0xa6, 0x57, 0x3d, 0x6a, 0xb4,
0xb5, 0x51, 0x27, 0x8b, 0x3a, 0x3e, 0x86, 0x9a, 0x1f, 0x8d, 0xcf, 0x79, 0xa8, 0xc1, 0xa5, 0x66,
0x5d, 0x73, 0x4f, 0x61, 0xa7, 0x47, 0x57, 0x29, 0x9e, 0x7d, 0xfa, 0x31, 0x25, 0xa9, 0xd0, 0x81,
0x12, 0x9b, 0xaa, 0xe1, 0x8d, 0x66, 0x5c, 0x3d, 0x6a, 0xb6, 0x05, 0x6b, 0xa7, 0x05, 0x6d, 0x40,
0x49, 0xd0, 0xa0, 0xdb, 0xd1, 0xfc, 0x4d, 0xf7, 0x05, 0x6c, 0xf5, 0xe8, 0xea, 0x84, 0x44, 0xac,
0xca, 0x67, 0x8a, 0x16, 0x48, 0x55, 0x30, 0x7d, 0x29, 0x34, 0x4e, 0x2d, 0x3b, 0xf4, 0x15, 0x76,
0x3f, 0x4e, 0x02, 0xdd, 0xbc, 0x94, 0xbe, 0x18, 0xdc, 0x83, 0xe2, 0x39, 0x93, 0x94, 0x30, 0xd8,
0x8c, 0x19, 0xa4, 0xde, 0xdb, 0x81, 0xf2, 0x54, 0x0f, 0x6b, 0xb0, 0x7b, 0x3a, 0xdc, 0x19, 0xb4,
0xe6, 0xf0, 0xff, 0x29, 0x71, 0x1b, 0xea, 0xb7, 0xd6, 0x76, 0xc3, 0x80, 0xae, 0xe7, 0xb4, 0x71,
0x1f, 0xd6, 0x05, 0xc9, 0x49, 0x14, 0x4a, 0xd2, 0xaf, 0x94, 0x37, 0xdc, 0xfd, 0x00, 0xcf, 0xfa,
0x74, 0x19, 0x5d, 0xd0, 0x1d, 0x47, 0x3e, 0x71, 0x35, 0xec, 0xd3, 0x60, 0xb1, 0xbf, 0x06, 0x45,
0x9f, 0x84, 0x4a, 0x9c, 0x89, 0xbf, 0xa2, 0x80, 0x92, 0x0d, 0xb7, 0x3e, 0xe9, 0x10, 0xb8, 0x9f,
0xc1, 0x3b, 0x0e, 0xc6, 0x3c, 0x4c, 0xa4, 0x5d, 0xd2, 0x68, 0x96, 0x43, 0x5f, 0x05, 0x36, 0xce,
0x77, 0x8c, 0xd3, 0x63, 0xe3, 0x39, 0x73, 0xeb, 0xe8, 0x67, 0x09, 0xb6, 0xee, 0x9a, 0x96, 0x38,
0xa0, 0x66, 0xf8, 0x12, 0x1a, 0x3d, 0xba, 0x4a, 0x59, 0x9e, 0xb3, 0xb8, 0x95, 0x37, 0xbd, 0x80,
0x1d, 0xd8, 0xcc, 0xc6, 0x0a, 0x9f, 0xc4, 0x7d, 0x0f, 0x84, 0xad, 0x95, 0xb7, 0xde, 0x2d, 0xe0,
0x1b, 0xa8, 0xa7, 0x03, 0x85, 0xbb, 0x09, 0x46, 0x5e, 0x74, 0xab, 0x99, 0xf8, 0xbf, 0xbc, 0x71,
0x0b, 0xf8, 0x1e, 0x30, 0x9f, 0x2e, 0x7c, 0x1a, 0xa3, 0x3c, 0x98, 0xba, 0x7b, 0x05, 0x9d, 0xc2,
0xa3, 0x7b, 0x72, 0x84, 0x7b, 0x4b, 0xa4, 0xd5, 0x65, 0xf5, 0xc0, 0x7e, 0x28, 0x18, 0x78, 0x30,
0xdf, 0xfd, 0xd7, 0xd8, 0xb4, 0xaa, 0x73, 0xa9, 0xef, 0xc6, 0x13, 0x35, 0x73, 0x0b, 0xf8, 0x0a,
0xb6, 0x3b, 0xc4, 0x7c, 0xc5, 0x2f, 0xb3, 0x42, 0xf3, 0x8f, 0x95, 0x19, 0x7d, 0x0d, 0x3b, 0xcb,
0xd1, 0xb4, 0xb4, 0x3c, 0xf5, 0xec, 0xf0, 0x37, 0xd8, 0xff, 0x67, 0x24, 0xf1, 0xb9, 0x86, 0x59,
0x31, 0xb9, 0x99, 0x0d, 0x6f, 0x2b, 0x5f, 0x4a, 0xfa, 0x4f, 0xff, 0x27, 0x00, 0x00, 0xff, 0xff,
0xfc, 0x41, 0x7b, 0x84, 0x18, 0x06, 0x00, 0x00,
}

72
ra/proto/ra.proto Normal file
View File

@ -0,0 +1,72 @@
syntax = "proto2";
package ra;
option go_package = "proto";
import "core/proto/core.proto";
service RegistrationAuthority {
rpc NewRegistration(Registration) returns (Registration) {}
rpc NewAuthorization(NewAuthorizationRequest) returns (Authorization) {}
rpc NewCertificate(NewCertificateRequest) returns (core.Certificate) {}
rpc UpdateRegistration(UpdateRegistrationRequest) returns (Registration) {}
rpc UpdateAuthorization(UpdateAuthorizationRequest) returns (Authorization) {}
rpc RevokeCertificateWithReg(RevokeCertificateWithRegRequest) returns (core.Empty) {}
rpc DeactivateRegistration(Registration) returns (core.Empty) {}
rpc DeactivateAuthorization(Authorization) returns (core.Empty) {}
rpc AdministrativelyRevokeCertificate(AdministrativelyRevokeCertificateRequest) returns (core.Empty) {}
}
message Registration {
optional int64 id = 1;
optional bytes key = 2;
repeated string contact = 3;
optional bool contactsPresent = 4;
optional string agreement = 5;
optional bytes initialIP = 6;
optional int64 createdAt = 7; // Unix timestamp (nanoseconds)
optional string status = 8;
}
message Authorization {
optional string id = 1;
optional string identifier = 2;
optional int64 registrationID = 3;
optional string status = 4;
optional int64 expires = 5; // Unix timestamp (nanoseconds)
repeated core.Challenge challenges = 6;
optional bytes combinations = 7;
}
message NewAuthorizationRequest {
optional Authorization authz = 1;
optional int64 regID = 2;
}
message NewCertificateRequest {
optional bytes csr = 1;
optional int64 regID = 2;
}
message UpdateRegistrationRequest {
optional Registration base = 1;
optional Registration update = 2;
}
message UpdateAuthorizationRequest {
optional Authorization authz = 1;
optional int64 challengeIndex = 2;
optional core.Challenge response = 3;
}
message RevokeCertificateWithRegRequest {
optional bytes cert = 1;
optional int64 code = 2;
optional int64 regID = 3;
}
message AdministrativelyRevokeCertificateRequest {
optional bytes cert = 1;
optional int64 code = 2;
optional string adminName = 3;
}

13
test/config-next/admin-revoker.json
View File

@ -2,13 +2,16 @@
"revoker": {
"dbConnectFile": "test/secrets/revoker_dburl",
"maxDBConns": 1,
"raService": {
"serverAddresses": ["boulder:9094"],
"serverIssuerPath": "test/grpc-creds/minica.pem",
"clientCertificatePath": "test/grpc-creds/boulder-client/cert.pem",
"clientKeyPath": "test/grpc-creds/boulder-client/key.pem",
"timeout": "90s"
},
"amqp": {
"serverURLFile": "test/secrets/amqp_url",
"insecure": true,
"RA": {
"server": "RA.server",
"rpcTimeout": "15s"
},
"SA": {
"server": "SA.server",
"rpcTimeout": "15s"
@ -25,4 +28,4 @@
"stdoutlevel": 6,
"sysloglevel": 4
}
}
}

9
test/config-next/ra.json
View File

@ -32,6 +32,15 @@
"clientKeyPath": "test/grpc-creds/boulder-client/key.pem",
"timeout": "10s"
},
"grpc": {
"address": "boulder:9094",
"clientIssuerPath": "test/grpc-creds/minica.pem",
"serverCertificatePath": "test/grpc-creds/boulder-server/cert.pem",
"serverKeyPath": "test/grpc-creds/boulder-server/key.pem",
"clientNames": [
"boulder-client"
]
},
"amqp": {
"serverURLFile": "test/secrets/amqp_url",
"insecure": true,

11
test/config-next/wfe.json
View File

@ -13,13 +13,16 @@
"acceptRevocationReason": true,
"allowAuthzDeactivation": true,
"debugAddr": "localhost:8000",
"raService": {
"serverAddresses": ["boulder:9094"],
"serverIssuerPath": "test/grpc-creds/minica.pem",
"clientCertificatePath": "test/grpc-creds/boulder-client/cert.pem",
"clientKeyPath": "test/grpc-creds/boulder-client/key.pem",
"timeout": "10s"
},
"amqp": {
"server": "amqp://guest:guest@localhost:5673",
"insecure": true,
"RA": {
"server": "RA.server",
"rpcTimeout": "15s"
},
"SA": {
"server": "SA.server",
"rpcTimeout": "15s"