diff --git a/ca/ca.go b/ca/ca.go index 49c466d4f..87f5354eb 100644 --- a/ca/ca.go +++ b/ca/ca.go @@ -32,7 +32,6 @@ import ( capb "github.com/letsencrypt/boulder/ca/proto" "github.com/letsencrypt/boulder/core" - corepb "github.com/letsencrypt/boulder/core/proto" csrlib "github.com/letsencrypt/boulder/csr" berrors "github.com/letsencrypt/boulder/errors" "github.com/letsencrypt/boulder/goodkey" @@ -304,22 +303,15 @@ var ocspStatusToCode = map[string]int{ // certificate profile. The certificate profile is identified by a hash to ensure an exact match even if // the configuration for a specific profile _name_ changes. // +// Returns precertificate DER. +// // [issuance cycle]: https://github.com/letsencrypt/boulder/blob/main/docs/ISSUANCE-CYCLE.md -func (ca *certificateAuthorityImpl) issuePrecertificate(ctx context.Context, issueReq *capb.IssueCertificateRequest) (*capb.IssuePrecertificateResponse, error) { +func (ca *certificateAuthorityImpl) issuePrecertificate(ctx context.Context, certProfile *certProfileWithID, issueReq *capb.IssueCertificateRequest) ([]byte, error) { // issueReq.orderID may be zero, for ACMEv1 requests. - if core.IsAnyNilOrZero(issueReq, issueReq.Csr, issueReq.RegistrationID, issueReq.CertProfileName) { + if core.IsAnyNilOrZero(issueReq, issueReq.Csr, issueReq.RegistrationID) { return nil, berrors.InternalServerError("Incomplete issue certificate request") } - // The CA must check if it is capable of issuing for the given certificate - // profile name. We check the name here, because the RA is not able to - // precompute profile hashes. All issuance requests must come with a profile - // name, and the RA handles selecting the default. - certProfile, ok := ca.certProfiles.profileByName[issueReq.CertProfileName] - if !ok { - return nil, fmt.Errorf("the CA is incapable of using a profile named %s", issueReq.CertProfileName) - } - serialBigInt, err := ca.generateSerialNumber() if err != nil { return nil, err @@ -339,7 +331,7 @@ func (ca *certificateAuthorityImpl) issuePrecertificate(ctx context.Context, iss return nil, err } - precertDER, cpwid, err := ca.issuePrecertificateInner(ctx, issueReq, certProfile, serialBigInt, notBefore, notAfter) + precertDER, _, err := ca.issuePrecertificateInner(ctx, issueReq, certProfile, serialBigInt, notBefore, notAfter) if err != nil { return nil, err } @@ -349,39 +341,35 @@ func (ca *certificateAuthorityImpl) issuePrecertificate(ctx context.Context, iss return nil, err } - return &capb.IssuePrecertificateResponse{ - DER: precertDER, - CertProfileName: cpwid.name, - CertProfileHash: cpwid.hash[:], - }, nil + return precertDER, nil } func (ca *certificateAuthorityImpl) IssueCertificate(ctx context.Context, issueReq *capb.IssueCertificateRequest) (*capb.IssueCertificateResponse, error) { if ca.sctClient == nil { return nil, errors.New("IssueCertificate called with a nil SCT service") } - precert, err := ca.issuePrecertificate(ctx, issueReq) + + // All issuance requests must come with a profile name, and the RA handles selecting the default. + certProfile, ok := ca.certProfiles.profileByName[issueReq.CertProfileName] + if !ok { + return nil, fmt.Errorf("the CA is incapable of using a profile named %s", issueReq.CertProfileName) + } + precertDER, err := ca.issuePrecertificate(ctx, certProfile, issueReq) if err != nil { return nil, err } - scts, err := ca.sctClient.GetSCTs(ctx, &rapb.SCTRequest{PrecertDER: precert.DER}) + scts, err := ca.sctClient.GetSCTs(ctx, &rapb.SCTRequest{PrecertDER: precertDER}) if err != nil { return nil, err } - cert, err := ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ - DER: precert.DER, - SCTs: scts.SctDER, - RegistrationID: issueReq.RegistrationID, - OrderID: issueReq.OrderID, - CertProfileHash: precert.CertProfileHash, - }) + certDER, err := ca.issueCertificateForPrecertificate(ctx, certProfile, precertDER, scts.SctDER, issueReq.RegistrationID, issueReq.OrderID) if err != nil { return nil, err } - return &capb.IssueCertificateResponse{DER: cert.Der}, nil + return &capb.IssueCertificateResponse{DER: certDER}, nil } -// issueCertificateForPrecertificate final step in the [issuance cycle]. +// issueCertificateForPrecertificate is final step in the [issuance cycle]. // // Given a precertificate and a set of SCTs for that precertificate, it generates // a linting final certificate, then signs a final certificate using a real issuer. @@ -394,9 +382,8 @@ func (ca *certificateAuthorityImpl) IssueCertificate(ctx context.Context, issueR // different set of SCTs on subsequent calls to issueCertificateForPrecertificate. // We rely on the RA not to call issueCertificateForPrecertificate twice for the // same serial. This is accomplished by the fact that -// issueCertificateForPrecertificate is only ever called in a straight-through -// RPC path without retries. If there is any error, including a networking -// error, the whole certificate issuance attempt fails and any subsequent +// issueCertificateForPrecertificate is only ever called once per call to `IssueCertificate`. +// If there is any error, the whole certificate issuance attempt fails and any subsequent // issuance will use a different serial number. // // We also check that the provided serial number does not already exist as a @@ -404,23 +391,21 @@ func (ca *certificateAuthorityImpl) IssueCertificate(ctx context.Context, issueR // there could be race conditions where two goroutines are issuing for the same // serial number at the same time. // +// Returns the final certificate's bytes as DER. +// // [issuance cycle]: https://github.com/letsencrypt/boulder/blob/main/docs/ISSUANCE-CYCLE.md -func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx context.Context, req *capb.IssueCertificateForPrecertificateRequest) (*corepb.Certificate, error) { - // issueReq.orderID may be zero, for ACMEv1 requests. - if core.IsAnyNilOrZero(req, req.DER, req.SCTs, req.RegistrationID, req.CertProfileHash) { +func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx context.Context, + certProfile *certProfileWithID, + precertDER []byte, + sctBytes [][]byte, + regID int64, //nolint: unparam // unparam says "regID` always receives `arbitraryRegID` (`1001`)", which is wrong; that's just what happens in the unittests. + orderID int64, //nolint: unparam // same as above +) ([]byte, error) { + if core.IsAnyNilOrZero(certProfile, precertDER, sctBytes, regID) { return nil, berrors.InternalServerError("Incomplete cert for precertificate request") } - // The certificate profile hash is checked here instead of the name because - // the hash is over the entire contents of a *ProfileConfig giving assurance - // that the certificate profile has remained unchanged during the roundtrip - // from a CA, to the RA, then back to a (potentially different) CA node. - certProfile, ok := ca.certProfiles.profileByHash[[32]byte(req.CertProfileHash)] - if !ok { - return nil, fmt.Errorf("the CA is incapable of using a profile with hash %d", req.CertProfileHash) - } - - precert, err := x509.ParseCertificate(req.DER) + precert, err := x509.ParseCertificate(precertDER) if err != nil { return nil, err } @@ -434,9 +419,9 @@ func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx contex return nil, fmt.Errorf("error checking for duplicate issuance of %s: %s", serialHex, err) } var scts []ct.SignedCertificateTimestamp - for _, sctBytes := range req.SCTs { + for _, singleSCTBytes := range sctBytes { var sct ct.SignedCertificateTimestamp - _, err = cttls.Unmarshal(sctBytes, &sct) + _, err = cttls.Unmarshal(singleSCTBytes, &sct) if err != nil { return nil, err } @@ -462,10 +447,10 @@ func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx contex logEvent := issuanceEvent{ IssuanceRequest: issuanceReq, Issuer: issuer.Name(), - OrderID: req.OrderID, + OrderID: orderID, Profile: certProfile.name, ProfileHash: hex.EncodeToString(certProfile.hash[:]), - Requester: req.RegistrationID, + Requester: regID, } ca.log.AuditObject("Signing cert", logEvent) @@ -497,7 +482,7 @@ func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx contex _, err = ca.sa.AddCertificate(ctx, &sapb.AddCertificateRequest{ Der: certDER, - RegID: req.RegistrationID, + RegID: regID, Issued: timestamppb.New(ca.clk.Now()), }) if err != nil { @@ -505,14 +490,7 @@ func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx contex return nil, err } - return &corepb.Certificate{ - RegistrationID: req.RegistrationID, - Serial: core.SerialToString(precert.SerialNumber), - Der: certDER, - Digest: core.Fingerprint256(certDER), - Issued: timestamppb.New(precert.NotBefore), - Expires: timestamppb.New(precert.NotAfter), - }, nil + return certDER, nil } // generateSerialNumber produces a big.Int which has more than 64 bits of diff --git a/ca/ca_test.go b/ca/ca_test.go index 35d08d261..e331992ab 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -332,12 +332,11 @@ func TestIssuePrecertificate(t *testing.T) { t.Parallel() req, err := x509.ParseCertificateRequest(testCase.csr) test.AssertNotError(t, err, "Certificate request failed to parse") - issueReq := &capb.IssueCertificateRequest{Csr: testCase.csr, RegistrationID: arbitraryRegID, CertProfileName: "legacy"} + issueReq := &capb.IssueCertificateRequest{Csr: testCase.csr, RegistrationID: arbitraryRegID} - var certDER []byte - response, err := ca.issuePrecertificate(ctx, issueReq) + profile := ca.certProfiles.profileByName["legacy"] + certDER, err := ca.issuePrecertificate(ctx, profile, issueReq) test.AssertNotError(t, err, "Failed to issue precertificate") - certDER = response.DER cert, err := x509.ParseCertificate(certDER) test.AssertNotError(t, err, "Certificate failed to parse") @@ -446,9 +445,10 @@ func TestMultipleIssuers(t *testing.T) { test.AssertNotError(t, err, "Failed to remake CA") // Test that an RSA CSR gets issuance from an RSA issuer. - issuedCert, err := ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}) + profile := ca.certProfiles.profileByName["legacy"] + issuedCertDER, err := ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID}) test.AssertNotError(t, err, "Failed to issue certificate") - cert, err := x509.ParseCertificate(issuedCert.DER) + cert, err := x509.ParseCertificate(issuedCertDER) test.AssertNotError(t, err, "Certificate failed to parse") validated := false for _, issuer := range ca.issuers.byAlg[x509.RSA] { @@ -462,9 +462,9 @@ func TestMultipleIssuers(t *testing.T) { test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "precertificate", "status": "success"}, 1) // Test that an ECDSA CSR gets issuance from an ECDSA issuer. - issuedCert, err = ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}) + issuedCertDER, err = ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}) test.AssertNotError(t, err, "Failed to issue certificate") - cert, err = x509.ParseCertificate(issuedCert.DER) + cert, err = x509.ParseCertificate(issuedCertDER) test.AssertNotError(t, err, "Certificate failed to parse") validated = false for _, issuer := range ca.issuers.byAlg[x509.ECDSA] { @@ -530,10 +530,11 @@ func TestUnpredictableIssuance(t *testing.T) { req := &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"} seenE2 := false seenR3 := false + profile := ca.certProfiles.profileByName["legacy"] for i := 0; i < 20; i++ { - result, err := ca.issuePrecertificate(ctx, req) + precertDER, err := ca.issuePrecertificate(ctx, profile, req) test.AssertNotError(t, err, "Failed to issue test certificate") - cert, err := x509.ParseCertificate(result.DER) + cert, err := x509.ParseCertificate(precertDER) test.AssertNotError(t, err, "Failed to parse test certificate") if strings.Contains(cert.Issuer.CommonName, "E1") { t.Fatal("Issued certificate from inactive issuer") @@ -711,8 +712,9 @@ func TestInvalidCSRs(t *testing.T) { t.Run(testCase.name, func(t *testing.T) { t.Parallel() serializedCSR := mustRead(testCase.csrPath) + profile := ca.certProfiles.profileByName["legacy"] issueReq := &capb.IssueCertificateRequest{Csr: serializedCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"} - _, err = ca.issuePrecertificate(ctx, issueReq) + _, err = ca.issuePrecertificate(ctx, profile, issueReq) test.AssertErrorIs(t, err, testCase.errorType) test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "cert"}, 0) @@ -748,7 +750,8 @@ func TestRejectValidityTooLong(t *testing.T) { test.AssertNotError(t, err, "Failed to create CA") // Test that the CA rejects CSRs that would expire after the intermediate cert - _, err = ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}) + profile := ca.certProfiles.profileByName["legacy"] + _, err = ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}) test.AssertError(t, err, "Cannot issue a certificate that expires after the intermediate certificate") test.AssertErrorIs(t, err, berrors.InternalServer) } @@ -840,10 +843,11 @@ func TestIssueCertificateForPrecertificate(t *testing.T) { testCtx.fc) test.AssertNotError(t, err, "Failed to create CA") + profile := ca.certProfiles.profileByName["legacy"] issueReq := capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, OrderID: 0, CertProfileName: "legacy"} - precert, err := ca.issuePrecertificate(ctx, &issueReq) + precertDER, err := ca.issuePrecertificate(ctx, profile, &issueReq) test.AssertNotError(t, err, "Failed to issue precert") - parsedPrecert, err := x509.ParseCertificate(precert.DER) + parsedPrecert, err := x509.ParseCertificate(precertDER) test.AssertNotError(t, err, "Failed to parse precert") test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "precertificate", "status": "success"}, 1) test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "certificate", "status": "success"}, 0) @@ -860,15 +864,14 @@ func TestIssueCertificateForPrecertificate(t *testing.T) { } test.AssertNotError(t, err, "Failed to marshal SCT") - cert, err := ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ - DER: precert.DER, - SCTs: sctBytes, - RegistrationID: arbitraryRegID, - OrderID: 0, - CertProfileHash: precert.CertProfileHash, - }) + certDER, err := ca.issueCertificateForPrecertificate(ctx, + profile, + precertDER, + sctBytes, + arbitraryRegID, + 0) test.AssertNotError(t, err, "Failed to issue cert from precert") - parsedCert, err := x509.ParseCertificate(cert.Der) + parsedCert, err := x509.ParseCertificate(certDER) test.AssertNotError(t, err, "Failed to parse cert") test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "certificate", "status": "success"}, 1) @@ -912,9 +915,9 @@ func TestIssueCertificateForPrecertificateWithSpecificCertificateProfile(t *test OrderID: 0, CertProfileName: selectedProfile, } - precert, err := ca.issuePrecertificate(ctx, &issueReq) + precertDER, err := ca.issuePrecertificate(ctx, certProfile, &issueReq) test.AssertNotError(t, err, "Failed to issue precert") - parsedPrecert, err := x509.ParseCertificate(precert.DER) + parsedPrecert, err := x509.ParseCertificate(precertDER) test.AssertNotError(t, err, "Failed to parse precert") test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "precertificate", "status": "success"}, 1) test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "certificate", "status": "success"}, 0) @@ -931,15 +934,14 @@ func TestIssueCertificateForPrecertificateWithSpecificCertificateProfile(t *test } test.AssertNotError(t, err, "Failed to marshal SCT") - cert, err := ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ - DER: precert.DER, - SCTs: sctBytes, - RegistrationID: arbitraryRegID, - OrderID: 0, - CertProfileHash: certProfile.hash[:], - }) + certDER, err := ca.issueCertificateForPrecertificate(ctx, + certProfile, + precertDER, + sctBytes, + arbitraryRegID, + 0) test.AssertNotError(t, err, "Failed to issue cert from precert") - parsedCert, err := x509.ParseCertificate(cert.Der) + parsedCert, err := x509.ParseCertificate(certDER) test.AssertNotError(t, err, "Failed to parse cert") test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "certificate", "status": "success"}, 1) @@ -1023,17 +1025,18 @@ func TestIssueCertificateForPrecertificateDuplicateSerial(t *testing.T) { t.Fatal(err) } + profile := ca.certProfiles.profileByName["legacy"] issueReq := capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, OrderID: 0, CertProfileName: "legacy"} - precert, err := ca.issuePrecertificate(ctx, &issueReq) + precertDER, err := ca.issuePrecertificate(ctx, profile, &issueReq) test.AssertNotError(t, err, "Failed to issue precert") test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "precertificate", "status": "success"}, 1) - _, err = ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ - DER: precert.DER, - SCTs: sctBytes, - RegistrationID: arbitraryRegID, - OrderID: 0, - CertProfileHash: ca.certProfiles.profileByName["legacy"].hash[:], - }) + _, err = ca.issueCertificateForPrecertificate(ctx, + profile, + precertDER, + sctBytes, + arbitraryRegID, + 0, + ) if err == nil { t.Error("Expected error issuing duplicate serial but got none.") } @@ -1061,13 +1064,12 @@ func TestIssueCertificateForPrecertificateDuplicateSerial(t *testing.T) { testCtx.fc) test.AssertNotError(t, err, "Failed to create CA") - _, err = errorca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ - DER: precert.DER, - SCTs: sctBytes, - RegistrationID: arbitraryRegID, - OrderID: 0, - CertProfileHash: ca.certProfiles.profileByName["legacy"].hash[:], - }) + _, err = errorca.issueCertificateForPrecertificate(ctx, + profile, + precertDER, + sctBytes, + arbitraryRegID, + 0) if err == nil { t.Fatal("Expected error issuing duplicate serial but got none.") } diff --git a/ca/ocsp_test.go b/ca/ocsp_test.go index d0b4d3a20..5b32388d2 100644 --- a/ca/ocsp_test.go +++ b/ca/ocsp_test.go @@ -44,11 +44,12 @@ func TestOCSP(t *testing.T) { test.AssertNotError(t, err, "Failed to create CA") ocspi := testCtx.ocsp + profile := ca.certProfiles.profileByName["legacy"] // Issue a certificate from an RSA issuer, request OCSP from the same issuer, // and make sure it works. - rsaCertPB, err := ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}) + rsaCertDER, err := ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}) test.AssertNotError(t, err, "Failed to issue certificate") - rsaCert, err := x509.ParseCertificate(rsaCertPB.DER) + rsaCert, err := x509.ParseCertificate(rsaCertDER) test.AssertNotError(t, err, "Failed to parse rsaCert") rsaIssuerID := issuance.IssuerNameID(rsaCert) rsaOCSPPB, err := ocspi.GenerateOCSP(ctx, &capb.GenerateOCSPRequest{ @@ -69,9 +70,9 @@ func TestOCSP(t *testing.T) { // Issue a certificate from an ECDSA issuer, request OCSP from the same issuer, // and make sure it works. - ecdsaCertPB, err := ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}) + ecdsaCertDER, err := ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}) test.AssertNotError(t, err, "Failed to issue certificate") - ecdsaCert, err := x509.ParseCertificate(ecdsaCertPB.DER) + ecdsaCert, err := x509.ParseCertificate(ecdsaCertDER) test.AssertNotError(t, err, "Failed to parse ecdsaCert") ecdsaIssuerID := issuance.IssuerNameID(ecdsaCert) ecdsaOCSPPB, err := ocspi.GenerateOCSP(ctx, &capb.GenerateOCSPRequest{ diff --git a/ca/proto/ca.pb.go b/ca/proto/ca.pb.go index 393f66663..3249e3243 100644 --- a/ca/proto/ca.pb.go +++ b/ca/proto/ca.pb.go @@ -145,76 +145,6 @@ func (x *IssueCertificateResponse) GetDER() []byte { return nil } -type IssuePrecertificateResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Next unused field number: 4 - DER []byte `protobuf:"bytes,1,opt,name=DER,proto3" json:"DER,omitempty"` - // certProfileHash is a hash over the exported fields of a certificate profile - // to ensure that the profile remains unchanged after multiple roundtrips - // through the RA and CA. - CertProfileHash []byte `protobuf:"bytes,2,opt,name=certProfileHash,proto3" json:"certProfileHash,omitempty"` - // certProfileName is a human readable name returned back to the RA for later - // use. If IssueCertificateRequest.certProfileName was an empty string, the - // CAs default profile name will be assigned. - CertProfileName string `protobuf:"bytes,3,opt,name=certProfileName,proto3" json:"certProfileName,omitempty"` -} - -func (x *IssuePrecertificateResponse) Reset() { - *x = IssuePrecertificateResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IssuePrecertificateResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IssuePrecertificateResponse) ProtoMessage() {} - -func (x *IssuePrecertificateResponse) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IssuePrecertificateResponse.ProtoReflect.Descriptor instead. -func (*IssuePrecertificateResponse) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{2} -} - -func (x *IssuePrecertificateResponse) GetDER() []byte { - if x != nil { - return x.DER - } - return nil -} - -func (x *IssuePrecertificateResponse) GetCertProfileHash() []byte { - if x != nil { - return x.CertProfileHash - } - return nil -} - -func (x *IssuePrecertificateResponse) GetCertProfileName() string { - if x != nil { - return x.CertProfileName - } - return "" -} - type IssueCertificateForPrecertificateRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -234,7 +164,7 @@ type IssueCertificateForPrecertificateRequest struct { func (x *IssueCertificateForPrecertificateRequest) Reset() { *x = IssueCertificateForPrecertificateRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[3] + mi := &file_ca_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -247,7 +177,7 @@ func (x *IssueCertificateForPrecertificateRequest) String() string { func (*IssueCertificateForPrecertificateRequest) ProtoMessage() {} func (x *IssueCertificateForPrecertificateRequest) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[3] + mi := &file_ca_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -260,7 +190,7 @@ func (x *IssueCertificateForPrecertificateRequest) ProtoReflect() protoreflect.M // Deprecated: Use IssueCertificateForPrecertificateRequest.ProtoReflect.Descriptor instead. func (*IssueCertificateForPrecertificateRequest) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{3} + return file_ca_proto_rawDescGZIP(), []int{2} } func (x *IssueCertificateForPrecertificateRequest) GetDER() []byte { @@ -315,7 +245,7 @@ type GenerateOCSPRequest struct { func (x *GenerateOCSPRequest) Reset() { *x = GenerateOCSPRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[4] + mi := &file_ca_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -328,7 +258,7 @@ func (x *GenerateOCSPRequest) String() string { func (*GenerateOCSPRequest) ProtoMessage() {} func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[4] + mi := &file_ca_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -341,7 +271,7 @@ func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GenerateOCSPRequest.ProtoReflect.Descriptor instead. func (*GenerateOCSPRequest) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{4} + return file_ca_proto_rawDescGZIP(), []int{3} } func (x *GenerateOCSPRequest) GetStatus() string { @@ -390,7 +320,7 @@ type OCSPResponse struct { func (x *OCSPResponse) Reset() { *x = OCSPResponse{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[5] + mi := &file_ca_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -403,7 +333,7 @@ func (x *OCSPResponse) String() string { func (*OCSPResponse) ProtoMessage() {} func (x *OCSPResponse) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[5] + mi := &file_ca_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -416,7 +346,7 @@ func (x *OCSPResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use OCSPResponse.ProtoReflect.Descriptor instead. func (*OCSPResponse) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{5} + return file_ca_proto_rawDescGZIP(), []int{4} } func (x *OCSPResponse) GetResponse() []byte { @@ -441,7 +371,7 @@ type GenerateCRLRequest struct { func (x *GenerateCRLRequest) Reset() { *x = GenerateCRLRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[6] + mi := &file_ca_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -454,7 +384,7 @@ func (x *GenerateCRLRequest) String() string { func (*GenerateCRLRequest) ProtoMessage() {} func (x *GenerateCRLRequest) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[6] + mi := &file_ca_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -467,7 +397,7 @@ func (x *GenerateCRLRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GenerateCRLRequest.ProtoReflect.Descriptor instead. func (*GenerateCRLRequest) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{6} + return file_ca_proto_rawDescGZIP(), []int{5} } func (m *GenerateCRLRequest) GetPayload() isGenerateCRLRequest_Payload { @@ -521,7 +451,7 @@ type CRLMetadata struct { func (x *CRLMetadata) Reset() { *x = CRLMetadata{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[7] + mi := &file_ca_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -534,7 +464,7 @@ func (x *CRLMetadata) String() string { func (*CRLMetadata) ProtoMessage() {} func (x *CRLMetadata) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[7] + mi := &file_ca_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -547,7 +477,7 @@ func (x *CRLMetadata) ProtoReflect() protoreflect.Message { // Deprecated: Use CRLMetadata.ProtoReflect.Descriptor instead. func (*CRLMetadata) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{7} + return file_ca_proto_rawDescGZIP(), []int{6} } func (x *CRLMetadata) GetIssuerNameID() int64 { @@ -582,7 +512,7 @@ type GenerateCRLResponse struct { func (x *GenerateCRLResponse) Reset() { *x = GenerateCRLResponse{} if protoimpl.UnsafeEnabled { - mi := &file_ca_proto_msgTypes[8] + mi := &file_ca_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -595,7 +525,7 @@ func (x *GenerateCRLResponse) String() string { func (*GenerateCRLResponse) ProtoMessage() {} func (x *GenerateCRLResponse) ProtoReflect() protoreflect.Message { - mi := &file_ca_proto_msgTypes[8] + mi := &file_ca_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -608,7 +538,7 @@ func (x *GenerateCRLResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GenerateCRLResponse.ProtoReflect.Descriptor instead. func (*GenerateCRLResponse) Descriptor() ([]byte, []int) { - return file_ca_proto_rawDescGZIP(), []int{8} + return file_ca_proto_rawDescGZIP(), []int{7} } func (x *GenerateCRLResponse) GetChunk() []byte { @@ -638,81 +568,73 @@ var file_ca_proto_rawDesc = []byte{ 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2c, 0x0a, 0x18, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x03, 0x44, 0x45, 0x52, 0x22, 0x83, 0x01, 0x0a, 0x1b, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, - 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, - 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, - 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, - 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, - 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xbc, 0x01, 0x0a, 0x28, 0x49, - 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, - 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x43, 0x54, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x04, 0x53, 0x43, 0x54, 0x73, 0x12, 0x26, 0x0a, - 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, - 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, - 0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, - 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x22, 0xb9, 0x01, 0x0a, 0x13, 0x47, 0x65, - 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, - 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, - 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, - 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, - 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x4a, - 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2a, 0x0a, 0x0c, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x76, 0x0a, 0x12, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, - 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x61, 0x2e, 0x43, - 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x08, 0x6d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x26, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x48, 0x00, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x09, - 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x8f, 0x01, 0x0a, 0x0b, 0x43, 0x52, - 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, - 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, 0x3a, 0x0a, - 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x74, - 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, - 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, - 0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x2b, 0x0a, 0x13, 0x47, - 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x32, 0x67, 0x0a, 0x14, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x12, 0x4f, 0x0a, 0x10, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, + 0x03, 0x44, 0x45, 0x52, 0x22, 0xbc, 0x01, 0x0a, 0x28, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x00, 0x32, 0x4c, 0x0a, 0x0d, 0x4f, 0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, - 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, - 0x53, 0x50, 0x12, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, - 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, - 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x32, - 0x54, 0x0a, 0x0c, 0x43, 0x52, 0x4c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, - 0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, 0x16, - 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, - 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, - 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, + 0x44, 0x45, 0x52, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x43, 0x54, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0c, 0x52, 0x04, 0x53, 0x43, 0x54, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, + 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, + 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, + 0x61, 0x73, 0x68, 0x22, 0xb9, 0x01, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, + 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x72, + 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, + 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, + 0x2a, 0x0a, 0x0c, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x76, 0x0a, 0x12, 0x47, + 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x2d, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x61, 0x2e, 0x43, 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x12, 0x26, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x48, + 0x00, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, + 0x6f, 0x61, 0x64, 0x22, 0x8f, 0x01, 0x0a, 0x0b, 0x43, 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, + 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, + 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, 0x3a, 0x0a, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, + 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, + 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x2b, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, + 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, + 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x63, 0x68, 0x75, + 0x6e, 0x6b, 0x32, 0x67, 0x0a, 0x14, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x4f, 0x0a, 0x10, 0x49, 0x73, + 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, + 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x61, + 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x32, 0x4c, 0x0a, 0x0d, 0x4f, + 0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x0c, + 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x63, + 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x32, 0x54, 0x0a, 0x0c, 0x43, 0x52, 0x4c, + 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e, + 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, 0x16, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, + 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, + 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, + 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, + 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, + 0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -727,36 +649,35 @@ func file_ca_proto_rawDescGZIP() []byte { return file_ca_proto_rawDescData } -var file_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 9) +var file_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 8) var file_ca_proto_goTypes = []interface{}{ (*IssueCertificateRequest)(nil), // 0: ca.IssueCertificateRequest (*IssueCertificateResponse)(nil), // 1: ca.IssueCertificateResponse - (*IssuePrecertificateResponse)(nil), // 2: ca.IssuePrecertificateResponse - (*IssueCertificateForPrecertificateRequest)(nil), // 3: ca.IssueCertificateForPrecertificateRequest - (*GenerateOCSPRequest)(nil), // 4: ca.GenerateOCSPRequest - (*OCSPResponse)(nil), // 5: ca.OCSPResponse - (*GenerateCRLRequest)(nil), // 6: ca.GenerateCRLRequest - (*CRLMetadata)(nil), // 7: ca.CRLMetadata - (*GenerateCRLResponse)(nil), // 8: ca.GenerateCRLResponse - (*timestamppb.Timestamp)(nil), // 9: google.protobuf.Timestamp - (*proto.CRLEntry)(nil), // 10: core.CRLEntry + (*IssueCertificateForPrecertificateRequest)(nil), // 2: ca.IssueCertificateForPrecertificateRequest + (*GenerateOCSPRequest)(nil), // 3: ca.GenerateOCSPRequest + (*OCSPResponse)(nil), // 4: ca.OCSPResponse + (*GenerateCRLRequest)(nil), // 5: ca.GenerateCRLRequest + (*CRLMetadata)(nil), // 6: ca.CRLMetadata + (*GenerateCRLResponse)(nil), // 7: ca.GenerateCRLResponse + (*timestamppb.Timestamp)(nil), // 8: google.protobuf.Timestamp + (*proto.CRLEntry)(nil), // 9: core.CRLEntry } var file_ca_proto_depIdxs = []int32{ - 9, // 0: ca.GenerateOCSPRequest.revokedAt:type_name -> google.protobuf.Timestamp - 7, // 1: ca.GenerateCRLRequest.metadata:type_name -> ca.CRLMetadata - 10, // 2: ca.GenerateCRLRequest.entry:type_name -> core.CRLEntry - 9, // 3: ca.CRLMetadata.thisUpdate:type_name -> google.protobuf.Timestamp - 0, // 4: ca.CertificateAuthority.IssueCertificate:input_type -> ca.IssueCertificateRequest - 4, // 5: ca.OCSPGenerator.GenerateOCSP:input_type -> ca.GenerateOCSPRequest - 6, // 6: ca.CRLGenerator.GenerateCRL:input_type -> ca.GenerateCRLRequest - 1, // 7: ca.CertificateAuthority.IssueCertificate:output_type -> ca.IssueCertificateResponse - 5, // 8: ca.OCSPGenerator.GenerateOCSP:output_type -> ca.OCSPResponse - 8, // 9: ca.CRLGenerator.GenerateCRL:output_type -> ca.GenerateCRLResponse - 7, // [7:10] is the sub-list for method output_type - 4, // [4:7] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name + 8, // 0: ca.GenerateOCSPRequest.revokedAt:type_name -> google.protobuf.Timestamp + 6, // 1: ca.GenerateCRLRequest.metadata:type_name -> ca.CRLMetadata + 9, // 2: ca.GenerateCRLRequest.entry:type_name -> core.CRLEntry + 8, // 3: ca.CRLMetadata.thisUpdate:type_name -> google.protobuf.Timestamp + 0, // 4: ca.CertificateAuthority.IssueCertificate:input_type -> ca.IssueCertificateRequest + 3, // 5: ca.OCSPGenerator.GenerateOCSP:input_type -> ca.GenerateOCSPRequest + 5, // 6: ca.CRLGenerator.GenerateCRL:input_type -> ca.GenerateCRLRequest + 1, // 7: ca.CertificateAuthority.IssueCertificate:output_type -> ca.IssueCertificateResponse + 4, // 8: ca.OCSPGenerator.GenerateOCSP:output_type -> ca.OCSPResponse + 7, // 9: ca.CRLGenerator.GenerateCRL:output_type -> ca.GenerateCRLResponse + 7, // [7:10] is the sub-list for method output_type + 4, // [4:7] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name } func init() { file_ca_proto_init() } @@ -790,18 +711,6 @@ func file_ca_proto_init() { } } file_ca_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IssuePrecertificateResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_ca_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*IssueCertificateForPrecertificateRequest); i { case 0: return &v.state @@ -813,7 +722,7 @@ func file_ca_proto_init() { return nil } } - file_ca_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_ca_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GenerateOCSPRequest); i { case 0: return &v.state @@ -825,7 +734,7 @@ func file_ca_proto_init() { return nil } } - file_ca_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_ca_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*OCSPResponse); i { case 0: return &v.state @@ -837,7 +746,7 @@ func file_ca_proto_init() { return nil } } - file_ca_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_ca_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GenerateCRLRequest); i { case 0: return &v.state @@ -849,7 +758,7 @@ func file_ca_proto_init() { return nil } } - file_ca_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_ca_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CRLMetadata); i { case 0: return &v.state @@ -861,7 +770,7 @@ func file_ca_proto_init() { return nil } } - file_ca_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_ca_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GenerateCRLResponse); i { case 0: return &v.state @@ -874,7 +783,7 @@ func file_ca_proto_init() { } } } - file_ca_proto_msgTypes[6].OneofWrappers = []interface{}{ + file_ca_proto_msgTypes[5].OneofWrappers = []interface{}{ (*GenerateCRLRequest_Metadata)(nil), (*GenerateCRLRequest_Entry)(nil), } @@ -884,7 +793,7 @@ func file_ca_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_ca_proto_rawDesc, NumEnums: 0, - NumMessages: 9, + NumMessages: 8, NumExtensions: 0, NumServices: 3, }, diff --git a/ca/proto/ca.proto b/ca/proto/ca.proto index 6459b501c..053e63560 100644 --- a/ca/proto/ca.proto +++ b/ca/proto/ca.proto @@ -30,21 +30,6 @@ message IssueCertificateResponse { bytes DER = 1; } -message IssuePrecertificateResponse { - // Next unused field number: 4 - bytes DER = 1; - - // certProfileHash is a hash over the exported fields of a certificate profile - // to ensure that the profile remains unchanged after multiple roundtrips - // through the RA and CA. - bytes certProfileHash = 2; - - // certProfileName is a human readable name returned back to the RA for later - // use. If IssueCertificateRequest.certProfileName was an empty string, the - // CAs default profile name will be assigned. - string certProfileName = 3; -} - message IssueCertificateForPrecertificateRequest { // Next unused field number: 6 bytes DER = 1; diff --git a/mocks/ca.go b/mocks/ca.go index e2999b363..6494d09fb 100644 --- a/mocks/ca.go +++ b/mocks/ca.go @@ -2,17 +2,13 @@ package mocks import ( "context" - "crypto/sha256" "crypto/x509" "encoding/pem" "fmt" - "time" "google.golang.org/grpc" - "google.golang.org/protobuf/types/known/timestamppb" capb "github.com/letsencrypt/boulder/ca/proto" - corepb "github.com/letsencrypt/boulder/core/proto" ) // MockCA is a mock of a CA that always returns the cert from PEM in response to @@ -23,54 +19,15 @@ type MockCA struct { // IssueCertificate is a mock func (ca *MockCA) IssueCertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssueCertificateResponse, error) { - precert, err := ca.issuePrecertificate(ctx, req) - if err != nil { - return nil, err - } - cert, err := ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{ - DER: precert.DER, - SCTs: nil, - RegistrationID: req.RegistrationID, - OrderID: req.OrderID, - CertProfileHash: precert.CertProfileHash, - }) - if err != nil { - return nil, err - } - return &capb.IssueCertificateResponse{DER: cert.Der}, nil -} - -// issuePrecertificate is a mock -func (ca *MockCA) issuePrecertificate(_ context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) { if ca.PEM == nil { return nil, fmt.Errorf("MockCA's PEM field must be set before calling IssueCertificate") } block, _ := pem.Decode(ca.PEM) - cert, err := x509.ParseCertificate(block.Bytes) + sampleDER, err := x509.ParseCertificate(block.Bytes) if err != nil { return nil, err } - profHash := sha256.Sum256([]byte(req.CertProfileName)) - return &capb.IssuePrecertificateResponse{ - DER: cert.Raw, - CertProfileHash: profHash[:8], - CertProfileName: req.CertProfileName, - }, nil -} - -// issueCertificateForPrecertificate is a mock -func (ca *MockCA) issueCertificateForPrecertificate(_ context.Context, req *capb.IssueCertificateForPrecertificateRequest, _ ...grpc.CallOption) (*corepb.Certificate, error) { //nolint:unparam // `error` is always nil - now := time.Now() - expires := now.Add(1 * time.Hour) - - return &corepb.Certificate{ - Der: req.DER, - RegistrationID: 1, - Serial: "mock", - Digest: "mock", - Issued: timestamppb.New(now), - Expires: timestamppb.New(expires), - }, nil + return &capb.IssueCertificateResponse{DER: sampleDER.Raw}, nil } type MockOCSPGenerator struct{} diff --git a/ra/ra_test.go b/ra/ra_test.go index 9949b460f..068b4f9cc 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -3234,14 +3234,6 @@ func (ca *MockCARecordingProfile) IssueCertificate(ctx context.Context, req *cap return ca.inner.IssueCertificate(ctx, req) } -func (ca *MockCARecordingProfile) IssuePrecertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) { - return nil, errors.New("nope") -} - -func (ca *MockCARecordingProfile) IssueCertificateForPrecertificate(ctx context.Context, req *capb.IssueCertificateForPrecertificateRequest, _ ...grpc.CallOption) (*corepb.Certificate, error) { - return nil, errors.New("nope") -} - type mockSAWithFinalize struct { sapb.StorageAuthorityClient }