ca: Remove IssuePrecertificateResponse (#8115)
Instead, simply return DER bytes from `issuePrecertificate`, and accept regular parameters to `issueCertificateForPrecertificate` (instead of a proto message). Also, move the lookup of the certificate profile up to `IssueCertificate`, and pass the selected `*certProfileWithId` to both `issuePrecertificate` and `issueCertificateForPrecertificate`. Also, change `issueCertificateForPrecertificate` to just return DER, not a `*corepb.Certificate` (of which most fields were already being ignored).
This commit is contained in:
Jacob Hoffman-Andrews
GitHub
parent
203c836925
commit
d800055fe6
94
ca/ca.go
94
ca/ca.go
|
|
@ -32,7 +32,6 @@ import (
|
|||
|
||||
capb "github.com/letsencrypt/boulder/ca/proto"
|
||||
"github.com/letsencrypt/boulder/core"
|
||||
corepb "github.com/letsencrypt/boulder/core/proto"
|
||||
csrlib "github.com/letsencrypt/boulder/csr"
|
||||
berrors "github.com/letsencrypt/boulder/errors"
|
||||
"github.com/letsencrypt/boulder/goodkey"
|
||||
|
|
@ -304,22 +303,15 @@ var ocspStatusToCode = map[string]int{
|
|||
// certificate profile. The certificate profile is identified by a hash to ensure an exact match even if
|
||||
// the configuration for a specific profile _name_ changes.
|
||||
//
|
||||
// Returns precertificate DER.
|
||||
//
|
||||
// [issuance cycle]: https://github.com/letsencrypt/boulder/blob/main/docs/ISSUANCE-CYCLE.md
|
||||
func (ca *certificateAuthorityImpl) issuePrecertificate(ctx context.Context, issueReq *capb.IssueCertificateRequest) (*capb.IssuePrecertificateResponse, error) {
|
||||
func (ca *certificateAuthorityImpl) issuePrecertificate(ctx context.Context, certProfile *certProfileWithID, issueReq *capb.IssueCertificateRequest) ([]byte, error) {
|
||||
// issueReq.orderID may be zero, for ACMEv1 requests.
|
||||
if core.IsAnyNilOrZero(issueReq, issueReq.Csr, issueReq.RegistrationID, issueReq.CertProfileName) {
|
||||
if core.IsAnyNilOrZero(issueReq, issueReq.Csr, issueReq.RegistrationID) {
|
||||
return nil, berrors.InternalServerError("Incomplete issue certificate request")
|
||||
}
|
||||
|
||||
// The CA must check if it is capable of issuing for the given certificate
|
||||
// profile name. We check the name here, because the RA is not able to
|
||||
// precompute profile hashes. All issuance requests must come with a profile
|
||||
// name, and the RA handles selecting the default.
|
||||
certProfile, ok := ca.certProfiles.profileByName[issueReq.CertProfileName]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("the CA is incapable of using a profile named %s", issueReq.CertProfileName)
|
||||
}
|
||||
|
||||
serialBigInt, err := ca.generateSerialNumber()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -339,7 +331,7 @@ func (ca *certificateAuthorityImpl) issuePrecertificate(ctx context.Context, iss
|
|||
return nil, err
|
||||
}
|
||||
|
||||
precertDER, cpwid, err := ca.issuePrecertificateInner(ctx, issueReq, certProfile, serialBigInt, notBefore, notAfter)
|
||||
precertDER, _, err := ca.issuePrecertificateInner(ctx, issueReq, certProfile, serialBigInt, notBefore, notAfter)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -349,39 +341,35 @@ func (ca *certificateAuthorityImpl) issuePrecertificate(ctx context.Context, iss
|
|||
return nil, err
|
||||
}
|
||||
|
||||
return &capb.IssuePrecertificateResponse{
|
||||
DER: precertDER,
|
||||
CertProfileName: cpwid.name,
|
||||
CertProfileHash: cpwid.hash[:],
|
||||
}, nil
|
||||
return precertDER, nil
|
||||
}
|
||||
|
||||
func (ca *certificateAuthorityImpl) IssueCertificate(ctx context.Context, issueReq *capb.IssueCertificateRequest) (*capb.IssueCertificateResponse, error) {
|
||||
if ca.sctClient == nil {
|
||||
return nil, errors.New("IssueCertificate called with a nil SCT service")
|
||||
}
|
||||
precert, err := ca.issuePrecertificate(ctx, issueReq)
|
||||
|
||||
// All issuance requests must come with a profile name, and the RA handles selecting the default.
|
||||
certProfile, ok := ca.certProfiles.profileByName[issueReq.CertProfileName]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("the CA is incapable of using a profile named %s", issueReq.CertProfileName)
|
||||
}
|
||||
precertDER, err := ca.issuePrecertificate(ctx, certProfile, issueReq)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
scts, err := ca.sctClient.GetSCTs(ctx, &rapb.SCTRequest{PrecertDER: precert.DER})
|
||||
scts, err := ca.sctClient.GetSCTs(ctx, &rapb.SCTRequest{PrecertDER: precertDER})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cert, err := ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
|
||||
DER: precert.DER,
|
||||
SCTs: scts.SctDER,
|
||||
RegistrationID: issueReq.RegistrationID,
|
||||
OrderID: issueReq.OrderID,
|
||||
CertProfileHash: precert.CertProfileHash,
|
||||
})
|
||||
certDER, err := ca.issueCertificateForPrecertificate(ctx, certProfile, precertDER, scts.SctDER, issueReq.RegistrationID, issueReq.OrderID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &capb.IssueCertificateResponse{DER: cert.Der}, nil
|
||||
return &capb.IssueCertificateResponse{DER: certDER}, nil
|
||||
}
|
||||
|
||||
// issueCertificateForPrecertificate final step in the [issuance cycle].
|
||||
// issueCertificateForPrecertificate is final step in the [issuance cycle].
|
||||
//
|
||||
// Given a precertificate and a set of SCTs for that precertificate, it generates
|
||||
// a linting final certificate, then signs a final certificate using a real issuer.
|
||||
|
|
@ -394,9 +382,8 @@ func (ca *certificateAuthorityImpl) IssueCertificate(ctx context.Context, issueR
|
|||
// different set of SCTs on subsequent calls to issueCertificateForPrecertificate.
|
||||
// We rely on the RA not to call issueCertificateForPrecertificate twice for the
|
||||
// same serial. This is accomplished by the fact that
|
||||
// issueCertificateForPrecertificate is only ever called in a straight-through
|
||||
// RPC path without retries. If there is any error, including a networking
|
||||
// error, the whole certificate issuance attempt fails and any subsequent
|
||||
// issueCertificateForPrecertificate is only ever called once per call to `IssueCertificate`.
|
||||
// If there is any error, the whole certificate issuance attempt fails and any subsequent
|
||||
// issuance will use a different serial number.
|
||||
//
|
||||
// We also check that the provided serial number does not already exist as a
|
||||
|
|
@ -404,23 +391,21 @@ func (ca *certificateAuthorityImpl) IssueCertificate(ctx context.Context, issueR
|
|||
// there could be race conditions where two goroutines are issuing for the same
|
||||
// serial number at the same time.
|
||||
//
|
||||
// Returns the final certificate's bytes as DER.
|
||||
//
|
||||
// [issuance cycle]: https://github.com/letsencrypt/boulder/blob/main/docs/ISSUANCE-CYCLE.md
|
||||
func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx context.Context, req *capb.IssueCertificateForPrecertificateRequest) (*corepb.Certificate, error) {
|
||||
// issueReq.orderID may be zero, for ACMEv1 requests.
|
||||
if core.IsAnyNilOrZero(req, req.DER, req.SCTs, req.RegistrationID, req.CertProfileHash) {
|
||||
func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx context.Context,
|
||||
certProfile *certProfileWithID,
|
||||
precertDER []byte,
|
||||
sctBytes [][]byte,
|
||||
regID int64, //nolint: unparam // unparam says "regID` always receives `arbitraryRegID` (`1001`)", which is wrong; that's just what happens in the unittests.
|
||||
orderID int64, //nolint: unparam // same as above
|
||||
) ([]byte, error) {
|
||||
if core.IsAnyNilOrZero(certProfile, precertDER, sctBytes, regID) {
|
||||
return nil, berrors.InternalServerError("Incomplete cert for precertificate request")
|
||||
}
|
||||
|
||||
// The certificate profile hash is checked here instead of the name because
|
||||
// the hash is over the entire contents of a *ProfileConfig giving assurance
|
||||
// that the certificate profile has remained unchanged during the roundtrip
|
||||
// from a CA, to the RA, then back to a (potentially different) CA node.
|
||||
certProfile, ok := ca.certProfiles.profileByHash[[32]byte(req.CertProfileHash)]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("the CA is incapable of using a profile with hash %d", req.CertProfileHash)
|
||||
}
|
||||
|
||||
precert, err := x509.ParseCertificate(req.DER)
|
||||
precert, err := x509.ParseCertificate(precertDER)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -434,9 +419,9 @@ func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx contex
|
|||
return nil, fmt.Errorf("error checking for duplicate issuance of %s: %s", serialHex, err)
|
||||
}
|
||||
var scts []ct.SignedCertificateTimestamp
|
||||
for _, sctBytes := range req.SCTs {
|
||||
for _, singleSCTBytes := range sctBytes {
|
||||
var sct ct.SignedCertificateTimestamp
|
||||
_, err = cttls.Unmarshal(sctBytes, &sct)
|
||||
_, err = cttls.Unmarshal(singleSCTBytes, &sct)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -462,10 +447,10 @@ func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx contex
|
|||
logEvent := issuanceEvent{
|
||||
IssuanceRequest: issuanceReq,
|
||||
Issuer: issuer.Name(),
|
||||
OrderID: req.OrderID,
|
||||
OrderID: orderID,
|
||||
Profile: certProfile.name,
|
||||
ProfileHash: hex.EncodeToString(certProfile.hash[:]),
|
||||
Requester: req.RegistrationID,
|
||||
Requester: regID,
|
||||
}
|
||||
ca.log.AuditObject("Signing cert", logEvent)
|
||||
|
||||
|
|
@ -497,7 +482,7 @@ func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx contex
|
|||
|
||||
_, err = ca.sa.AddCertificate(ctx, &sapb.AddCertificateRequest{
|
||||
Der: certDER,
|
||||
RegID: req.RegistrationID,
|
||||
RegID: regID,
|
||||
Issued: timestamppb.New(ca.clk.Now()),
|
||||
})
|
||||
if err != nil {
|
||||
|
|
@ -505,14 +490,7 @@ func (ca *certificateAuthorityImpl) issueCertificateForPrecertificate(ctx contex
|
|||
return nil, err
|
||||
}
|
||||
|
||||
return &corepb.Certificate{
|
||||
RegistrationID: req.RegistrationID,
|
||||
Serial: core.SerialToString(precert.SerialNumber),
|
||||
Der: certDER,
|
||||
Digest: core.Fingerprint256(certDER),
|
||||
Issued: timestamppb.New(precert.NotBefore),
|
||||
Expires: timestamppb.New(precert.NotAfter),
|
||||
}, nil
|
||||
return certDER, nil
|
||||
}
|
||||
|
||||
// generateSerialNumber produces a big.Int which has more than 64 bits of
|
||||
|
|
|
|||
|
|
@ -332,12 +332,11 @@ func TestIssuePrecertificate(t *testing.T) {
|
|||
t.Parallel()
|
||||
req, err := x509.ParseCertificateRequest(testCase.csr)
|
||||
test.AssertNotError(t, err, "Certificate request failed to parse")
|
||||
issueReq := &capb.IssueCertificateRequest{Csr: testCase.csr, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}
|
||||
issueReq := &capb.IssueCertificateRequest{Csr: testCase.csr, RegistrationID: arbitraryRegID}
|
||||
|
||||
var certDER []byte
|
||||
response, err := ca.issuePrecertificate(ctx, issueReq)
|
||||
profile := ca.certProfiles.profileByName["legacy"]
|
||||
certDER, err := ca.issuePrecertificate(ctx, profile, issueReq)
|
||||
test.AssertNotError(t, err, "Failed to issue precertificate")
|
||||
certDER = response.DER
|
||||
|
||||
cert, err := x509.ParseCertificate(certDER)
|
||||
test.AssertNotError(t, err, "Certificate failed to parse")
|
||||
|
|
@ -446,9 +445,10 @@ func TestMultipleIssuers(t *testing.T) {
|
|||
test.AssertNotError(t, err, "Failed to remake CA")
|
||||
|
||||
// Test that an RSA CSR gets issuance from an RSA issuer.
|
||||
issuedCert, err := ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"})
|
||||
profile := ca.certProfiles.profileByName["legacy"]
|
||||
issuedCertDER, err := ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID})
|
||||
test.AssertNotError(t, err, "Failed to issue certificate")
|
||||
cert, err := x509.ParseCertificate(issuedCert.DER)
|
||||
cert, err := x509.ParseCertificate(issuedCertDER)
|
||||
test.AssertNotError(t, err, "Certificate failed to parse")
|
||||
validated := false
|
||||
for _, issuer := range ca.issuers.byAlg[x509.RSA] {
|
||||
|
|
@ -462,9 +462,9 @@ func TestMultipleIssuers(t *testing.T) {
|
|||
test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "precertificate", "status": "success"}, 1)
|
||||
|
||||
// Test that an ECDSA CSR gets issuance from an ECDSA issuer.
|
||||
issuedCert, err = ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"})
|
||||
issuedCertDER, err = ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"})
|
||||
test.AssertNotError(t, err, "Failed to issue certificate")
|
||||
cert, err = x509.ParseCertificate(issuedCert.DER)
|
||||
cert, err = x509.ParseCertificate(issuedCertDER)
|
||||
test.AssertNotError(t, err, "Certificate failed to parse")
|
||||
validated = false
|
||||
for _, issuer := range ca.issuers.byAlg[x509.ECDSA] {
|
||||
|
|
@ -530,10 +530,11 @@ func TestUnpredictableIssuance(t *testing.T) {
|
|||
req := &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}
|
||||
seenE2 := false
|
||||
seenR3 := false
|
||||
profile := ca.certProfiles.profileByName["legacy"]
|
||||
for i := 0; i < 20; i++ {
|
||||
result, err := ca.issuePrecertificate(ctx, req)
|
||||
precertDER, err := ca.issuePrecertificate(ctx, profile, req)
|
||||
test.AssertNotError(t, err, "Failed to issue test certificate")
|
||||
cert, err := x509.ParseCertificate(result.DER)
|
||||
cert, err := x509.ParseCertificate(precertDER)
|
||||
test.AssertNotError(t, err, "Failed to parse test certificate")
|
||||
if strings.Contains(cert.Issuer.CommonName, "E1") {
|
||||
t.Fatal("Issued certificate from inactive issuer")
|
||||
|
|
@ -711,8 +712,9 @@ func TestInvalidCSRs(t *testing.T) {
|
|||
t.Run(testCase.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
serializedCSR := mustRead(testCase.csrPath)
|
||||
profile := ca.certProfiles.profileByName["legacy"]
|
||||
issueReq := &capb.IssueCertificateRequest{Csr: serializedCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"}
|
||||
_, err = ca.issuePrecertificate(ctx, issueReq)
|
||||
_, err = ca.issuePrecertificate(ctx, profile, issueReq)
|
||||
|
||||
test.AssertErrorIs(t, err, testCase.errorType)
|
||||
test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "cert"}, 0)
|
||||
|
|
@ -748,7 +750,8 @@ func TestRejectValidityTooLong(t *testing.T) {
|
|||
test.AssertNotError(t, err, "Failed to create CA")
|
||||
|
||||
// Test that the CA rejects CSRs that would expire after the intermediate cert
|
||||
_, err = ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"})
|
||||
profile := ca.certProfiles.profileByName["legacy"]
|
||||
_, err = ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"})
|
||||
test.AssertError(t, err, "Cannot issue a certificate that expires after the intermediate certificate")
|
||||
test.AssertErrorIs(t, err, berrors.InternalServer)
|
||||
}
|
||||
|
|
@ -840,10 +843,11 @@ func TestIssueCertificateForPrecertificate(t *testing.T) {
|
|||
testCtx.fc)
|
||||
test.AssertNotError(t, err, "Failed to create CA")
|
||||
|
||||
profile := ca.certProfiles.profileByName["legacy"]
|
||||
issueReq := capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, OrderID: 0, CertProfileName: "legacy"}
|
||||
precert, err := ca.issuePrecertificate(ctx, &issueReq)
|
||||
precertDER, err := ca.issuePrecertificate(ctx, profile, &issueReq)
|
||||
test.AssertNotError(t, err, "Failed to issue precert")
|
||||
parsedPrecert, err := x509.ParseCertificate(precert.DER)
|
||||
parsedPrecert, err := x509.ParseCertificate(precertDER)
|
||||
test.AssertNotError(t, err, "Failed to parse precert")
|
||||
test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "precertificate", "status": "success"}, 1)
|
||||
test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "certificate", "status": "success"}, 0)
|
||||
|
|
@ -860,15 +864,14 @@ func TestIssueCertificateForPrecertificate(t *testing.T) {
|
|||
}
|
||||
|
||||
test.AssertNotError(t, err, "Failed to marshal SCT")
|
||||
cert, err := ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
|
||||
DER: precert.DER,
|
||||
SCTs: sctBytes,
|
||||
RegistrationID: arbitraryRegID,
|
||||
OrderID: 0,
|
||||
CertProfileHash: precert.CertProfileHash,
|
||||
})
|
||||
certDER, err := ca.issueCertificateForPrecertificate(ctx,
|
||||
profile,
|
||||
precertDER,
|
||||
sctBytes,
|
||||
arbitraryRegID,
|
||||
0)
|
||||
test.AssertNotError(t, err, "Failed to issue cert from precert")
|
||||
parsedCert, err := x509.ParseCertificate(cert.Der)
|
||||
parsedCert, err := x509.ParseCertificate(certDER)
|
||||
test.AssertNotError(t, err, "Failed to parse cert")
|
||||
test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "certificate", "status": "success"}, 1)
|
||||
|
||||
|
|
@ -912,9 +915,9 @@ func TestIssueCertificateForPrecertificateWithSpecificCertificateProfile(t *test
|
|||
OrderID: 0,
|
||||
CertProfileName: selectedProfile,
|
||||
}
|
||||
precert, err := ca.issuePrecertificate(ctx, &issueReq)
|
||||
precertDER, err := ca.issuePrecertificate(ctx, certProfile, &issueReq)
|
||||
test.AssertNotError(t, err, "Failed to issue precert")
|
||||
parsedPrecert, err := x509.ParseCertificate(precert.DER)
|
||||
parsedPrecert, err := x509.ParseCertificate(precertDER)
|
||||
test.AssertNotError(t, err, "Failed to parse precert")
|
||||
test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "precertificate", "status": "success"}, 1)
|
||||
test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "certificate", "status": "success"}, 0)
|
||||
|
|
@ -931,15 +934,14 @@ func TestIssueCertificateForPrecertificateWithSpecificCertificateProfile(t *test
|
|||
}
|
||||
|
||||
test.AssertNotError(t, err, "Failed to marshal SCT")
|
||||
cert, err := ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
|
||||
DER: precert.DER,
|
||||
SCTs: sctBytes,
|
||||
RegistrationID: arbitraryRegID,
|
||||
OrderID: 0,
|
||||
CertProfileHash: certProfile.hash[:],
|
||||
})
|
||||
certDER, err := ca.issueCertificateForPrecertificate(ctx,
|
||||
certProfile,
|
||||
precertDER,
|
||||
sctBytes,
|
||||
arbitraryRegID,
|
||||
0)
|
||||
test.AssertNotError(t, err, "Failed to issue cert from precert")
|
||||
parsedCert, err := x509.ParseCertificate(cert.Der)
|
||||
parsedCert, err := x509.ParseCertificate(certDER)
|
||||
test.AssertNotError(t, err, "Failed to parse cert")
|
||||
test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "certificate", "status": "success"}, 1)
|
||||
|
||||
|
|
@ -1023,17 +1025,18 @@ func TestIssueCertificateForPrecertificateDuplicateSerial(t *testing.T) {
|
|||
t.Fatal(err)
|
||||
}
|
||||
|
||||
profile := ca.certProfiles.profileByName["legacy"]
|
||||
issueReq := capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, OrderID: 0, CertProfileName: "legacy"}
|
||||
precert, err := ca.issuePrecertificate(ctx, &issueReq)
|
||||
precertDER, err := ca.issuePrecertificate(ctx, profile, &issueReq)
|
||||
test.AssertNotError(t, err, "Failed to issue precert")
|
||||
test.AssertMetricWithLabelsEquals(t, ca.metrics.signatureCount, prometheus.Labels{"purpose": "precertificate", "status": "success"}, 1)
|
||||
_, err = ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
|
||||
DER: precert.DER,
|
||||
SCTs: sctBytes,
|
||||
RegistrationID: arbitraryRegID,
|
||||
OrderID: 0,
|
||||
CertProfileHash: ca.certProfiles.profileByName["legacy"].hash[:],
|
||||
})
|
||||
_, err = ca.issueCertificateForPrecertificate(ctx,
|
||||
profile,
|
||||
precertDER,
|
||||
sctBytes,
|
||||
arbitraryRegID,
|
||||
0,
|
||||
)
|
||||
if err == nil {
|
||||
t.Error("Expected error issuing duplicate serial but got none.")
|
||||
}
|
||||
|
|
@ -1061,13 +1064,12 @@ func TestIssueCertificateForPrecertificateDuplicateSerial(t *testing.T) {
|
|||
testCtx.fc)
|
||||
test.AssertNotError(t, err, "Failed to create CA")
|
||||
|
||||
_, err = errorca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
|
||||
DER: precert.DER,
|
||||
SCTs: sctBytes,
|
||||
RegistrationID: arbitraryRegID,
|
||||
OrderID: 0,
|
||||
CertProfileHash: ca.certProfiles.profileByName["legacy"].hash[:],
|
||||
})
|
||||
_, err = errorca.issueCertificateForPrecertificate(ctx,
|
||||
profile,
|
||||
precertDER,
|
||||
sctBytes,
|
||||
arbitraryRegID,
|
||||
0)
|
||||
if err == nil {
|
||||
t.Fatal("Expected error issuing duplicate serial but got none.")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,11 +44,12 @@ func TestOCSP(t *testing.T) {
|
|||
test.AssertNotError(t, err, "Failed to create CA")
|
||||
ocspi := testCtx.ocsp
|
||||
|
||||
profile := ca.certProfiles.profileByName["legacy"]
|
||||
// Issue a certificate from an RSA issuer, request OCSP from the same issuer,
|
||||
// and make sure it works.
|
||||
rsaCertPB, err := ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"})
|
||||
rsaCertDER, err := ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: CNandSANCSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"})
|
||||
test.AssertNotError(t, err, "Failed to issue certificate")
|
||||
rsaCert, err := x509.ParseCertificate(rsaCertPB.DER)
|
||||
rsaCert, err := x509.ParseCertificate(rsaCertDER)
|
||||
test.AssertNotError(t, err, "Failed to parse rsaCert")
|
||||
rsaIssuerID := issuance.IssuerNameID(rsaCert)
|
||||
rsaOCSPPB, err := ocspi.GenerateOCSP(ctx, &capb.GenerateOCSPRequest{
|
||||
|
|
@ -69,9 +70,9 @@ func TestOCSP(t *testing.T) {
|
|||
|
||||
// Issue a certificate from an ECDSA issuer, request OCSP from the same issuer,
|
||||
// and make sure it works.
|
||||
ecdsaCertPB, err := ca.issuePrecertificate(ctx, &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"})
|
||||
ecdsaCertDER, err := ca.issuePrecertificate(ctx, profile, &capb.IssueCertificateRequest{Csr: ECDSACSR, RegistrationID: arbitraryRegID, CertProfileName: "legacy"})
|
||||
test.AssertNotError(t, err, "Failed to issue certificate")
|
||||
ecdsaCert, err := x509.ParseCertificate(ecdsaCertPB.DER)
|
||||
ecdsaCert, err := x509.ParseCertificate(ecdsaCertDER)
|
||||
test.AssertNotError(t, err, "Failed to parse ecdsaCert")
|
||||
ecdsaIssuerID := issuance.IssuerNameID(ecdsaCert)
|
||||
ecdsaOCSPPB, err := ocspi.GenerateOCSP(ctx, &capb.GenerateOCSPRequest{
|
||||
|
|
|
|||
|
|
@ -145,76 +145,6 @@ func (x *IssueCertificateResponse) GetDER() []byte {
|
|||
return nil
|
||||
}
|
||||
|
||||
type IssuePrecertificateResponse struct {
|
||||
state protoimpl.MessageState
|
||||
sizeCache protoimpl.SizeCache
|
||||
unknownFields protoimpl.UnknownFields
|
||||
|
||||
// Next unused field number: 4
|
||||
DER []byte `protobuf:"bytes,1,opt,name=DER,proto3" json:"DER,omitempty"`
|
||||
// certProfileHash is a hash over the exported fields of a certificate profile
|
||||
// to ensure that the profile remains unchanged after multiple roundtrips
|
||||
// through the RA and CA.
|
||||
CertProfileHash []byte `protobuf:"bytes,2,opt,name=certProfileHash,proto3" json:"certProfileHash,omitempty"`
|
||||
// certProfileName is a human readable name returned back to the RA for later
|
||||
// use. If IssueCertificateRequest.certProfileName was an empty string, the
|
||||
// CAs default profile name will be assigned.
|
||||
CertProfileName string `protobuf:"bytes,3,opt,name=certProfileName,proto3" json:"certProfileName,omitempty"`
|
||||
}
|
||||
|
||||
func (x *IssuePrecertificateResponse) Reset() {
|
||||
*x = IssuePrecertificateResponse{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_ca_proto_msgTypes[2]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
}
|
||||
|
||||
func (x *IssuePrecertificateResponse) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*IssuePrecertificateResponse) ProtoMessage() {}
|
||||
|
||||
func (x *IssuePrecertificateResponse) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_ca_proto_msgTypes[2]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use IssuePrecertificateResponse.ProtoReflect.Descriptor instead.
|
||||
func (*IssuePrecertificateResponse) Descriptor() ([]byte, []int) {
|
||||
return file_ca_proto_rawDescGZIP(), []int{2}
|
||||
}
|
||||
|
||||
func (x *IssuePrecertificateResponse) GetDER() []byte {
|
||||
if x != nil {
|
||||
return x.DER
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (x *IssuePrecertificateResponse) GetCertProfileHash() []byte {
|
||||
if x != nil {
|
||||
return x.CertProfileHash
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (x *IssuePrecertificateResponse) GetCertProfileName() string {
|
||||
if x != nil {
|
||||
return x.CertProfileName
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
type IssueCertificateForPrecertificateRequest struct {
|
||||
state protoimpl.MessageState
|
||||
sizeCache protoimpl.SizeCache
|
||||
|
|
@ -234,7 +164,7 @@ type IssueCertificateForPrecertificateRequest struct {
|
|||
func (x *IssueCertificateForPrecertificateRequest) Reset() {
|
||||
*x = IssueCertificateForPrecertificateRequest{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_ca_proto_msgTypes[3]
|
||||
mi := &file_ca_proto_msgTypes[2]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
|
@ -247,7 +177,7 @@ func (x *IssueCertificateForPrecertificateRequest) String() string {
|
|||
func (*IssueCertificateForPrecertificateRequest) ProtoMessage() {}
|
||||
|
||||
func (x *IssueCertificateForPrecertificateRequest) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_ca_proto_msgTypes[3]
|
||||
mi := &file_ca_proto_msgTypes[2]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
|
|
@ -260,7 +190,7 @@ func (x *IssueCertificateForPrecertificateRequest) ProtoReflect() protoreflect.M
|
|||
|
||||
// Deprecated: Use IssueCertificateForPrecertificateRequest.ProtoReflect.Descriptor instead.
|
||||
func (*IssueCertificateForPrecertificateRequest) Descriptor() ([]byte, []int) {
|
||||
return file_ca_proto_rawDescGZIP(), []int{3}
|
||||
return file_ca_proto_rawDescGZIP(), []int{2}
|
||||
}
|
||||
|
||||
func (x *IssueCertificateForPrecertificateRequest) GetDER() []byte {
|
||||
|
|
@ -315,7 +245,7 @@ type GenerateOCSPRequest struct {
|
|||
func (x *GenerateOCSPRequest) Reset() {
|
||||
*x = GenerateOCSPRequest{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_ca_proto_msgTypes[4]
|
||||
mi := &file_ca_proto_msgTypes[3]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
|
@ -328,7 +258,7 @@ func (x *GenerateOCSPRequest) String() string {
|
|||
func (*GenerateOCSPRequest) ProtoMessage() {}
|
||||
|
||||
func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_ca_proto_msgTypes[4]
|
||||
mi := &file_ca_proto_msgTypes[3]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
|
|
@ -341,7 +271,7 @@ func (x *GenerateOCSPRequest) ProtoReflect() protoreflect.Message {
|
|||
|
||||
// Deprecated: Use GenerateOCSPRequest.ProtoReflect.Descriptor instead.
|
||||
func (*GenerateOCSPRequest) Descriptor() ([]byte, []int) {
|
||||
return file_ca_proto_rawDescGZIP(), []int{4}
|
||||
return file_ca_proto_rawDescGZIP(), []int{3}
|
||||
}
|
||||
|
||||
func (x *GenerateOCSPRequest) GetStatus() string {
|
||||
|
|
@ -390,7 +320,7 @@ type OCSPResponse struct {
|
|||
func (x *OCSPResponse) Reset() {
|
||||
*x = OCSPResponse{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_ca_proto_msgTypes[5]
|
||||
mi := &file_ca_proto_msgTypes[4]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
|
@ -403,7 +333,7 @@ func (x *OCSPResponse) String() string {
|
|||
func (*OCSPResponse) ProtoMessage() {}
|
||||
|
||||
func (x *OCSPResponse) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_ca_proto_msgTypes[5]
|
||||
mi := &file_ca_proto_msgTypes[4]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
|
|
@ -416,7 +346,7 @@ func (x *OCSPResponse) ProtoReflect() protoreflect.Message {
|
|||
|
||||
// Deprecated: Use OCSPResponse.ProtoReflect.Descriptor instead.
|
||||
func (*OCSPResponse) Descriptor() ([]byte, []int) {
|
||||
return file_ca_proto_rawDescGZIP(), []int{5}
|
||||
return file_ca_proto_rawDescGZIP(), []int{4}
|
||||
}
|
||||
|
||||
func (x *OCSPResponse) GetResponse() []byte {
|
||||
|
|
@ -441,7 +371,7 @@ type GenerateCRLRequest struct {
|
|||
func (x *GenerateCRLRequest) Reset() {
|
||||
*x = GenerateCRLRequest{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_ca_proto_msgTypes[6]
|
||||
mi := &file_ca_proto_msgTypes[5]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
|
@ -454,7 +384,7 @@ func (x *GenerateCRLRequest) String() string {
|
|||
func (*GenerateCRLRequest) ProtoMessage() {}
|
||||
|
||||
func (x *GenerateCRLRequest) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_ca_proto_msgTypes[6]
|
||||
mi := &file_ca_proto_msgTypes[5]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
|
|
@ -467,7 +397,7 @@ func (x *GenerateCRLRequest) ProtoReflect() protoreflect.Message {
|
|||
|
||||
// Deprecated: Use GenerateCRLRequest.ProtoReflect.Descriptor instead.
|
||||
func (*GenerateCRLRequest) Descriptor() ([]byte, []int) {
|
||||
return file_ca_proto_rawDescGZIP(), []int{6}
|
||||
return file_ca_proto_rawDescGZIP(), []int{5}
|
||||
}
|
||||
|
||||
func (m *GenerateCRLRequest) GetPayload() isGenerateCRLRequest_Payload {
|
||||
|
|
@ -521,7 +451,7 @@ type CRLMetadata struct {
|
|||
func (x *CRLMetadata) Reset() {
|
||||
*x = CRLMetadata{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_ca_proto_msgTypes[7]
|
||||
mi := &file_ca_proto_msgTypes[6]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
|
@ -534,7 +464,7 @@ func (x *CRLMetadata) String() string {
|
|||
func (*CRLMetadata) ProtoMessage() {}
|
||||
|
||||
func (x *CRLMetadata) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_ca_proto_msgTypes[7]
|
||||
mi := &file_ca_proto_msgTypes[6]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
|
|
@ -547,7 +477,7 @@ func (x *CRLMetadata) ProtoReflect() protoreflect.Message {
|
|||
|
||||
// Deprecated: Use CRLMetadata.ProtoReflect.Descriptor instead.
|
||||
func (*CRLMetadata) Descriptor() ([]byte, []int) {
|
||||
return file_ca_proto_rawDescGZIP(), []int{7}
|
||||
return file_ca_proto_rawDescGZIP(), []int{6}
|
||||
}
|
||||
|
||||
func (x *CRLMetadata) GetIssuerNameID() int64 {
|
||||
|
|
@ -582,7 +512,7 @@ type GenerateCRLResponse struct {
|
|||
func (x *GenerateCRLResponse) Reset() {
|
||||
*x = GenerateCRLResponse{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_ca_proto_msgTypes[8]
|
||||
mi := &file_ca_proto_msgTypes[7]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
|
@ -595,7 +525,7 @@ func (x *GenerateCRLResponse) String() string {
|
|||
func (*GenerateCRLResponse) ProtoMessage() {}
|
||||
|
||||
func (x *GenerateCRLResponse) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_ca_proto_msgTypes[8]
|
||||
mi := &file_ca_proto_msgTypes[7]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
|
|
@ -608,7 +538,7 @@ func (x *GenerateCRLResponse) ProtoReflect() protoreflect.Message {
|
|||
|
||||
// Deprecated: Use GenerateCRLResponse.ProtoReflect.Descriptor instead.
|
||||
func (*GenerateCRLResponse) Descriptor() ([]byte, []int) {
|
||||
return file_ca_proto_rawDescGZIP(), []int{8}
|
||||
return file_ca_proto_rawDescGZIP(), []int{7}
|
||||
}
|
||||
|
||||
func (x *GenerateCRLResponse) GetChunk() []byte {
|
||||
|
|
@ -638,81 +568,73 @@ var file_ca_proto_rawDesc = []byte{
|
|||
0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2c, 0x0a, 0x18, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43,
|
||||
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
|
||||
0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
|
||||
0x03, 0x44, 0x45, 0x52, 0x22, 0x83, 0x01, 0x0a, 0x1b, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72,
|
||||
0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70,
|
||||
0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28,
|
||||
0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72,
|
||||
0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52,
|
||||
0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68,
|
||||
0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e,
|
||||
0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50,
|
||||
0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xbc, 0x01, 0x0a, 0x28, 0x49,
|
||||
0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46,
|
||||
0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
|
||||
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01,
|
||||
0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x44, 0x45, 0x52, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x43, 0x54,
|
||||
0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x04, 0x53, 0x43, 0x54, 0x73, 0x12, 0x26, 0x0a,
|
||||
0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18,
|
||||
0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
|
||||
0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44,
|
||||
0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12,
|
||||
0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61,
|
||||
0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72,
|
||||
0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x22, 0xb9, 0x01, 0x0a, 0x13, 0x47, 0x65,
|
||||
0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
|
||||
0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
|
||||
0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61,
|
||||
0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f,
|
||||
0x6e, 0x12, 0x38, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07,
|
||||
0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
|
||||
0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
|
||||
0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73,
|
||||
0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72,
|
||||
0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18,
|
||||
0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x4a,
|
||||
0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x2a, 0x0a, 0x0c, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73,
|
||||
0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
|
||||
0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
|
||||
0x65, 0x22, 0x76, 0x0a, 0x12, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c,
|
||||
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64,
|
||||
0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x61, 0x2e, 0x43,
|
||||
0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x08, 0x6d, 0x65,
|
||||
0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x26, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18,
|
||||
0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c,
|
||||
0x45, 0x6e, 0x74, 0x72, 0x79, 0x48, 0x00, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x09,
|
||||
0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x8f, 0x01, 0x0a, 0x0b, 0x43, 0x52,
|
||||
0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73,
|
||||
0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52,
|
||||
0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, 0x3a, 0x0a,
|
||||
0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
|
||||
0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
|
||||
0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x74,
|
||||
0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61,
|
||||
0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61,
|
||||
0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x2b, 0x0a, 0x13, 0x47,
|
||||
0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
|
||||
0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28,
|
||||
0x0c, 0x52, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x32, 0x67, 0x0a, 0x14, 0x43, 0x65, 0x72, 0x74,
|
||||
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
|
||||
0x12, 0x4f, 0x0a, 0x10, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
|
||||
0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43,
|
||||
0x03, 0x44, 0x45, 0x52, 0x22, 0xbc, 0x01, 0x0a, 0x28, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65,
|
||||
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63,
|
||||
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
|
||||
0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74,
|
||||
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
|
||||
0x00, 0x32, 0x4c, 0x0a, 0x0d, 0x4f, 0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
|
||||
0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43,
|
||||
0x53, 0x50, 0x12, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65,
|
||||
0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61,
|
||||
0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x32,
|
||||
0x54, 0x0a, 0x0c, 0x43, 0x52, 0x4c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12,
|
||||
0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, 0x16,
|
||||
0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52,
|
||||
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65,
|
||||
0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
|
||||
0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
|
||||
0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f,
|
||||
0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
|
||||
0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
||||
0x74, 0x12, 0x10, 0x0a, 0x03, 0x44, 0x45, 0x52, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03,
|
||||
0x44, 0x45, 0x52, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x43, 0x54, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
|
||||
0x0c, 0x52, 0x04, 0x53, 0x43, 0x54, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73,
|
||||
0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52,
|
||||
0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12,
|
||||
0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03,
|
||||
0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x65, 0x72,
|
||||
0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48, 0x61, 0x73, 0x68, 0x18, 0x05, 0x20, 0x01,
|
||||
0x28, 0x0c, 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x48,
|
||||
0x61, 0x73, 0x68, 0x22, 0xb9, 0x01, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65,
|
||||
0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73,
|
||||
0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61,
|
||||
0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20,
|
||||
0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x72,
|
||||
0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
|
||||
0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
|
||||
0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f,
|
||||
0x6b, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18,
|
||||
0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a,
|
||||
0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52,
|
||||
0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22,
|
||||
0x2a, 0x0a, 0x0c, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
|
||||
0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
|
||||
0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x76, 0x0a, 0x12, 0x47,
|
||||
0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
|
||||
0x74, 0x12, 0x2d, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20,
|
||||
0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x61, 0x2e, 0x43, 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61,
|
||||
0x64, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
|
||||
0x12, 0x26, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
|
||||
0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x48,
|
||||
0x00, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c,
|
||||
0x6f, 0x61, 0x64, 0x22, 0x8f, 0x01, 0x0a, 0x0b, 0x43, 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64,
|
||||
0x61, 0x74, 0x61, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d,
|
||||
0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65,
|
||||
0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, 0x3a, 0x0a, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55,
|
||||
0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
|
||||
0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69,
|
||||
0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64,
|
||||
0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18,
|
||||
0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x4a,
|
||||
0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x2b, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
|
||||
0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05,
|
||||
0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x63, 0x68, 0x75,
|
||||
0x6e, 0x6b, 0x32, 0x67, 0x0a, 0x14, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
|
||||
0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x4f, 0x0a, 0x10, 0x49, 0x73,
|
||||
0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b,
|
||||
0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
|
||||
0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x61,
|
||||
0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
|
||||
0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x32, 0x4c, 0x0a, 0x0d, 0x4f,
|
||||
0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x0c,
|
||||
0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x63,
|
||||
0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65,
|
||||
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52,
|
||||
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x32, 0x54, 0x0a, 0x0c, 0x43, 0x52, 0x4c,
|
||||
0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e,
|
||||
0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, 0x16, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65,
|
||||
0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
|
||||
0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52,
|
||||
0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x42,
|
||||
0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65,
|
||||
0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65,
|
||||
0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
|
||||
0x6f, 0x33,
|
||||
}
|
||||
|
||||
var (
|
||||
|
|
@ -727,36 +649,35 @@ func file_ca_proto_rawDescGZIP() []byte {
|
|||
return file_ca_proto_rawDescData
|
||||
}
|
||||
|
||||
var file_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
|
||||
var file_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
|
||||
var file_ca_proto_goTypes = []interface{}{
|
||||
(*IssueCertificateRequest)(nil), // 0: ca.IssueCertificateRequest
|
||||
(*IssueCertificateResponse)(nil), // 1: ca.IssueCertificateResponse
|
||||
(*IssuePrecertificateResponse)(nil), // 2: ca.IssuePrecertificateResponse
|
||||
(*IssueCertificateForPrecertificateRequest)(nil), // 3: ca.IssueCertificateForPrecertificateRequest
|
||||
(*GenerateOCSPRequest)(nil), // 4: ca.GenerateOCSPRequest
|
||||
(*OCSPResponse)(nil), // 5: ca.OCSPResponse
|
||||
(*GenerateCRLRequest)(nil), // 6: ca.GenerateCRLRequest
|
||||
(*CRLMetadata)(nil), // 7: ca.CRLMetadata
|
||||
(*GenerateCRLResponse)(nil), // 8: ca.GenerateCRLResponse
|
||||
(*timestamppb.Timestamp)(nil), // 9: google.protobuf.Timestamp
|
||||
(*proto.CRLEntry)(nil), // 10: core.CRLEntry
|
||||
(*IssueCertificateForPrecertificateRequest)(nil), // 2: ca.IssueCertificateForPrecertificateRequest
|
||||
(*GenerateOCSPRequest)(nil), // 3: ca.GenerateOCSPRequest
|
||||
(*OCSPResponse)(nil), // 4: ca.OCSPResponse
|
||||
(*GenerateCRLRequest)(nil), // 5: ca.GenerateCRLRequest
|
||||
(*CRLMetadata)(nil), // 6: ca.CRLMetadata
|
||||
(*GenerateCRLResponse)(nil), // 7: ca.GenerateCRLResponse
|
||||
(*timestamppb.Timestamp)(nil), // 8: google.protobuf.Timestamp
|
||||
(*proto.CRLEntry)(nil), // 9: core.CRLEntry
|
||||
}
|
||||
var file_ca_proto_depIdxs = []int32{
|
||||
9, // 0: ca.GenerateOCSPRequest.revokedAt:type_name -> google.protobuf.Timestamp
|
||||
7, // 1: ca.GenerateCRLRequest.metadata:type_name -> ca.CRLMetadata
|
||||
10, // 2: ca.GenerateCRLRequest.entry:type_name -> core.CRLEntry
|
||||
9, // 3: ca.CRLMetadata.thisUpdate:type_name -> google.protobuf.Timestamp
|
||||
0, // 4: ca.CertificateAuthority.IssueCertificate:input_type -> ca.IssueCertificateRequest
|
||||
4, // 5: ca.OCSPGenerator.GenerateOCSP:input_type -> ca.GenerateOCSPRequest
|
||||
6, // 6: ca.CRLGenerator.GenerateCRL:input_type -> ca.GenerateCRLRequest
|
||||
1, // 7: ca.CertificateAuthority.IssueCertificate:output_type -> ca.IssueCertificateResponse
|
||||
5, // 8: ca.OCSPGenerator.GenerateOCSP:output_type -> ca.OCSPResponse
|
||||
8, // 9: ca.CRLGenerator.GenerateCRL:output_type -> ca.GenerateCRLResponse
|
||||
7, // [7:10] is the sub-list for method output_type
|
||||
4, // [4:7] is the sub-list for method input_type
|
||||
4, // [4:4] is the sub-list for extension type_name
|
||||
4, // [4:4] is the sub-list for extension extendee
|
||||
0, // [0:4] is the sub-list for field type_name
|
||||
8, // 0: ca.GenerateOCSPRequest.revokedAt:type_name -> google.protobuf.Timestamp
|
||||
6, // 1: ca.GenerateCRLRequest.metadata:type_name -> ca.CRLMetadata
|
||||
9, // 2: ca.GenerateCRLRequest.entry:type_name -> core.CRLEntry
|
||||
8, // 3: ca.CRLMetadata.thisUpdate:type_name -> google.protobuf.Timestamp
|
||||
0, // 4: ca.CertificateAuthority.IssueCertificate:input_type -> ca.IssueCertificateRequest
|
||||
3, // 5: ca.OCSPGenerator.GenerateOCSP:input_type -> ca.GenerateOCSPRequest
|
||||
5, // 6: ca.CRLGenerator.GenerateCRL:input_type -> ca.GenerateCRLRequest
|
||||
1, // 7: ca.CertificateAuthority.IssueCertificate:output_type -> ca.IssueCertificateResponse
|
||||
4, // 8: ca.OCSPGenerator.GenerateOCSP:output_type -> ca.OCSPResponse
|
||||
7, // 9: ca.CRLGenerator.GenerateCRL:output_type -> ca.GenerateCRLResponse
|
||||
7, // [7:10] is the sub-list for method output_type
|
||||
4, // [4:7] is the sub-list for method input_type
|
||||
4, // [4:4] is the sub-list for extension type_name
|
||||
4, // [4:4] is the sub-list for extension extendee
|
||||
0, // [0:4] is the sub-list for field type_name
|
||||
}
|
||||
|
||||
func init() { file_ca_proto_init() }
|
||||
|
|
@ -790,18 +711,6 @@ func file_ca_proto_init() {
|
|||
}
|
||||
}
|
||||
file_ca_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*IssuePrecertificateResponse); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
case 1:
|
||||
return &v.sizeCache
|
||||
case 2:
|
||||
return &v.unknownFields
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
file_ca_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*IssueCertificateForPrecertificateRequest); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
|
|
@ -813,7 +722,7 @@ func file_ca_proto_init() {
|
|||
return nil
|
||||
}
|
||||
}
|
||||
file_ca_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
|
||||
file_ca_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*GenerateOCSPRequest); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
|
|
@ -825,7 +734,7 @@ func file_ca_proto_init() {
|
|||
return nil
|
||||
}
|
||||
}
|
||||
file_ca_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
|
||||
file_ca_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*OCSPResponse); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
|
|
@ -837,7 +746,7 @@ func file_ca_proto_init() {
|
|||
return nil
|
||||
}
|
||||
}
|
||||
file_ca_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
|
||||
file_ca_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*GenerateCRLRequest); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
|
|
@ -849,7 +758,7 @@ func file_ca_proto_init() {
|
|||
return nil
|
||||
}
|
||||
}
|
||||
file_ca_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
|
||||
file_ca_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*CRLMetadata); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
|
|
@ -861,7 +770,7 @@ func file_ca_proto_init() {
|
|||
return nil
|
||||
}
|
||||
}
|
||||
file_ca_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
|
||||
file_ca_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*GenerateCRLResponse); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
|
|
@ -874,7 +783,7 @@ func file_ca_proto_init() {
|
|||
}
|
||||
}
|
||||
}
|
||||
file_ca_proto_msgTypes[6].OneofWrappers = []interface{}{
|
||||
file_ca_proto_msgTypes[5].OneofWrappers = []interface{}{
|
||||
(*GenerateCRLRequest_Metadata)(nil),
|
||||
(*GenerateCRLRequest_Entry)(nil),
|
||||
}
|
||||
|
|
@ -884,7 +793,7 @@ func file_ca_proto_init() {
|
|||
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
||||
RawDescriptor: file_ca_proto_rawDesc,
|
||||
NumEnums: 0,
|
||||
NumMessages: 9,
|
||||
NumMessages: 8,
|
||||
NumExtensions: 0,
|
||||
NumServices: 3,
|
||||
},
|
||||
|
|
|
|||
|
|
@ -30,21 +30,6 @@ message IssueCertificateResponse {
|
|||
bytes DER = 1;
|
||||
}
|
||||
|
||||
message IssuePrecertificateResponse {
|
||||
// Next unused field number: 4
|
||||
bytes DER = 1;
|
||||
|
||||
// certProfileHash is a hash over the exported fields of a certificate profile
|
||||
// to ensure that the profile remains unchanged after multiple roundtrips
|
||||
// through the RA and CA.
|
||||
bytes certProfileHash = 2;
|
||||
|
||||
// certProfileName is a human readable name returned back to the RA for later
|
||||
// use. If IssueCertificateRequest.certProfileName was an empty string, the
|
||||
// CAs default profile name will be assigned.
|
||||
string certProfileName = 3;
|
||||
}
|
||||
|
||||
message IssueCertificateForPrecertificateRequest {
|
||||
// Next unused field number: 6
|
||||
bytes DER = 1;
|
||||
|
|
|
|||
47
mocks/ca.go
47
mocks/ca.go
|
|
@ -2,17 +2,13 @@ package mocks
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
capb "github.com/letsencrypt/boulder/ca/proto"
|
||||
corepb "github.com/letsencrypt/boulder/core/proto"
|
||||
)
|
||||
|
||||
// MockCA is a mock of a CA that always returns the cert from PEM in response to
|
||||
|
|
@ -23,54 +19,15 @@ type MockCA struct {
|
|||
|
||||
// IssueCertificate is a mock
|
||||
func (ca *MockCA) IssueCertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssueCertificateResponse, error) {
|
||||
precert, err := ca.issuePrecertificate(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cert, err := ca.issueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
|
||||
DER: precert.DER,
|
||||
SCTs: nil,
|
||||
RegistrationID: req.RegistrationID,
|
||||
OrderID: req.OrderID,
|
||||
CertProfileHash: precert.CertProfileHash,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &capb.IssueCertificateResponse{DER: cert.Der}, nil
|
||||
}
|
||||
|
||||
// issuePrecertificate is a mock
|
||||
func (ca *MockCA) issuePrecertificate(_ context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) {
|
||||
if ca.PEM == nil {
|
||||
return nil, fmt.Errorf("MockCA's PEM field must be set before calling IssueCertificate")
|
||||
}
|
||||
block, _ := pem.Decode(ca.PEM)
|
||||
cert, err := x509.ParseCertificate(block.Bytes)
|
||||
sampleDER, err := x509.ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
profHash := sha256.Sum256([]byte(req.CertProfileName))
|
||||
return &capb.IssuePrecertificateResponse{
|
||||
DER: cert.Raw,
|
||||
CertProfileHash: profHash[:8],
|
||||
CertProfileName: req.CertProfileName,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// issueCertificateForPrecertificate is a mock
|
||||
func (ca *MockCA) issueCertificateForPrecertificate(_ context.Context, req *capb.IssueCertificateForPrecertificateRequest, _ ...grpc.CallOption) (*corepb.Certificate, error) { //nolint:unparam // `error` is always nil
|
||||
now := time.Now()
|
||||
expires := now.Add(1 * time.Hour)
|
||||
|
||||
return &corepb.Certificate{
|
||||
Der: req.DER,
|
||||
RegistrationID: 1,
|
||||
Serial: "mock",
|
||||
Digest: "mock",
|
||||
Issued: timestamppb.New(now),
|
||||
Expires: timestamppb.New(expires),
|
||||
}, nil
|
||||
return &capb.IssueCertificateResponse{DER: sampleDER.Raw}, nil
|
||||
}
|
||||
|
||||
type MockOCSPGenerator struct{}
|
||||
|
|
|
|||
|
|
@ -3234,14 +3234,6 @@ func (ca *MockCARecordingProfile) IssueCertificate(ctx context.Context, req *cap
|
|||
return ca.inner.IssueCertificate(ctx, req)
|
||||
}
|
||||
|
||||
func (ca *MockCARecordingProfile) IssuePrecertificate(ctx context.Context, req *capb.IssueCertificateRequest, _ ...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) {
|
||||
return nil, errors.New("nope")
|
||||
}
|
||||
|
||||
func (ca *MockCARecordingProfile) IssueCertificateForPrecertificate(ctx context.Context, req *capb.IssueCertificateForPrecertificateRequest, _ ...grpc.CallOption) (*corepb.Certificate, error) {
|
||||
return nil, errors.New("nope")
|
||||
}
|
||||
|
||||
type mockSAWithFinalize struct {
|
||||
sapb.StorageAuthorityClient
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue