syntax = "proto3";

package core;
option go_package = "github.com/letsencrypt/boulder/core/proto";

import "google/protobuf/timestamp.proto";

message Identifier {
  string type = 1;
  string value = 2;
}

message Challenge {
  // Next unused field number: 13
  reserved 4, 5, 8, 11;
  int64 id = 1;
  // Fields specified by RFC 8555, Section 8.
  string type = 2;
  string url = 9;
  string status = 6;
  google.protobuf.Timestamp validated = 12;
  ProblemDetails error = 7;
  // Fields specified by individual validation methods.
  string token = 3;
  // Additional fields for our own record keeping.
  repeated ValidationRecord validationrecords = 10;
}

message ValidationRecord {
  // Next unused field number: 9
  string hostname = 1;
  string port = 2;
  repeated bytes addressesResolved = 3; // netip.Addr.MarshalText()
  bytes addressUsed = 4; // netip.Addr.MarshalText()

  repeated string authorities = 5;
  string url = 6;
  // A list of addresses tried before the address used (see
  // core/objects.go and the comment on the ValidationRecord structure
  // definition for more information.
  repeated bytes addressesTried = 7; // netip.Addr.MarshalText()
  repeated string resolverAddrs = 8;
}

message ProblemDetails {
  string problemType = 1;
  string detail = 2;
  int32 httpStatus = 3;
}

message Certificate {
  // Next unused field number: 9
  int64 registrationID = 1;
  string serial = 2;
  string digest = 3;
  bytes der = 4;
  reserved 5;  // Previously issuedNS
  google.protobuf.Timestamp issued = 7;
  reserved 6; // Previously expiresNS
  google.protobuf.Timestamp expires = 8;
}

message CertificateStatus {
  // Next unused field number: 16
  string serial = 1;
  reserved 2; // previously subscriberApproved
  string status = 3;
  reserved 4; // Previously ocspLastUpdatedNS
  google.protobuf.Timestamp ocspLastUpdated = 15;
  reserved 5; // Previously revokedDateNS
  google.protobuf.Timestamp revokedDate = 12;
  int64 revokedReason = 6;
  reserved 7; // Previously lastExpirationNagSentNS
  reserved 8; // previously ocspResponse
  google.protobuf.Timestamp lastExpirationNagSent = 13;
  reserved 9; // Previously notAfterNS
  google.protobuf.Timestamp notAfter = 14;
  bool isExpired = 10;
  int64 issuerID = 11;
}

message Registration {
  // Next unused field number: 10
  int64 id = 1;
  bytes key = 2;
  repeated string contact = 3;
  reserved 4; // Previously contactsPresent
  string agreement = 5;
  reserved 6; // Previously initialIP
  reserved 7; // Previously createdAtNS
  google.protobuf.Timestamp createdAt = 9;
  string status = 8;
}

message Authorization {
  // Next unused field number: 12
  reserved 5, 7, 8;
  string id = 1;
  int64 registrationID = 3;
  // Fields specified by RFC 8555, Section 7.1.4
  reserved 2; // Previously dnsName
  Identifier identifier = 11;
  string status = 4;
  google.protobuf.Timestamp expires = 9;
  repeated core.Challenge challenges = 6;
  string certificateProfileName = 10;
  // We do not directly represent the "wildcard" field, instead inferring it
  // from the identifier value.
}

message Order {
  // Next unused field number: 17
  reserved 3, 6, 10;
  int64 id = 1;
  int64 registrationID = 2;
  // Fields specified by RFC 8555, Section 7.1.3
  // Note that we do not respect notBefore and notAfter, and we infer the
  // finalize and certificate URLs from the id and certificateSerial fields.
  string status = 7;
  google.protobuf.Timestamp expires = 12;
  reserved 8; // Previously dnsNames
  repeated Identifier identifiers = 16;
  ProblemDetails error = 4;
  repeated int64 v2Authorizations = 11;
  string certificateSerial = 5;
  // Additional fields for our own record-keeping.
  google.protobuf.Timestamp created = 13;
  string certificateProfileName = 14;
  string replaces = 15;
  bool beganProcessing = 9;
}

message CRLEntry {
  // Next unused field number: 5
  string serial = 1;
  int32 reason = 2;
  reserved 3; // Previously revokedAtNS
  google.protobuf.Timestamp revokedAt = 4;
}