53 lines
1.4 KiB
Protocol Buffer
53 lines
1.4 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package ca;
|
|
option go_package = "github.com/letsencrypt/boulder/ca/proto";
|
|
|
|
import "core/proto/core.proto";
|
|
|
|
// CertificateAuthority issues certificates.
|
|
service CertificateAuthority {
|
|
rpc IssuePrecertificate(IssueCertificateRequest) returns (IssuePrecertificateResponse) {}
|
|
rpc IssueCertificateForPrecertificate(IssueCertificateForPrecertificateRequest) returns (core.Certificate) {}
|
|
rpc GenerateOCSP(GenerateOCSPRequest) returns (OCSPResponse) {}
|
|
}
|
|
|
|
// OCSPGenerator generates OCSP. We separate this out from
|
|
// CertificateAuthority so that we can restrict access to a different subset of
|
|
// hosts, so the hosts that need to request OCSP generation don't need to be
|
|
// able to request certificate issuance.
|
|
service OCSPGenerator {
|
|
rpc GenerateOCSP(GenerateOCSPRequest) returns (OCSPResponse) {}
|
|
}
|
|
|
|
message IssueCertificateRequest {
|
|
bytes csr = 1;
|
|
int64 registrationID = 2;
|
|
int64 orderID = 3;
|
|
int64 issuerNameID = 4;
|
|
}
|
|
|
|
message IssuePrecertificateResponse {
|
|
bytes DER = 1;
|
|
}
|
|
|
|
message IssueCertificateForPrecertificateRequest {
|
|
bytes DER = 1;
|
|
repeated bytes SCTs = 2;
|
|
int64 registrationID = 3;
|
|
int64 orderID = 4;
|
|
}
|
|
|
|
// Exactly one of certDER or [serial and issuerID] must be set.
|
|
message GenerateOCSPRequest {
|
|
string status = 2;
|
|
int32 reason = 3;
|
|
int64 revokedAt = 4;
|
|
string serial = 5;
|
|
int64 issuerID = 6;
|
|
}
|
|
|
|
message OCSPResponse {
|
|
bytes response = 1;
|
|
}
|