50 lines
1.3 KiB
Protocol Buffer
50 lines
1.3 KiB
Protocol Buffer
syntax = "proto2";
|
|
|
|
package ca;
|
|
option go_package = "proto";
|
|
|
|
import "core/proto/core.proto";
|
|
|
|
// CertificateAuthority issues certificates.
|
|
service CertificateAuthority {
|
|
rpc IssuePrecertificate(IssueCertificateRequest) returns (IssuePrecertificateResponse) {}
|
|
rpc IssueCertificateForPrecertificate(IssueCertificateForPrecertificateRequest) returns (core.Certificate) {}
|
|
rpc GenerateOCSP(GenerateOCSPRequest) returns (OCSPResponse) {}
|
|
}
|
|
|
|
// OCSPGenerator generates OCSP. We separate this out from
|
|
// CertificateAuthority so that we can restrict access to a different subset of
|
|
// hosts, so the hosts that need to request OCSP generation don't need to be
|
|
// able to request certificate issuance.
|
|
service OCSPGenerator {
|
|
rpc GenerateOCSP(GenerateOCSPRequest) returns (OCSPResponse) {}
|
|
}
|
|
|
|
message IssueCertificateRequest {
|
|
optional bytes csr = 1;
|
|
optional int64 registrationID = 2;
|
|
optional int64 orderID = 3;
|
|
}
|
|
|
|
message IssuePrecertificateResponse {
|
|
optional bytes DER = 1;
|
|
}
|
|
|
|
message IssueCertificateForPrecertificateRequest {
|
|
optional bytes DER = 1;
|
|
repeated bytes SCTs = 2;
|
|
optional int64 registrationID = 3;
|
|
optional int64 orderID = 4;
|
|
}
|
|
|
|
message GenerateOCSPRequest {
|
|
optional bytes certDER = 1;
|
|
optional string status = 2;
|
|
optional int32 reason = 3;
|
|
optional int64 revokedAt = 4;
|
|
}
|
|
|
|
message OCSPResponse {
|
|
optional bytes response = 1;
|
|
}
|