pb

package
v2.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 23, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

README

Protocol Documentation

Table of Contents

Top

certificate-authority/pb/cert.proto

SignCertificateRequest
Field Type Label Description
certificate_signing_request bytes PEM format

SignCertificateResponse
Field Type Label Description
certificate bytes PEM format

Top

certificate-authority/pb/service.proto

CertificateAuthority
Method Name Request Type Response Type Description
SignIdentityCertificate SignCertificateRequest SignCertificateResponse SignIdentityCertificate sends a Identity Certificate Signing Request to the certificate authority and obtains a signed certificate. Both in the PEM format. It adds EKU: '1.3.6.1.4.1.44924.1.6' .
SignCertificate SignCertificateRequest SignCertificateResponse SignCertificate sends a Certificate Signing Request to the certificate authority and obtains a signed certificate. Both in the PEM format.
GetSigningRecords GetSigningRecordsRequest SigningRecord stream Get signed certficate records.
DeleteSigningRecords DeleteSigningRecordsRequest DeletedSigningRecords Delete signed certficate records.

Top

certificate-authority/pb/signingRecords.proto

CredentialStatus
Field Type Label Description
date int64 Last time the device requested provisioning, in unix nanoseconds timestamp format.

@gotags: bson:"date" | | certificate_pem | string | | Last certificate issued.

@gotags: bson:"identityCertificate" | | valid_until_date | int64 | | Record valid until date, in unix nanoseconds timestamp format

@gotags: bson:"validUntilDate" |

DeleteSigningRecordsRequest
Field Type Label Description
id_filter string repeated Filter by id.
device_id_filter string repeated Filter by common_name.

DeletedSigningRecords
Field Type Label Description
count int64 Number of deleted records.

GetSigningRecordsRequest
Field Type Label Description
id_filter string repeated Filter by id.
common_name_filter string repeated Filter by common_name.
device_id_filter string repeated Filter by device_id - provides only identity certificates.

SigningRecord
Field Type Label Description
id string The registration ID is determined by applying a formula that utilizes the certificate properties, and it is computed as uuid.NewSHA1(uuid.NameSpaceX500, common_name + uuid.NewSHA1(uuid.NameSpaceX500, publicKeyRaw)).

@gotags: bson:"_id" | | owner | string | | Certificate owner.

@gotags: bson:"owner" | | common_name | string | | Common name of the certificate. If device_id is provided in the common name, then for update public key must be same.

@gotags: bson:"commonName" | | device_id | string | | DeviceID of the identity certificate.

@gotags: bson:"deviceId,omitempty" | | public_key | string | | Public key fingerprint in uuid.NewSHA1(uuid.NameSpaceX500, publicKeyRaw) of the certificate.

@gotags: bson:"publicKey" | | creation_date | int64 | | Record creation date, in unix nanoseconds timestamp format

@gotags: bson:"creationDate,omitempty" | | credential | CredentialStatus | | Last credential provision overview.

@gotags: bson:"credential" |

Scalar Value Types

.proto Type Notes C++ Java Python Go C# PHP Ruby
double double double float float64 double float Float
float float float float float32 float float Float
int32 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. int32 int int int32 int integer Bignum or Fixnum (as required)
int64 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. int64 long int/long int64 long integer/string Bignum
uint32 Uses variable-length encoding. uint32 int int/long uint32 uint integer Bignum or Fixnum (as required)
uint64 Uses variable-length encoding. uint64 long int/long uint64 ulong integer/string Bignum or Fixnum (as required)
sint32 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. int32 int int int32 int integer Bignum or Fixnum (as required)
sint64 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. int64 long int/long int64 long integer/string Bignum
fixed32 Always four bytes. More efficient than uint32 if values are often greater than 2^28. uint32 int int uint32 uint integer Bignum or Fixnum (as required)
fixed64 Always eight bytes. More efficient than uint64 if values are often greater than 2^56. uint64 long int/long uint64 ulong integer/string Bignum
sfixed32 Always four bytes. int32 int int int32 int integer Bignum or Fixnum (as required)
sfixed64 Always eight bytes. int64 long int/long int64 long integer/string Bignum
bool bool boolean boolean bool bool boolean TrueClass/FalseClass
string A string must always contain UTF-8 encoded or 7-bit ASCII text. string String str/unicode string string string String (UTF-8)
bytes May contain any arbitrary sequence of bytes. string ByteString str []byte ByteString string String (ASCII-8BIT)

Documentation

Overview

Package pb is a reverse proxy.

It translates gRPC into RESTful JSON APIs.

Index

Constants

View Source
const (
	CertificateAuthority_SignIdentityCertificate_FullMethodName = "/certificateauthority.pb.CertificateAuthority/SignIdentityCertificate"
	CertificateAuthority_SignCertificate_FullMethodName         = "/certificateauthority.pb.CertificateAuthority/SignCertificate"
	CertificateAuthority_GetSigningRecords_FullMethodName       = "/certificateauthority.pb.CertificateAuthority/GetSigningRecords"
	CertificateAuthority_DeleteSigningRecords_FullMethodName    = "/certificateauthority.pb.CertificateAuthority/DeleteSigningRecords"
)

Variables

View Source
var CertificateAuthority_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "certificateauthority.pb.CertificateAuthority",
	HandlerType: (*CertificateAuthorityServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "SignIdentityCertificate",
			Handler:    _CertificateAuthority_SignIdentityCertificate_Handler,
		},
		{
			MethodName: "SignCertificate",
			Handler:    _CertificateAuthority_SignCertificate_Handler,
		},
		{
			MethodName: "DeleteSigningRecords",
			Handler:    _CertificateAuthority_DeleteSigningRecords_Handler,
		},
	},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "GetSigningRecords",
			Handler:       _CertificateAuthority_GetSigningRecords_Handler,
			ServerStreams: true,
		},
	},
	Metadata: "certificate-authority/pb/service.proto",
}

CertificateAuthority_ServiceDesc is the grpc.ServiceDesc for CertificateAuthority service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source
var File_certificate_authority_pb_cert_proto protoreflect.FileDescriptor
View Source
var File_certificate_authority_pb_signingRecords_proto protoreflect.FileDescriptor

Functions

func RegisterCertificateAuthorityHandler added in v2.5.0

func RegisterCertificateAuthorityHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error

RegisterCertificateAuthorityHandler registers the http handlers for service CertificateAuthority to "mux". The handlers forward requests to the grpc endpoint over "conn".

func RegisterCertificateAuthorityHandlerClient added in v2.5.0

func RegisterCertificateAuthorityHandlerClient(ctx context.Context, mux *runtime.ServeMux, client CertificateAuthorityClient) error

RegisterCertificateAuthorityHandlerClient registers the http handlers for service CertificateAuthority to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "CertificateAuthorityClient". Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "CertificateAuthorityClient" doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in "CertificateAuthorityClient" to call the correct interceptors.

func RegisterCertificateAuthorityHandlerFromEndpoint added in v2.5.0

func RegisterCertificateAuthorityHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error)

RegisterCertificateAuthorityHandlerFromEndpoint is same as RegisterCertificateAuthorityHandler but automatically dials to "endpoint" and closes the connection when "ctx" gets done.

func RegisterCertificateAuthorityHandlerServer added in v2.5.0

func RegisterCertificateAuthorityHandlerServer(ctx context.Context, mux *runtime.ServeMux, server CertificateAuthorityServer) error

RegisterCertificateAuthorityHandlerServer registers the http handlers for service CertificateAuthority to "mux". UnaryRPC :call CertificateAuthorityServer directly. StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterCertificateAuthorityHandlerFromEndpoint instead.

func RegisterCertificateAuthorityServer

func RegisterCertificateAuthorityServer(s grpc.ServiceRegistrar, srv CertificateAuthorityServer)

Types

type CertificateAuthorityClient

type CertificateAuthorityClient interface {
	// SignIdentityCertificate sends a Identity Certificate Signing Request to the certificate authority
	// and obtains a signed certificate. Both in the PEM format. It adds EKU: '1.3.6.1.4.1.44924.1.6' .
	SignIdentityCertificate(ctx context.Context, in *SignCertificateRequest, opts ...grpc.CallOption) (*SignCertificateResponse, error)
	// SignCertificate sends a Certificate Signing Request to the certificate authority
	// and obtains a signed certificate. Both in the PEM format.
	SignCertificate(ctx context.Context, in *SignCertificateRequest, opts ...grpc.CallOption) (*SignCertificateResponse, error)
	// Get signed certficate records.
	GetSigningRecords(ctx context.Context, in *GetSigningRecordsRequest, opts ...grpc.CallOption) (CertificateAuthority_GetSigningRecordsClient, error)
	// Delete signed certficate records.
	DeleteSigningRecords(ctx context.Context, in *DeleteSigningRecordsRequest, opts ...grpc.CallOption) (*DeletedSigningRecords, error)
}

CertificateAuthorityClient is the client API for CertificateAuthority service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

type CertificateAuthorityServer

type CertificateAuthorityServer interface {
	// SignIdentityCertificate sends a Identity Certificate Signing Request to the certificate authority
	// and obtains a signed certificate. Both in the PEM format. It adds EKU: '1.3.6.1.4.1.44924.1.6' .
	SignIdentityCertificate(context.Context, *SignCertificateRequest) (*SignCertificateResponse, error)
	// SignCertificate sends a Certificate Signing Request to the certificate authority
	// and obtains a signed certificate. Both in the PEM format.
	SignCertificate(context.Context, *SignCertificateRequest) (*SignCertificateResponse, error)
	// Get signed certficate records.
	GetSigningRecords(*GetSigningRecordsRequest, CertificateAuthority_GetSigningRecordsServer) error
	// Delete signed certficate records.
	DeleteSigningRecords(context.Context, *DeleteSigningRecordsRequest) (*DeletedSigningRecords, error)
	// contains filtered or unexported methods
}

CertificateAuthorityServer is the server API for CertificateAuthority service. All implementations must embed UnimplementedCertificateAuthorityServer for forward compatibility

type CertificateAuthority_GetSigningRecordsClient added in v2.7.18

type CertificateAuthority_GetSigningRecordsClient interface {
	Recv() (*SigningRecord, error)
	grpc.ClientStream
}

type CertificateAuthority_GetSigningRecordsServer added in v2.7.18

type CertificateAuthority_GetSigningRecordsServer interface {
	Send(*SigningRecord) error
	grpc.ServerStream
}

type CredentialStatus added in v2.7.18

type CredentialStatus struct {

	// Last time the device requested provisioning, in unix nanoseconds timestamp format.
	Date int64 `protobuf:"varint,1,opt,name=date,proto3" json:"date,omitempty" bson:"date"` // @gotags: bson:"date"
	// Last certificate issued.
	CertificatePem string `` // @gotags: bson:"identityCertificate"
	/* 130-byte string literal not displayed */
	// Record valid until date, in unix nanoseconds timestamp format
	ValidUntilDate int64 `` // @gotags: bson:"validUntilDate"
	/* 128-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*CredentialStatus) Descriptor deprecated added in v2.7.18

func (*CredentialStatus) Descriptor() ([]byte, []int)

Deprecated: Use CredentialStatus.ProtoReflect.Descriptor instead.

func (*CredentialStatus) GetCertificatePem added in v2.7.18

func (x *CredentialStatus) GetCertificatePem() string

func (*CredentialStatus) GetDate added in v2.7.18

func (x *CredentialStatus) GetDate() int64

func (*CredentialStatus) GetValidUntilDate added in v2.7.18

func (x *CredentialStatus) GetValidUntilDate() int64

func (*CredentialStatus) ProtoMessage added in v2.7.18

func (*CredentialStatus) ProtoMessage()

func (*CredentialStatus) ProtoReflect added in v2.7.18

func (x *CredentialStatus) ProtoReflect() protoreflect.Message

func (*CredentialStatus) Reset added in v2.7.18

func (x *CredentialStatus) Reset()

func (*CredentialStatus) String added in v2.7.18

func (x *CredentialStatus) String() string

type DeleteSigningRecordsRequest added in v2.7.18

type DeleteSigningRecordsRequest struct {

	// Filter by id.
	IdFilter []string `protobuf:"bytes,1,rep,name=id_filter,json=idFilter,proto3" json:"id_filter,omitempty"`
	// Filter by common_name.
	DeviceIdFilter []string `protobuf:"bytes,2,rep,name=device_id_filter,json=deviceIdFilter,proto3" json:"device_id_filter,omitempty"`
	// contains filtered or unexported fields
}

func (*DeleteSigningRecordsRequest) Descriptor deprecated added in v2.7.18

func (*DeleteSigningRecordsRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteSigningRecordsRequest.ProtoReflect.Descriptor instead.

func (*DeleteSigningRecordsRequest) GetDeviceIdFilter added in v2.7.18

func (x *DeleteSigningRecordsRequest) GetDeviceIdFilter() []string

func (*DeleteSigningRecordsRequest) GetIdFilter added in v2.7.18

func (x *DeleteSigningRecordsRequest) GetIdFilter() []string

func (*DeleteSigningRecordsRequest) ProtoMessage added in v2.7.18

func (*DeleteSigningRecordsRequest) ProtoMessage()

func (*DeleteSigningRecordsRequest) ProtoReflect added in v2.7.18

func (*DeleteSigningRecordsRequest) Reset added in v2.7.18

func (x *DeleteSigningRecordsRequest) Reset()

func (*DeleteSigningRecordsRequest) String added in v2.7.18

func (x *DeleteSigningRecordsRequest) String() string

type DeletedSigningRecords added in v2.7.18

type DeletedSigningRecords struct {

	// Number of deleted records.
	Count int64 `protobuf:"varint,1,opt,name=count,proto3" json:"count,omitempty"`
	// contains filtered or unexported fields
}

func (*DeletedSigningRecords) Descriptor deprecated added in v2.7.18

func (*DeletedSigningRecords) Descriptor() ([]byte, []int)

Deprecated: Use DeletedSigningRecords.ProtoReflect.Descriptor instead.

func (*DeletedSigningRecords) GetCount added in v2.7.18

func (x *DeletedSigningRecords) GetCount() int64

func (*DeletedSigningRecords) ProtoMessage added in v2.7.18

func (*DeletedSigningRecords) ProtoMessage()

func (*DeletedSigningRecords) ProtoReflect added in v2.7.18

func (x *DeletedSigningRecords) ProtoReflect() protoreflect.Message

func (*DeletedSigningRecords) Reset added in v2.7.18

func (x *DeletedSigningRecords) Reset()

func (*DeletedSigningRecords) String added in v2.7.18

func (x *DeletedSigningRecords) String() string

type GetSigningRecordsRequest added in v2.7.18

type GetSigningRecordsRequest struct {

	// Filter by id.
	IdFilter []string `protobuf:"bytes,1,rep,name=id_filter,json=idFilter,proto3" json:"id_filter,omitempty"`
	// Filter by common_name.
	CommonNameFilter []string `protobuf:"bytes,2,rep,name=common_name_filter,json=commonNameFilter,proto3" json:"common_name_filter,omitempty"`
	// Filter by device_id - provides only identity certificates.
	DeviceIdFilter []string `protobuf:"bytes,3,rep,name=device_id_filter,json=deviceIdFilter,proto3" json:"device_id_filter,omitempty"`
	// contains filtered or unexported fields
}

func (*GetSigningRecordsRequest) Descriptor deprecated added in v2.7.18

func (*GetSigningRecordsRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetSigningRecordsRequest.ProtoReflect.Descriptor instead.

func (*GetSigningRecordsRequest) GetCommonNameFilter added in v2.7.18

func (x *GetSigningRecordsRequest) GetCommonNameFilter() []string

func (*GetSigningRecordsRequest) GetDeviceIdFilter added in v2.7.18

func (x *GetSigningRecordsRequest) GetDeviceIdFilter() []string

func (*GetSigningRecordsRequest) GetIdFilter added in v2.7.18

func (x *GetSigningRecordsRequest) GetIdFilter() []string

func (*GetSigningRecordsRequest) ProtoMessage added in v2.7.18

func (*GetSigningRecordsRequest) ProtoMessage()

func (*GetSigningRecordsRequest) ProtoReflect added in v2.7.18

func (x *GetSigningRecordsRequest) ProtoReflect() protoreflect.Message

func (*GetSigningRecordsRequest) Reset added in v2.7.18

func (x *GetSigningRecordsRequest) Reset()

func (*GetSigningRecordsRequest) String added in v2.7.18

func (x *GetSigningRecordsRequest) String() string

type SignCertificateRequest

type SignCertificateRequest struct {
	CertificateSigningRequest []byte `` // PEM format
	/* 138-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*SignCertificateRequest) Descriptor deprecated

func (*SignCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignCertificateRequest.ProtoReflect.Descriptor instead.

func (*SignCertificateRequest) GetCertificateSigningRequest

func (x *SignCertificateRequest) GetCertificateSigningRequest() []byte

func (*SignCertificateRequest) ProtoMessage

func (*SignCertificateRequest) ProtoMessage()

func (*SignCertificateRequest) ProtoReflect

func (x *SignCertificateRequest) ProtoReflect() protoreflect.Message

func (*SignCertificateRequest) Reset

func (x *SignCertificateRequest) Reset()

func (*SignCertificateRequest) String

func (x *SignCertificateRequest) String() string

type SignCertificateResponse

type SignCertificateResponse struct {
	Certificate []byte `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"` // PEM format
	// contains filtered or unexported fields
}

func (*SignCertificateResponse) Descriptor deprecated

func (*SignCertificateResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignCertificateResponse.ProtoReflect.Descriptor instead.

func (*SignCertificateResponse) GetCertificate

func (x *SignCertificateResponse) GetCertificate() []byte

func (*SignCertificateResponse) ProtoMessage

func (*SignCertificateResponse) ProtoMessage()

func (*SignCertificateResponse) ProtoReflect

func (x *SignCertificateResponse) ProtoReflect() protoreflect.Message

func (*SignCertificateResponse) Reset

func (x *SignCertificateResponse) Reset()

func (*SignCertificateResponse) String

func (x *SignCertificateResponse) String() string

type SigningRecord added in v2.7.18

type SigningRecord struct {

	// The registration ID is determined by applying a formula that utilizes the certificate properties, and it is computed as uuid.NewSHA1(uuid.NameSpaceX500, common_name + uuid.NewSHA1(uuid.NameSpaceX500, publicKeyRaw)).
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" bson:"_id"` // @gotags: bson:"_id"
	// Certificate owner.
	Owner string `protobuf:"bytes,2,opt,name=owner,proto3" json:"owner,omitempty" bson:"owner"` // @gotags: bson:"owner"
	// Common name of the certificate. If device_id is provided in the common name, then for update public key must be same.
	CommonName string `protobuf:"bytes,3,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty" bson:"commonName"` // @gotags: bson:"commonName"
	// DeviceID of the identity certificate.
	DeviceId string `protobuf:"bytes,4,opt,name=device_id,json=deviceId,proto3" json:"device_id,omitempty" bson:"deviceId,omitempty"` // @gotags: bson:"deviceId,omitempty"
	// Public key fingerprint in uuid.NewSHA1(uuid.NameSpaceX500, publicKeyRaw) of the certificate.
	PublicKey string `protobuf:"bytes,5,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty" bson:"publicKey"` // @gotags: bson:"publicKey"
	// Record creation date, in unix nanoseconds timestamp format
	CreationDate int64 `` // @gotags: bson:"creationDate,omitempty"
	/* 128-byte string literal not displayed */
	// Last credential provision overview.
	Credential *CredentialStatus `protobuf:"bytes,7,opt,name=credential,proto3" json:"credential,omitempty" bson:"credential"` // @gotags: bson:"credential"
	// contains filtered or unexported fields
}

func (*SigningRecord) Descriptor deprecated added in v2.7.18

func (*SigningRecord) Descriptor() ([]byte, []int)

Deprecated: Use SigningRecord.ProtoReflect.Descriptor instead.

func (*SigningRecord) GetCommonName added in v2.7.18

func (x *SigningRecord) GetCommonName() string

func (*SigningRecord) GetCreationDate added in v2.7.18

func (x *SigningRecord) GetCreationDate() int64

func (*SigningRecord) GetCredential added in v2.7.18

func (x *SigningRecord) GetCredential() *CredentialStatus

func (*SigningRecord) GetDeviceId added in v2.7.18

func (x *SigningRecord) GetDeviceId() string

func (*SigningRecord) GetId added in v2.7.18

func (x *SigningRecord) GetId() string

func (*SigningRecord) GetOwner added in v2.7.18

func (x *SigningRecord) GetOwner() string

func (*SigningRecord) GetPublicKey added in v2.7.18

func (x *SigningRecord) GetPublicKey() string

func (*SigningRecord) Marshal added in v2.16.0

func (signingRecord *SigningRecord) Marshal() ([]byte, error)

func (*SigningRecord) ProtoMessage added in v2.7.18

func (*SigningRecord) ProtoMessage()

func (*SigningRecord) ProtoReflect added in v2.7.18

func (x *SigningRecord) ProtoReflect() protoreflect.Message

func (*SigningRecord) Reset added in v2.7.18

func (x *SigningRecord) Reset()

func (*SigningRecord) String added in v2.7.18

func (x *SigningRecord) String() string

func (*SigningRecord) Unmarshal added in v2.16.0

func (signingRecord *SigningRecord) Unmarshal(b []byte) error

func (*SigningRecord) Validate added in v2.16.0

func (signingRecord *SigningRecord) Validate() error

type SigningRecords added in v2.7.18

type SigningRecords []*SigningRecord

func (SigningRecords) Sort added in v2.7.18

func (p SigningRecords) Sort()

type UnimplementedCertificateAuthorityServer

type UnimplementedCertificateAuthorityServer struct {
}

UnimplementedCertificateAuthorityServer must be embedded to have forward compatible implementations.

func (UnimplementedCertificateAuthorityServer) DeleteSigningRecords added in v2.7.18

func (UnimplementedCertificateAuthorityServer) GetSigningRecords added in v2.7.18

func (UnimplementedCertificateAuthorityServer) SignCertificate

func (UnimplementedCertificateAuthorityServer) SignIdentityCertificate

type UnsafeCertificateAuthorityServer

type UnsafeCertificateAuthorityServer interface {
	// contains filtered or unexported methods
}

UnsafeCertificateAuthorityServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to CertificateAuthorityServer will result in compilation errors.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL