Documentation ¶
Overview ¶
Package protobuf is a reverse proxy.
It translates gRPC into RESTful JSON APIs.
Index ¶
- Constants
- Variables
- func RegisterCAHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error
- func RegisterCAHandlerClient(ctx context.Context, mux *runtime.ServeMux, client CAClient) error
- func RegisterCAHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, ...) (err error)
- func RegisterCAHandlerServer(ctx context.Context, mux *runtime.ServeMux, server CAServer) error
- func RegisterCAServer(s grpc.ServiceRegistrar, srv CAServer)
- type CAClient
- type CAServer
- type CertificateChain
- type Configuration
- type CreateSigningCertificateRequest
- func (*CreateSigningCertificateRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreateSigningCertificateRequest) GetCertificateSigningRequest() []byte
- func (x *CreateSigningCertificateRequest) GetCredentials() *Credentials
- func (m *CreateSigningCertificateRequest) GetKey() isCreateSigningCertificateRequest_Key
- func (x *CreateSigningCertificateRequest) GetPublicKeyRequest() *PublicKeyRequest
- func (*CreateSigningCertificateRequest) ProtoMessage()
- func (x *CreateSigningCertificateRequest) ProtoReflect() protoreflect.Message
- func (x *CreateSigningCertificateRequest) Reset()
- func (x *CreateSigningCertificateRequest) String() string
- type CreateSigningCertificateRequest_CertificateSigningRequest
- type CreateSigningCertificateRequest_PublicKeyRequest
- type Credentials
- func (*Credentials) Descriptor() ([]byte, []int)deprecated
- func (m *Credentials) GetCredentials() isCredentials_Credentials
- func (x *Credentials) GetOidcIdentityToken() string
- func (*Credentials) ProtoMessage()
- func (x *Credentials) ProtoReflect() protoreflect.Message
- func (x *Credentials) Reset()
- func (x *Credentials) String() string
- type Credentials_OidcIdentityToken
- type GetConfigurationRequest
- type GetTrustBundleRequest
- type OIDCIssuer
- func (*OIDCIssuer) Descriptor() ([]byte, []int)deprecated
- func (x *OIDCIssuer) GetAudience() string
- func (x *OIDCIssuer) GetChallengeClaim() string
- func (m *OIDCIssuer) GetIssuer() isOIDCIssuer_Issuer
- func (x *OIDCIssuer) GetIssuerUrl() string
- func (x *OIDCIssuer) GetSpiffeTrustDomain() string
- func (x *OIDCIssuer) GetWildcardIssuerUrl() string
- func (*OIDCIssuer) ProtoMessage()
- func (x *OIDCIssuer) ProtoReflect() protoreflect.Message
- func (x *OIDCIssuer) Reset()
- func (x *OIDCIssuer) String() string
- type OIDCIssuer_IssuerUrl
- type OIDCIssuer_WildcardIssuerUrl
- type PublicKey
- func (*PublicKey) Descriptor() ([]byte, []int)deprecated
- func (x *PublicKey) GetAlgorithm() PublicKeyAlgorithm
- func (x *PublicKey) GetContent() string
- func (*PublicKey) ProtoMessage()
- func (x *PublicKey) ProtoReflect() protoreflect.Message
- func (x *PublicKey) Reset()
- func (x *PublicKey) String() string
- type PublicKeyAlgorithm
- func (PublicKeyAlgorithm) Descriptor() protoreflect.EnumDescriptor
- func (x PublicKeyAlgorithm) Enum() *PublicKeyAlgorithm
- func (PublicKeyAlgorithm) EnumDescriptor() ([]byte, []int)deprecated
- func (x PublicKeyAlgorithm) Number() protoreflect.EnumNumber
- func (x PublicKeyAlgorithm) String() string
- func (PublicKeyAlgorithm) Type() protoreflect.EnumType
- type PublicKeyRequest
- func (*PublicKeyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *PublicKeyRequest) GetProofOfPossession() []byte
- func (x *PublicKeyRequest) GetPublicKey() *PublicKey
- func (*PublicKeyRequest) ProtoMessage()
- func (x *PublicKeyRequest) ProtoReflect() protoreflect.Message
- func (x *PublicKeyRequest) Reset()
- func (x *PublicKeyRequest) String() string
- type SigningCertificate
- func (*SigningCertificate) Descriptor() ([]byte, []int)deprecated
- func (m *SigningCertificate) GetCertificate() isSigningCertificate_Certificate
- func (x *SigningCertificate) GetSignedCertificateDetachedSct() *SigningCertificateDetachedSCT
- func (x *SigningCertificate) GetSignedCertificateEmbeddedSct() *SigningCertificateEmbeddedSCT
- func (*SigningCertificate) ProtoMessage()
- func (x *SigningCertificate) ProtoReflect() protoreflect.Message
- func (x *SigningCertificate) Reset()
- func (x *SigningCertificate) String() string
- type SigningCertificateDetachedSCT
- func (*SigningCertificateDetachedSCT) Descriptor() ([]byte, []int)deprecated
- func (x *SigningCertificateDetachedSCT) GetChain() *CertificateChain
- func (x *SigningCertificateDetachedSCT) GetSignedCertificateTimestamp() []byte
- func (*SigningCertificateDetachedSCT) ProtoMessage()
- func (x *SigningCertificateDetachedSCT) ProtoReflect() protoreflect.Message
- func (x *SigningCertificateDetachedSCT) Reset()
- func (x *SigningCertificateDetachedSCT) String() string
- type SigningCertificateEmbeddedSCT
- func (*SigningCertificateEmbeddedSCT) Descriptor() ([]byte, []int)deprecated
- func (x *SigningCertificateEmbeddedSCT) GetChain() *CertificateChain
- func (*SigningCertificateEmbeddedSCT) ProtoMessage()
- func (x *SigningCertificateEmbeddedSCT) ProtoReflect() protoreflect.Message
- func (x *SigningCertificateEmbeddedSCT) Reset()
- func (x *SigningCertificateEmbeddedSCT) String() string
- type SigningCertificate_SignedCertificateDetachedSct
- type SigningCertificate_SignedCertificateEmbeddedSct
- type TrustBundle
- type UnimplementedCAServer
- func (UnimplementedCAServer) CreateSigningCertificate(context.Context, *CreateSigningCertificateRequest) (*SigningCertificate, error)
- func (UnimplementedCAServer) GetConfiguration(context.Context, *GetConfigurationRequest) (*Configuration, error)
- func (UnimplementedCAServer) GetTrustBundle(context.Context, *GetTrustBundleRequest) (*TrustBundle, error)
- type UnsafeCAServer
Constants ¶
const ( CA_CreateSigningCertificate_FullMethodName = "/dev.sigstore.fulcio.v2.CA/CreateSigningCertificate" CA_GetTrustBundle_FullMethodName = "/dev.sigstore.fulcio.v2.CA/GetTrustBundle" CA_GetConfiguration_FullMethodName = "/dev.sigstore.fulcio.v2.CA/GetConfiguration" )
Variables ¶
var ( PublicKeyAlgorithm_name = map[int32]string{ 0: "PUBLIC_KEY_ALGORITHM_UNSPECIFIED", 1: "RSA_PSS", 2: "ECDSA", 3: "ED25519", } PublicKeyAlgorithm_value = map[string]int32{ "PUBLIC_KEY_ALGORITHM_UNSPECIFIED": 0, "RSA_PSS": 1, "ECDSA": 2, "ED25519": 3, } )
Enum value maps for PublicKeyAlgorithm.
var CA_ServiceDesc = grpc.ServiceDesc{ ServiceName: "dev.sigstore.fulcio.v2.CA", HandlerType: (*CAServer)(nil), Methods: []grpc.MethodDesc{ { MethodName: "CreateSigningCertificate", Handler: _CA_CreateSigningCertificate_Handler, }, { MethodName: "GetTrustBundle", Handler: _CA_GetTrustBundle_Handler, }, { MethodName: "GetConfiguration", Handler: _CA_GetConfiguration_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "fulcio.proto", }
CA_ServiceDesc is the grpc.ServiceDesc for CA service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
var File_fulcio_proto protoreflect.FileDescriptor
Functions ¶
func RegisterCAHandler ¶
RegisterCAHandler registers the http handlers for service CA to "mux". The handlers forward requests to the grpc endpoint over "conn".
func RegisterCAHandlerClient ¶
RegisterCAHandlerClient registers the http handlers for service CA to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "CAClient". Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "CAClient" doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in "CAClient" to call the correct interceptors.
func RegisterCAHandlerFromEndpoint ¶
func RegisterCAHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error)
RegisterCAHandlerFromEndpoint is same as RegisterCAHandler but automatically dials to "endpoint" and closes the connection when "ctx" gets done.
func RegisterCAHandlerServer ¶
RegisterCAHandlerServer registers the http handlers for service CA to "mux". UnaryRPC :call CAServer directly. StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterCAHandlerFromEndpoint instead.
func RegisterCAServer ¶
func RegisterCAServer(s grpc.ServiceRegistrar, srv CAServer)
Types ¶
type CAClient ¶
type CAClient interface { // * // Returns an X.509 certificate created by the Fulcio certificate authority for the given request parameters CreateSigningCertificate(ctx context.Context, in *CreateSigningCertificateRequest, opts ...grpc.CallOption) (*SigningCertificate, error) // * // Returns the bundle of certificates that can be used to validate code signing certificates issued by this Fulcio instance GetTrustBundle(ctx context.Context, in *GetTrustBundleRequest, opts ...grpc.CallOption) (*TrustBundle, error) // * // Returns the configuration of supported OIDC issuers, including the required challenge for each issuer. GetConfiguration(ctx context.Context, in *GetConfigurationRequest, opts ...grpc.CallOption) (*Configuration, error) }
CAClient is the client API for CA service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewCAClient ¶
func NewCAClient(cc grpc.ClientConnInterface) CAClient
type CAServer ¶
type CAServer interface { // * // Returns an X.509 certificate created by the Fulcio certificate authority for the given request parameters CreateSigningCertificate(context.Context, *CreateSigningCertificateRequest) (*SigningCertificate, error) // * // Returns the bundle of certificates that can be used to validate code signing certificates issued by this Fulcio instance GetTrustBundle(context.Context, *GetTrustBundleRequest) (*TrustBundle, error) // * // Returns the configuration of supported OIDC issuers, including the required challenge for each issuer. GetConfiguration(context.Context, *GetConfigurationRequest) (*Configuration, error) // contains filtered or unexported methods }
CAServer is the server API for CA service. All implementations must embed UnimplementedCAServer for forward compatibility
type CertificateChain ¶
type CertificateChain struct { // The PEM-encoded certificate chain, ordered from leaf to intermediate to root as applicable. Certificates []string `protobuf:"bytes,1,rep,name=certificates,proto3" json:"certificates,omitempty"` // contains filtered or unexported fields }
func (*CertificateChain) Descriptor
deprecated
func (*CertificateChain) Descriptor() ([]byte, []int)
Deprecated: Use CertificateChain.ProtoReflect.Descriptor instead.
func (*CertificateChain) GetCertificates ¶
func (x *CertificateChain) GetCertificates() []string
func (*CertificateChain) ProtoMessage ¶
func (*CertificateChain) ProtoMessage()
func (*CertificateChain) ProtoReflect ¶
func (x *CertificateChain) ProtoReflect() protoreflect.Message
func (*CertificateChain) Reset ¶
func (x *CertificateChain) Reset()
func (*CertificateChain) String ¶
func (x *CertificateChain) String() string
type Configuration ¶ added in v0.5.0
type Configuration struct { // The OIDC issuers supported by this Fulcio instance. Issuers []*OIDCIssuer `protobuf:"bytes,1,rep,name=issuers,proto3" json:"issuers,omitempty"` // contains filtered or unexported fields }
The configuration for the Fulcio instance.
func (*Configuration) Descriptor
deprecated
added in
v0.5.0
func (*Configuration) Descriptor() ([]byte, []int)
Deprecated: Use Configuration.ProtoReflect.Descriptor instead.
func (*Configuration) GetIssuers ¶ added in v0.5.0
func (x *Configuration) GetIssuers() []*OIDCIssuer
func (*Configuration) ProtoMessage ¶ added in v0.5.0
func (*Configuration) ProtoMessage()
func (*Configuration) ProtoReflect ¶ added in v0.5.0
func (x *Configuration) ProtoReflect() protoreflect.Message
func (*Configuration) Reset ¶ added in v0.5.0
func (x *Configuration) Reset()
func (*Configuration) String ¶ added in v0.5.0
func (x *Configuration) String() string
type CreateSigningCertificateRequest ¶
type CreateSigningCertificateRequest struct { // Identity information about who possesses the private / public key pair presented Credentials *Credentials `protobuf:"bytes,1,opt,name=credentials,proto3" json:"credentials,omitempty"` // Types that are assignable to Key: // // *CreateSigningCertificateRequest_PublicKeyRequest // *CreateSigningCertificateRequest_CertificateSigningRequest Key isCreateSigningCertificateRequest_Key `protobuf_oneof:"key"` // contains filtered or unexported fields }
func (*CreateSigningCertificateRequest) Descriptor
deprecated
func (*CreateSigningCertificateRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateSigningCertificateRequest.ProtoReflect.Descriptor instead.
func (*CreateSigningCertificateRequest) GetCertificateSigningRequest ¶
func (x *CreateSigningCertificateRequest) GetCertificateSigningRequest() []byte
func (*CreateSigningCertificateRequest) GetCredentials ¶
func (x *CreateSigningCertificateRequest) GetCredentials() *Credentials
func (*CreateSigningCertificateRequest) GetKey ¶
func (m *CreateSigningCertificateRequest) GetKey() isCreateSigningCertificateRequest_Key
func (*CreateSigningCertificateRequest) GetPublicKeyRequest ¶
func (x *CreateSigningCertificateRequest) GetPublicKeyRequest() *PublicKeyRequest
func (*CreateSigningCertificateRequest) ProtoMessage ¶
func (*CreateSigningCertificateRequest) ProtoMessage()
func (*CreateSigningCertificateRequest) ProtoReflect ¶
func (x *CreateSigningCertificateRequest) ProtoReflect() protoreflect.Message
func (*CreateSigningCertificateRequest) Reset ¶
func (x *CreateSigningCertificateRequest) Reset()
func (*CreateSigningCertificateRequest) String ¶
func (x *CreateSigningCertificateRequest) String() string
type CreateSigningCertificateRequest_CertificateSigningRequest ¶
type CreateSigningCertificateRequest_CertificateSigningRequest struct { // PKCS#10 PEM-encoded certificate signing request // // Contains the public key to be stored in the requested certificate. All other CSR fields // are ignored. Since the CSR is self-signed, it also acts as a proof of possession of // the private key. // // In particular, the CSR's subject name is not verified, or tested for // compatibility with its specified X.509 name type (e.g. email address). CertificateSigningRequest []byte `protobuf:"bytes,3,opt,name=certificate_signing_request,json=certificateSigningRequest,proto3,oneof"` }
type CreateSigningCertificateRequest_PublicKeyRequest ¶
type CreateSigningCertificateRequest_PublicKeyRequest struct { // The public key to be stored in the requested certificate along with a signed // challenge as proof of possession of the private key. PublicKeyRequest *PublicKeyRequest `protobuf:"bytes,2,opt,name=public_key_request,json=publicKeyRequest,proto3,oneof"` }
type Credentials ¶
type Credentials struct { // Types that are assignable to Credentials: // // *Credentials_OidcIdentityToken Credentials isCredentials_Credentials `protobuf_oneof:"credentials"` // contains filtered or unexported fields }
func (*Credentials) Descriptor
deprecated
func (*Credentials) Descriptor() ([]byte, []int)
Deprecated: Use Credentials.ProtoReflect.Descriptor instead.
func (*Credentials) GetCredentials ¶
func (m *Credentials) GetCredentials() isCredentials_Credentials
func (*Credentials) GetOidcIdentityToken ¶
func (x *Credentials) GetOidcIdentityToken() string
func (*Credentials) ProtoMessage ¶
func (*Credentials) ProtoMessage()
func (*Credentials) ProtoReflect ¶
func (x *Credentials) ProtoReflect() protoreflect.Message
func (*Credentials) Reset ¶
func (x *Credentials) Reset()
func (*Credentials) String ¶
func (x *Credentials) String() string
type Credentials_OidcIdentityToken ¶
type Credentials_OidcIdentityToken struct { // The OIDC token that identifies the caller OidcIdentityToken string `protobuf:"bytes,1,opt,name=oidc_identity_token,json=oidcIdentityToken,proto3,oneof"` }
type GetConfigurationRequest ¶ added in v0.5.0
type GetConfigurationRequest struct {
// contains filtered or unexported fields
}
This is created for forward compatibility in case we want to add fields in the future.
func (*GetConfigurationRequest) Descriptor
deprecated
added in
v0.5.0
func (*GetConfigurationRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetConfigurationRequest.ProtoReflect.Descriptor instead.
func (*GetConfigurationRequest) ProtoMessage ¶ added in v0.5.0
func (*GetConfigurationRequest) ProtoMessage()
func (*GetConfigurationRequest) ProtoReflect ¶ added in v0.5.0
func (x *GetConfigurationRequest) ProtoReflect() protoreflect.Message
func (*GetConfigurationRequest) Reset ¶ added in v0.5.0
func (x *GetConfigurationRequest) Reset()
func (*GetConfigurationRequest) String ¶ added in v0.5.0
func (x *GetConfigurationRequest) String() string
type GetTrustBundleRequest ¶
type GetTrustBundleRequest struct {
// contains filtered or unexported fields
}
This is created for forward compatibility in case we want to add fields to the TrustBundle service in the future
func (*GetTrustBundleRequest) Descriptor
deprecated
func (*GetTrustBundleRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetTrustBundleRequest.ProtoReflect.Descriptor instead.
func (*GetTrustBundleRequest) ProtoMessage ¶
func (*GetTrustBundleRequest) ProtoMessage()
func (*GetTrustBundleRequest) ProtoReflect ¶
func (x *GetTrustBundleRequest) ProtoReflect() protoreflect.Message
func (*GetTrustBundleRequest) Reset ¶
func (x *GetTrustBundleRequest) Reset()
func (*GetTrustBundleRequest) String ¶
func (x *GetTrustBundleRequest) String() string
type OIDCIssuer ¶ added in v0.5.0
type OIDCIssuer struct { // Types that are assignable to Issuer: // // *OIDCIssuer_IssuerUrl // *OIDCIssuer_WildcardIssuerUrl Issuer isOIDCIssuer_Issuer `protobuf_oneof:"issuer"` // The expected audience of the OIDC token for the issuer. Audience string `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"` // The OIDC claim that must be signed for a proof of possession challenge. ChallengeClaim string `protobuf:"bytes,4,opt,name=challenge_claim,json=challengeClaim,proto3" json:"challenge_claim,omitempty"` // The expected SPIFFE trust domain. Only present when the OIDC issuer issues tokens for SPIFFE identities. SpiffeTrustDomain string `protobuf:"bytes,5,opt,name=spiffe_trust_domain,json=spiffeTrustDomain,proto3" json:"spiffe_trust_domain,omitempty"` // contains filtered or unexported fields }
Metadata about an OIDC issuer.
func (*OIDCIssuer) Descriptor
deprecated
added in
v0.5.0
func (*OIDCIssuer) Descriptor() ([]byte, []int)
Deprecated: Use OIDCIssuer.ProtoReflect.Descriptor instead.
func (*OIDCIssuer) GetAudience ¶ added in v0.5.0
func (x *OIDCIssuer) GetAudience() string
func (*OIDCIssuer) GetChallengeClaim ¶ added in v0.5.0
func (x *OIDCIssuer) GetChallengeClaim() string
func (*OIDCIssuer) GetIssuer ¶ added in v0.5.0
func (m *OIDCIssuer) GetIssuer() isOIDCIssuer_Issuer
func (*OIDCIssuer) GetIssuerUrl ¶ added in v0.5.0
func (x *OIDCIssuer) GetIssuerUrl() string
func (*OIDCIssuer) GetSpiffeTrustDomain ¶ added in v0.5.0
func (x *OIDCIssuer) GetSpiffeTrustDomain() string
func (*OIDCIssuer) GetWildcardIssuerUrl ¶ added in v0.5.0
func (x *OIDCIssuer) GetWildcardIssuerUrl() string
func (*OIDCIssuer) ProtoMessage ¶ added in v0.5.0
func (*OIDCIssuer) ProtoMessage()
func (*OIDCIssuer) ProtoReflect ¶ added in v0.5.0
func (x *OIDCIssuer) ProtoReflect() protoreflect.Message
func (*OIDCIssuer) Reset ¶ added in v0.5.0
func (x *OIDCIssuer) Reset()
func (*OIDCIssuer) String ¶ added in v0.5.0
func (x *OIDCIssuer) String() string
type OIDCIssuer_IssuerUrl ¶ added in v0.5.0
type OIDCIssuer_IssuerUrl struct { // The URL of the OIDC issuer. IssuerUrl string `protobuf:"bytes,1,opt,name=issuer_url,json=issuerUrl,proto3,oneof"` }
type OIDCIssuer_WildcardIssuerUrl ¶ added in v0.5.0
type OIDCIssuer_WildcardIssuerUrl struct { // The URL of wildcard OIDC issuer, e.g. "https://oidc.eks.*.amazonaws.com/id/*". // When comparing the issuer, the wildcards will be replaced by "[-_a-zA-Z0-9]+". WildcardIssuerUrl string `protobuf:"bytes,2,opt,name=wildcard_issuer_url,json=wildcardIssuerUrl,proto3,oneof"` }
type PublicKey ¶
type PublicKey struct { // The cryptographic algorithm to use with the key material Algorithm PublicKeyAlgorithm `protobuf:"varint,1,opt,name=algorithm,proto3,enum=dev.sigstore.fulcio.v2.PublicKeyAlgorithm" json:"algorithm,omitempty"` // PKIX, ASN.1 DER or PEM-encoded public key. PEM is typically // of type PUBLIC KEY. Content string `protobuf:"bytes,2,opt,name=content,proto3" json:"content,omitempty"` // contains filtered or unexported fields }
func (*PublicKey) Descriptor
deprecated
func (*PublicKey) GetAlgorithm ¶
func (x *PublicKey) GetAlgorithm() PublicKeyAlgorithm
func (*PublicKey) GetContent ¶
func (*PublicKey) ProtoMessage ¶
func (*PublicKey) ProtoMessage()
func (*PublicKey) ProtoReflect ¶
func (x *PublicKey) ProtoReflect() protoreflect.Message
type PublicKeyAlgorithm ¶
type PublicKeyAlgorithm int32
const ( PublicKeyAlgorithm_PUBLIC_KEY_ALGORITHM_UNSPECIFIED PublicKeyAlgorithm = 0 PublicKeyAlgorithm_RSA_PSS PublicKeyAlgorithm = 1 PublicKeyAlgorithm_ECDSA PublicKeyAlgorithm = 2 PublicKeyAlgorithm_ED25519 PublicKeyAlgorithm = 3 )
func (PublicKeyAlgorithm) Descriptor ¶
func (PublicKeyAlgorithm) Descriptor() protoreflect.EnumDescriptor
func (PublicKeyAlgorithm) Enum ¶
func (x PublicKeyAlgorithm) Enum() *PublicKeyAlgorithm
func (PublicKeyAlgorithm) EnumDescriptor
deprecated
func (PublicKeyAlgorithm) EnumDescriptor() ([]byte, []int)
Deprecated: Use PublicKeyAlgorithm.Descriptor instead.
func (PublicKeyAlgorithm) Number ¶
func (x PublicKeyAlgorithm) Number() protoreflect.EnumNumber
func (PublicKeyAlgorithm) String ¶
func (x PublicKeyAlgorithm) String() string
func (PublicKeyAlgorithm) Type ¶
func (PublicKeyAlgorithm) Type() protoreflect.EnumType
type PublicKeyRequest ¶
type PublicKeyRequest struct { // The public key to be stored in the requested certificate PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` // Proof that the client possesses the private key; must be verifiable by provided public key // // This is a currently a signature over the `sub` claim from the OIDC identity token ProofOfPossession []byte `protobuf:"bytes,2,opt,name=proof_of_possession,json=proofOfPossession,proto3" json:"proof_of_possession,omitempty"` // contains filtered or unexported fields }
func (*PublicKeyRequest) Descriptor
deprecated
func (*PublicKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use PublicKeyRequest.ProtoReflect.Descriptor instead.
func (*PublicKeyRequest) GetProofOfPossession ¶
func (x *PublicKeyRequest) GetProofOfPossession() []byte
func (*PublicKeyRequest) GetPublicKey ¶
func (x *PublicKeyRequest) GetPublicKey() *PublicKey
func (*PublicKeyRequest) ProtoMessage ¶
func (*PublicKeyRequest) ProtoMessage()
func (*PublicKeyRequest) ProtoReflect ¶
func (x *PublicKeyRequest) ProtoReflect() protoreflect.Message
func (*PublicKeyRequest) Reset ¶
func (x *PublicKeyRequest) Reset()
func (*PublicKeyRequest) String ¶
func (x *PublicKeyRequest) String() string
type SigningCertificate ¶
type SigningCertificate struct { // Types that are assignable to Certificate: // // *SigningCertificate_SignedCertificateDetachedSct // *SigningCertificate_SignedCertificateEmbeddedSct Certificate isSigningCertificate_Certificate `protobuf_oneof:"certificate"` // contains filtered or unexported fields }
func (*SigningCertificate) Descriptor
deprecated
func (*SigningCertificate) Descriptor() ([]byte, []int)
Deprecated: Use SigningCertificate.ProtoReflect.Descriptor instead.
func (*SigningCertificate) GetCertificate ¶
func (m *SigningCertificate) GetCertificate() isSigningCertificate_Certificate
func (*SigningCertificate) GetSignedCertificateDetachedSct ¶
func (x *SigningCertificate) GetSignedCertificateDetachedSct() *SigningCertificateDetachedSCT
func (*SigningCertificate) GetSignedCertificateEmbeddedSct ¶
func (x *SigningCertificate) GetSignedCertificateEmbeddedSct() *SigningCertificateEmbeddedSCT
func (*SigningCertificate) ProtoMessage ¶
func (*SigningCertificate) ProtoMessage()
func (*SigningCertificate) ProtoReflect ¶
func (x *SigningCertificate) ProtoReflect() protoreflect.Message
func (*SigningCertificate) Reset ¶
func (x *SigningCertificate) Reset()
func (*SigningCertificate) String ¶
func (x *SigningCertificate) String() string
type SigningCertificateDetachedSCT ¶
type SigningCertificateDetachedSCT struct { // The certificate chain serialized with the leaf certificate first, followed // by all intermediate certificates (if present), finishing with the root certificate. // // All values are PEM-encoded certificates. Chain *CertificateChain `protobuf:"bytes,1,opt,name=chain,proto3" json:"chain,omitempty"` // The Signed Certificate Timestamp (SCT) is a promise for including the certificate in // a certificate transparency log. It can be "stapled" to verify the inclusion of // a certificate in the log in an offline fashion. // // The SCT format is an AddChainResponse struct, defined in // https://github.com/google/certificate-transparency-go SignedCertificateTimestamp []byte `` /* 141-byte string literal not displayed */ // contains filtered or unexported fields }
(-- api-linter: core::0142::time-field-type=disabled
aip.dev/not-precedent: SCT is defined in RFC6962 and we keep the name consistent for easier understanding. --)
func (*SigningCertificateDetachedSCT) Descriptor
deprecated
func (*SigningCertificateDetachedSCT) Descriptor() ([]byte, []int)
Deprecated: Use SigningCertificateDetachedSCT.ProtoReflect.Descriptor instead.
func (*SigningCertificateDetachedSCT) GetChain ¶
func (x *SigningCertificateDetachedSCT) GetChain() *CertificateChain
func (*SigningCertificateDetachedSCT) GetSignedCertificateTimestamp ¶
func (x *SigningCertificateDetachedSCT) GetSignedCertificateTimestamp() []byte
func (*SigningCertificateDetachedSCT) ProtoMessage ¶
func (*SigningCertificateDetachedSCT) ProtoMessage()
func (*SigningCertificateDetachedSCT) ProtoReflect ¶
func (x *SigningCertificateDetachedSCT) ProtoReflect() protoreflect.Message
func (*SigningCertificateDetachedSCT) Reset ¶
func (x *SigningCertificateDetachedSCT) Reset()
func (*SigningCertificateDetachedSCT) String ¶
func (x *SigningCertificateDetachedSCT) String() string
type SigningCertificateEmbeddedSCT ¶
type SigningCertificateEmbeddedSCT struct { // The certificate chain serialized with the leaf certificate first, followed // by all intermediate certificates (if present), finishing with the root certificate. // // All values are PEM-encoded certificates. // // The leaf certificate contains an embedded Signed Certificate Timestamp (SCT) to // verify inclusion of the certificate in a log. The SCT format is a SignedCertificateTimestampList, // as defined in https://datatracker.ietf.org/doc/html/rfc6962#section-3.3 Chain *CertificateChain `protobuf:"bytes,1,opt,name=chain,proto3" json:"chain,omitempty"` // contains filtered or unexported fields }
func (*SigningCertificateEmbeddedSCT) Descriptor
deprecated
func (*SigningCertificateEmbeddedSCT) Descriptor() ([]byte, []int)
Deprecated: Use SigningCertificateEmbeddedSCT.ProtoReflect.Descriptor instead.
func (*SigningCertificateEmbeddedSCT) GetChain ¶
func (x *SigningCertificateEmbeddedSCT) GetChain() *CertificateChain
func (*SigningCertificateEmbeddedSCT) ProtoMessage ¶
func (*SigningCertificateEmbeddedSCT) ProtoMessage()
func (*SigningCertificateEmbeddedSCT) ProtoReflect ¶
func (x *SigningCertificateEmbeddedSCT) ProtoReflect() protoreflect.Message
func (*SigningCertificateEmbeddedSCT) Reset ¶
func (x *SigningCertificateEmbeddedSCT) Reset()
func (*SigningCertificateEmbeddedSCT) String ¶
func (x *SigningCertificateEmbeddedSCT) String() string
type SigningCertificate_SignedCertificateDetachedSct ¶
type SigningCertificate_SignedCertificateDetachedSct struct {
SignedCertificateDetachedSct *SigningCertificateDetachedSCT `protobuf:"bytes,1,opt,name=signed_certificate_detached_sct,json=signedCertificateDetachedSct,proto3,oneof"`
}
type SigningCertificate_SignedCertificateEmbeddedSct ¶
type SigningCertificate_SignedCertificateEmbeddedSct struct {
SignedCertificateEmbeddedSct *SigningCertificateEmbeddedSCT `protobuf:"bytes,2,opt,name=signed_certificate_embedded_sct,json=signedCertificateEmbeddedSct,proto3,oneof"`
}
type TrustBundle ¶
type TrustBundle struct { // The set of PEM-encoded certificate chains for this Fulcio instance; each chain will start with any // intermediate certificates (if present), finishing with the root certificate. Chains []*CertificateChain `protobuf:"bytes,1,rep,name=chains,proto3" json:"chains,omitempty"` // contains filtered or unexported fields }
func (*TrustBundle) Descriptor
deprecated
func (*TrustBundle) Descriptor() ([]byte, []int)
Deprecated: Use TrustBundle.ProtoReflect.Descriptor instead.
func (*TrustBundle) GetChains ¶
func (x *TrustBundle) GetChains() []*CertificateChain
func (*TrustBundle) ProtoMessage ¶
func (*TrustBundle) ProtoMessage()
func (*TrustBundle) ProtoReflect ¶
func (x *TrustBundle) ProtoReflect() protoreflect.Message
func (*TrustBundle) Reset ¶
func (x *TrustBundle) Reset()
func (*TrustBundle) String ¶
func (x *TrustBundle) String() string
type UnimplementedCAServer ¶
type UnimplementedCAServer struct { }
UnimplementedCAServer must be embedded to have forward compatible implementations.
func (UnimplementedCAServer) CreateSigningCertificate ¶
func (UnimplementedCAServer) CreateSigningCertificate(context.Context, *CreateSigningCertificateRequest) (*SigningCertificate, error)
func (UnimplementedCAServer) GetConfiguration ¶ added in v0.5.0
func (UnimplementedCAServer) GetConfiguration(context.Context, *GetConfigurationRequest) (*Configuration, error)
func (UnimplementedCAServer) GetTrustBundle ¶
func (UnimplementedCAServer) GetTrustBundle(context.Context, *GetTrustBundleRequest) (*TrustBundle, error)
type UnsafeCAServer ¶
type UnsafeCAServer interface {
// contains filtered or unexported methods
}
UnsafeCAServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to CAServer will result in compilation errors.