protobuf

package
v1.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2024 License: Apache-2.0 Imports: 17 Imported by: 2

Documentation

Overview

Package protobuf is a reverse proxy.

It translates gRPC into RESTful JSON APIs.

Index

Constants

View Source 
const (
	CA_CreateSigningCertificate_FullMethodName = "/dev.sigstore.fulcio.v2.CA/CreateSigningCertificate"
	CA_GetTrustBundle_FullMethodName           = "/dev.sigstore.fulcio.v2.CA/GetTrustBundle"
	CA_GetConfiguration_FullMethodName         = "/dev.sigstore.fulcio.v2.CA/GetConfiguration"
)

Variables

View Source 
var (
	PublicKeyAlgorithm_name = map[int32]string{
		0: "PUBLIC_KEY_ALGORITHM_UNSPECIFIED",
		1: "RSA_PSS",
		2: "ECDSA",
		3: "ED25519",
	}
	PublicKeyAlgorithm_value = map[string]int32{
		"PUBLIC_KEY_ALGORITHM_UNSPECIFIED": 0,
		"RSA_PSS":                          1,
		"ECDSA":                            2,
		"ED25519":                          3,
	}
)

Enum value maps for PublicKeyAlgorithm.

View Source 
var CA_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "dev.sigstore.fulcio.v2.CA",
	HandlerType: (*CAServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CreateSigningCertificate",
			Handler:    _CA_CreateSigningCertificate_Handler,
		},
		{
			MethodName: "GetTrustBundle",
			Handler:    _CA_GetTrustBundle_Handler,
		},
		{
			MethodName: "GetConfiguration",
			Handler:    _CA_GetConfiguration_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "fulcio.proto",
}

CA_ServiceDesc is the grpc.ServiceDesc for CA service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_fulcio_proto protoreflect.FileDescriptor

Functions

func RegisterCAHandler 

func RegisterCAHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error

RegisterCAHandler registers the http handlers for service CA to "mux". The handlers forward requests to the grpc endpoint over "conn".

func RegisterCAHandlerClient 

func RegisterCAHandlerClient(ctx context.Context, mux *runtime.ServeMux, client CAClient) error

RegisterCAHandlerClient registers the http handlers for service CA to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "CAClient". Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "CAClient" doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in "CAClient" to call the correct interceptors. This client ignores the HTTP middlewares.

func RegisterCAHandlerFromEndpoint 

func RegisterCAHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error)

RegisterCAHandlerFromEndpoint is same as RegisterCAHandler but automatically dials to "endpoint" and closes the connection when "ctx" gets done.

func RegisterCAHandlerServer 

func RegisterCAHandlerServer(ctx context.Context, mux *runtime.ServeMux, server CAServer) error

RegisterCAHandlerServer registers the http handlers for service CA to "mux". UnaryRPC :call CAServer directly. StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterCAHandlerFromEndpoint instead. GRPC interceptors will not work for this type of registration. To use interceptors, you must use the "runtime.WithMiddlewares" option in the "runtime.NewServeMux" call.

func RegisterCAServer 

func RegisterCAServer(s grpc.ServiceRegistrar, srv CAServer)

Types

type CAClient 

type CAClient interface {
	// *
	// Returns an X.509 certificate created by the Fulcio certificate authority for the given request parameters
	CreateSigningCertificate(ctx context.Context, in *CreateSigningCertificateRequest, opts ...grpc.CallOption) (*SigningCertificate, error)
	// *
	// Returns the bundle of certificates that can be used to validate code signing certificates issued by this Fulcio instance
	GetTrustBundle(ctx context.Context, in *GetTrustBundleRequest, opts ...grpc.CallOption) (*TrustBundle, error)
	// *
	// Returns the configuration of supported OIDC issuers, including the required challenge for each issuer.
	GetConfiguration(ctx context.Context, in *GetConfigurationRequest, opts ...grpc.CallOption) (*Configuration, error)
}

CAClient is the client API for CA service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewCAClient 

func NewCAClient(cc grpc.ClientConnInterface) CAClient

type CAServer 

type CAServer interface {
	// *
	// Returns an X.509 certificate created by the Fulcio certificate authority for the given request parameters
	CreateSigningCertificate(context.Context, *CreateSigningCertificateRequest) (*SigningCertificate, error)
	// *
	// Returns the bundle of certificates that can be used to validate code signing certificates issued by this Fulcio instance
	GetTrustBundle(context.Context, *GetTrustBundleRequest) (*TrustBundle, error)
	// *
	// Returns the configuration of supported OIDC issuers, including the required challenge for each issuer.
	GetConfiguration(context.Context, *GetConfigurationRequest) (*Configuration, error)
	// contains filtered or unexported methods
}

CAServer is the server API for CA service. All implementations must embed UnimplementedCAServer for forward compatibility.

type CertificateChain 

type CertificateChain struct {

	// The PEM-encoded certificate chain, ordered from leaf to intermediate to root as applicable.
	Certificates []string `protobuf:"bytes,1,rep,name=certificates,proto3" json:"certificates,omitempty"`
	// contains filtered or unexported fields
}

func (*CertificateChain) Descriptor deprecated 

func (*CertificateChain) Descriptor() ([]byte, []int)

Deprecated: Use CertificateChain.ProtoReflect.Descriptor instead.

func (*CertificateChain) GetCertificates 

func (x *CertificateChain) GetCertificates() []string

func (*CertificateChain) ProtoMessage 

func (*CertificateChain) ProtoMessage()

func (*CertificateChain) ProtoReflect 

func (x *CertificateChain) ProtoReflect() protoreflect.Message

func (*CertificateChain) Reset 

func (x *CertificateChain) Reset()

func (*CertificateChain) String 

func (x *CertificateChain) String() string

type Configuration added in v0.5.0 

type Configuration struct {

	// The OIDC issuers supported by this Fulcio instance.
	Issuers []*OIDCIssuer `protobuf:"bytes,1,rep,name=issuers,proto3" json:"issuers,omitempty"`
	// contains filtered or unexported fields
}

The configuration for the Fulcio instance.

func (*Configuration) Descriptor deprecated added in v0.5.0 

func (*Configuration) Descriptor() ([]byte, []int)

Deprecated: Use Configuration.ProtoReflect.Descriptor instead.

func (*Configuration) GetIssuers added in v0.5.0 

func (x *Configuration) GetIssuers() []*OIDCIssuer

func (*Configuration) ProtoMessage added in v0.5.0 

func (*Configuration) ProtoMessage()

func (*Configuration) ProtoReflect added in v0.5.0 

func (x *Configuration) ProtoReflect() protoreflect.Message

func (*Configuration) Reset added in v0.5.0 

func (x *Configuration) Reset()

func (*Configuration) String added in v0.5.0 

func (x *Configuration) String() string

type CreateSigningCertificateRequest 

type CreateSigningCertificateRequest struct {

	// Identity information about who possesses the private / public key pair presented
	Credentials *Credentials `protobuf:"bytes,1,opt,name=credentials,proto3" json:"credentials,omitempty"`
	// Types that are assignable to Key:
	//
	//	*CreateSigningCertificateRequest_PublicKeyRequest
	//	*CreateSigningCertificateRequest_CertificateSigningRequest
	Key isCreateSigningCertificateRequest_Key `protobuf_oneof:"key"`
	// contains filtered or unexported fields
}

func (*CreateSigningCertificateRequest) Descriptor deprecated 

func (*CreateSigningCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateSigningCertificateRequest.ProtoReflect.Descriptor instead.

func (*CreateSigningCertificateRequest) GetCertificateSigningRequest 

func (x *CreateSigningCertificateRequest) GetCertificateSigningRequest() []byte

func (*CreateSigningCertificateRequest) GetCredentials 

func (x *CreateSigningCertificateRequest) GetCredentials() *Credentials

func (*CreateSigningCertificateRequest) GetKey 

func (m *CreateSigningCertificateRequest) GetKey() isCreateSigningCertificateRequest_Key

func (*CreateSigningCertificateRequest) GetPublicKeyRequest 

func (x *CreateSigningCertificateRequest) GetPublicKeyRequest() *PublicKeyRequest

func (*CreateSigningCertificateRequest) ProtoMessage 

func (*CreateSigningCertificateRequest) ProtoMessage()

func (*CreateSigningCertificateRequest) ProtoReflect 

func (x *CreateSigningCertificateRequest) ProtoReflect() protoreflect.Message

func (*CreateSigningCertificateRequest) Reset 

func (x *CreateSigningCertificateRequest) Reset()

func (*CreateSigningCertificateRequest) String 

func (x *CreateSigningCertificateRequest) String() string

type CreateSigningCertificateRequest_CertificateSigningRequest 

type CreateSigningCertificateRequest_CertificateSigningRequest struct {
	// PKCS#10 PEM-encoded certificate signing request
	//
	// Contains the public key to be stored in the requested certificate. All other CSR fields
	// are ignored. Since the CSR is self-signed, it also acts as a proof of possession of
	// the private key.
	//
	// In particular, the CSR's subject name is not verified, or tested for
	// compatibility with its specified X.509 name type (e.g. email address).
	CertificateSigningRequest []byte `protobuf:"bytes,3,opt,name=certificate_signing_request,json=certificateSigningRequest,proto3,oneof"`
}

type CreateSigningCertificateRequest_PublicKeyRequest 

type CreateSigningCertificateRequest_PublicKeyRequest struct {
	// The public key to be stored in the requested certificate along with a signed
	// challenge as proof of possession of the private key.
	PublicKeyRequest *PublicKeyRequest `protobuf:"bytes,2,opt,name=public_key_request,json=publicKeyRequest,proto3,oneof"`
}

type Credentials 

type Credentials struct {

	// Types that are assignable to Credentials:
	//
	//	*Credentials_OidcIdentityToken
	Credentials isCredentials_Credentials `protobuf_oneof:"credentials"`
	// contains filtered or unexported fields
}

func (*Credentials) Descriptor deprecated 

func (*Credentials) Descriptor() ([]byte, []int)

Deprecated: Use Credentials.ProtoReflect.Descriptor instead.

func (*Credentials) GetCredentials 

func (m *Credentials) GetCredentials() isCredentials_Credentials

func (*Credentials) GetOidcIdentityToken 

func (x *Credentials) GetOidcIdentityToken() string

func (*Credentials) ProtoMessage 

func (*Credentials) ProtoMessage()

func (*Credentials) ProtoReflect 

func (x *Credentials) ProtoReflect() protoreflect.Message

func (*Credentials) Reset 

func (x *Credentials) Reset()

func (*Credentials) String 

func (x *Credentials) String() string

type Credentials_OidcIdentityToken 

type Credentials_OidcIdentityToken struct {
	// The OIDC token that identifies the caller
	OidcIdentityToken string `protobuf:"bytes,1,opt,name=oidc_identity_token,json=oidcIdentityToken,proto3,oneof"`
}

type GetConfigurationRequest added in v0.5.0 

type GetConfigurationRequest struct {
	// contains filtered or unexported fields
}

This is created for forward compatibility in case we want to add fields in the future.

func (*GetConfigurationRequest) Descriptor deprecated added in v0.5.0 

func (*GetConfigurationRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetConfigurationRequest.ProtoReflect.Descriptor instead.

func (*GetConfigurationRequest) ProtoMessage added in v0.5.0 

func (*GetConfigurationRequest) ProtoMessage()

func (*GetConfigurationRequest) ProtoReflect added in v0.5.0 

func (x *GetConfigurationRequest) ProtoReflect() protoreflect.Message

func (*GetConfigurationRequest) Reset added in v0.5.0 

func (x *GetConfigurationRequest) Reset()

func (*GetConfigurationRequest) String added in v0.5.0 

func (x *GetConfigurationRequest) String() string

type GetTrustBundleRequest 

type GetTrustBundleRequest struct {
	// contains filtered or unexported fields
}

This is created for forward compatibility in case we want to add fields to the TrustBundle service in the future

func (*GetTrustBundleRequest) Descriptor deprecated 

func (*GetTrustBundleRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetTrustBundleRequest.ProtoReflect.Descriptor instead.

func (*GetTrustBundleRequest) ProtoMessage 

func (*GetTrustBundleRequest) ProtoMessage()

func (*GetTrustBundleRequest) ProtoReflect 

func (x *GetTrustBundleRequest) ProtoReflect() protoreflect.Message

func (*GetTrustBundleRequest) Reset 

func (x *GetTrustBundleRequest) Reset()

func (*GetTrustBundleRequest) String 

func (x *GetTrustBundleRequest) String() string

type OIDCIssuer added in v0.5.0 

type OIDCIssuer struct {

	// Types that are assignable to Issuer:
	//
	//	*OIDCIssuer_IssuerUrl
	//	*OIDCIssuer_WildcardIssuerUrl
	Issuer isOIDCIssuer_Issuer `protobuf_oneof:"issuer"`
	// The expected audience of the OIDC token for the issuer.
	Audience string `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"`
	// The OIDC claim that must be signed for a proof of possession challenge.
	ChallengeClaim string `protobuf:"bytes,4,opt,name=challenge_claim,json=challengeClaim,proto3" json:"challenge_claim,omitempty"`
	// The expected SPIFFE trust domain. Only present when the OIDC issuer issues tokens for SPIFFE identities.
	SpiffeTrustDomain string `protobuf:"bytes,5,opt,name=spiffe_trust_domain,json=spiffeTrustDomain,proto3" json:"spiffe_trust_domain,omitempty"`
	// contains filtered or unexported fields
}

Metadata about an OIDC issuer.

func (*OIDCIssuer) Descriptor deprecated added in v0.5.0 

func (*OIDCIssuer) Descriptor() ([]byte, []int)

Deprecated: Use OIDCIssuer.ProtoReflect.Descriptor instead.

func (*OIDCIssuer) GetAudience added in v0.5.0 

func (x *OIDCIssuer) GetAudience() string

func (*OIDCIssuer) GetChallengeClaim added in v0.5.0 

func (x *OIDCIssuer) GetChallengeClaim() string

func (*OIDCIssuer) GetIssuer added in v0.5.0 

func (m *OIDCIssuer) GetIssuer() isOIDCIssuer_Issuer

func (*OIDCIssuer) GetIssuerUrl added in v0.5.0 

func (x *OIDCIssuer) GetIssuerUrl() string

func (*OIDCIssuer) GetSpiffeTrustDomain added in v0.5.0 

func (x *OIDCIssuer) GetSpiffeTrustDomain() string

func (*OIDCIssuer) GetWildcardIssuerUrl added in v0.5.0 

func (x *OIDCIssuer) GetWildcardIssuerUrl() string

func (*OIDCIssuer) ProtoMessage added in v0.5.0 

func (*OIDCIssuer) ProtoMessage()

func (*OIDCIssuer) ProtoReflect added in v0.5.0 

func (x *OIDCIssuer) ProtoReflect() protoreflect.Message

func (*OIDCIssuer) Reset added in v0.5.0 

func (x *OIDCIssuer) Reset()

func (*OIDCIssuer) String added in v0.5.0 

func (x *OIDCIssuer) String() string

type OIDCIssuer_IssuerUrl added in v0.5.0 

type OIDCIssuer_IssuerUrl struct {
	// The URL of the OIDC issuer.
	IssuerUrl string `protobuf:"bytes,1,opt,name=issuer_url,json=issuerUrl,proto3,oneof"`
}

type OIDCIssuer_WildcardIssuerUrl added in v0.5.0 

type OIDCIssuer_WildcardIssuerUrl struct {
	// The URL of wildcard OIDC issuer, e.g. "https://oidc.eks.*.amazonaws.com/id/*".
	// When comparing the issuer, the wildcards will be replaced by "[-_a-zA-Z0-9]+".
	WildcardIssuerUrl string `protobuf:"bytes,2,opt,name=wildcard_issuer_url,json=wildcardIssuerUrl,proto3,oneof"`
}

type PublicKey 

type PublicKey struct {

	// The cryptographic algorithm to use with the key material
	Algorithm PublicKeyAlgorithm `protobuf:"varint,1,opt,name=algorithm,proto3,enum=dev.sigstore.fulcio.v2.PublicKeyAlgorithm" json:"algorithm,omitempty"`
	// PKIX, ASN.1 DER or PEM-encoded public key. PEM is typically
	// of type PUBLIC KEY.
	Content string `protobuf:"bytes,2,opt,name=content,proto3" json:"content,omitempty"`
	// contains filtered or unexported fields
}

func (*PublicKey) Descriptor deprecated 

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetAlgorithm 

func (x *PublicKey) GetAlgorithm() PublicKeyAlgorithm

func (*PublicKey) GetContent 

func (x *PublicKey) GetContent() string

func (*PublicKey) ProtoMessage 

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect 

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset 

func (x *PublicKey) Reset()

func (*PublicKey) String 

func (x *PublicKey) String() string

type PublicKeyAlgorithm 

type PublicKeyAlgorithm int32
const (
	PublicKeyAlgorithm_PUBLIC_KEY_ALGORITHM_UNSPECIFIED PublicKeyAlgorithm = 0
	PublicKeyAlgorithm_RSA_PSS                          PublicKeyAlgorithm = 1
	PublicKeyAlgorithm_ECDSA                            PublicKeyAlgorithm = 2
	PublicKeyAlgorithm_ED25519                          PublicKeyAlgorithm = 3
)

func (PublicKeyAlgorithm) Descriptor 

func (PublicKeyAlgorithm) Descriptor() protoreflect.EnumDescriptor

func (PublicKeyAlgorithm) Enum 

func (x PublicKeyAlgorithm) Enum() *PublicKeyAlgorithm

func (PublicKeyAlgorithm) EnumDescriptor deprecated 

func (PublicKeyAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use PublicKeyAlgorithm.Descriptor instead.

func (PublicKeyAlgorithm) Number 

func (x PublicKeyAlgorithm) Number() protoreflect.EnumNumber

func (PublicKeyAlgorithm) String 

func (x PublicKeyAlgorithm) String() string

func (PublicKeyAlgorithm) Type 

func (PublicKeyAlgorithm) Type() protoreflect.EnumType

type PublicKeyRequest 

type PublicKeyRequest struct {

	// The public key to be stored in the requested certificate
	PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Proof that the client possesses the private key; must be verifiable by provided public key
	//
	// This is a currently a signature over the `sub` claim from the OIDC identity token
	ProofOfPossession []byte `protobuf:"bytes,2,opt,name=proof_of_possession,json=proofOfPossession,proto3" json:"proof_of_possession,omitempty"`
	// contains filtered or unexported fields
}

func (*PublicKeyRequest) Descriptor deprecated 

func (*PublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use PublicKeyRequest.ProtoReflect.Descriptor instead.

func (*PublicKeyRequest) GetProofOfPossession 

func (x *PublicKeyRequest) GetProofOfPossession() []byte

func (*PublicKeyRequest) GetPublicKey 

func (x *PublicKeyRequest) GetPublicKey() *PublicKey

func (*PublicKeyRequest) ProtoMessage 

func (*PublicKeyRequest) ProtoMessage()

func (*PublicKeyRequest) ProtoReflect 

func (x *PublicKeyRequest) ProtoReflect() protoreflect.Message

func (*PublicKeyRequest) Reset 

func (x *PublicKeyRequest) Reset()

func (*PublicKeyRequest) String 

func (x *PublicKeyRequest) String() string

type SigningCertificate 

type SigningCertificate struct {

	// Types that are assignable to Certificate:
	//
	//	*SigningCertificate_SignedCertificateDetachedSct
	//	*SigningCertificate_SignedCertificateEmbeddedSct
	Certificate isSigningCertificate_Certificate `protobuf_oneof:"certificate"`
	// contains filtered or unexported fields
}

func (*SigningCertificate) Descriptor deprecated 

func (*SigningCertificate) Descriptor() ([]byte, []int)

Deprecated: Use SigningCertificate.ProtoReflect.Descriptor instead.

func (*SigningCertificate) GetCertificate 

func (m *SigningCertificate) GetCertificate() isSigningCertificate_Certificate

func (*SigningCertificate) GetSignedCertificateDetachedSct 

func (x *SigningCertificate) GetSignedCertificateDetachedSct() *SigningCertificateDetachedSCT

func (*SigningCertificate) GetSignedCertificateEmbeddedSct 

func (x *SigningCertificate) GetSignedCertificateEmbeddedSct() *SigningCertificateEmbeddedSCT

func (*SigningCertificate) ProtoMessage 

func (*SigningCertificate) ProtoMessage()

func (*SigningCertificate) ProtoReflect 

func (x *SigningCertificate) ProtoReflect() protoreflect.Message

func (*SigningCertificate) Reset 

func (x *SigningCertificate) Reset()

func (*SigningCertificate) String 

func (x *SigningCertificate) String() string

type SigningCertificateDetachedSCT 

type SigningCertificateDetachedSCT struct {

	// The certificate chain serialized with the leaf certificate first, followed
	// by all intermediate certificates (if present), finishing with the root certificate.
	//
	// All values are PEM-encoded certificates.
	Chain *CertificateChain `protobuf:"bytes,1,opt,name=chain,proto3" json:"chain,omitempty"`
	// The Signed Certificate Timestamp (SCT) is a promise for including the certificate in
	// a certificate transparency log. It can be "stapled" to verify the inclusion of
	// a certificate in the log in an offline fashion.
	//
	// The SCT format is an AddChainResponse struct, defined in
	// https://github.com/google/certificate-transparency-go
	SignedCertificateTimestamp []byte `` /* 141-byte string literal not displayed */
	// contains filtered or unexported fields
}

(-- api-linter: core::0142::time-field-type=disabled 

aip.dev/not-precedent: SCT is defined in RFC6962 and we keep the name consistent for easier understanding. --)

func (*SigningCertificateDetachedSCT) Descriptor deprecated 

func (*SigningCertificateDetachedSCT) Descriptor() ([]byte, []int)

Deprecated: Use SigningCertificateDetachedSCT.ProtoReflect.Descriptor instead.

func (*SigningCertificateDetachedSCT) GetChain 

func (x *SigningCertificateDetachedSCT) GetChain() *CertificateChain

func (*SigningCertificateDetachedSCT) GetSignedCertificateTimestamp 

func (x *SigningCertificateDetachedSCT) GetSignedCertificateTimestamp() []byte

func (*SigningCertificateDetachedSCT) ProtoMessage 

func (*SigningCertificateDetachedSCT) ProtoMessage()

func (*SigningCertificateDetachedSCT) ProtoReflect 

func (x *SigningCertificateDetachedSCT) ProtoReflect() protoreflect.Message

func (*SigningCertificateDetachedSCT) Reset 

func (x *SigningCertificateDetachedSCT) Reset()

func (*SigningCertificateDetachedSCT) String 

func (x *SigningCertificateDetachedSCT) String() string

type SigningCertificateEmbeddedSCT 

type SigningCertificateEmbeddedSCT struct {

	// The certificate chain serialized with the leaf certificate first, followed
	// by all intermediate certificates (if present), finishing with the root certificate.
	//
	// All values are PEM-encoded certificates.
	//
	// The leaf certificate contains an embedded Signed Certificate Timestamp (SCT) to
	// verify inclusion of the certificate in a log. The SCT format is a SignedCertificateTimestampList,
	// as defined in https://datatracker.ietf.org/doc/html/rfc6962#section-3.3
	Chain *CertificateChain `protobuf:"bytes,1,opt,name=chain,proto3" json:"chain,omitempty"`
	// contains filtered or unexported fields
}

func (*SigningCertificateEmbeddedSCT) Descriptor deprecated 

func (*SigningCertificateEmbeddedSCT) Descriptor() ([]byte, []int)

Deprecated: Use SigningCertificateEmbeddedSCT.ProtoReflect.Descriptor instead.

func (*SigningCertificateEmbeddedSCT) GetChain 

func (x *SigningCertificateEmbeddedSCT) GetChain() *CertificateChain

func (*SigningCertificateEmbeddedSCT) ProtoMessage 

func (*SigningCertificateEmbeddedSCT) ProtoMessage()

func (*SigningCertificateEmbeddedSCT) ProtoReflect 

func (x *SigningCertificateEmbeddedSCT) ProtoReflect() protoreflect.Message

func (*SigningCertificateEmbeddedSCT) Reset 

func (x *SigningCertificateEmbeddedSCT) Reset()

func (*SigningCertificateEmbeddedSCT) String 

func (x *SigningCertificateEmbeddedSCT) String() string

type SigningCertificate_SignedCertificateDetachedSct 

type SigningCertificate_SignedCertificateDetachedSct struct {
	SignedCertificateDetachedSct *SigningCertificateDetachedSCT `protobuf:"bytes,1,opt,name=signed_certificate_detached_sct,json=signedCertificateDetachedSct,proto3,oneof"`
}

type SigningCertificate_SignedCertificateEmbeddedSct 

type SigningCertificate_SignedCertificateEmbeddedSct struct {
	SignedCertificateEmbeddedSct *SigningCertificateEmbeddedSCT `protobuf:"bytes,2,opt,name=signed_certificate_embedded_sct,json=signedCertificateEmbeddedSct,proto3,oneof"`
}

type TrustBundle 

type TrustBundle struct {

	// The set of PEM-encoded certificate chains for this Fulcio instance; each chain will start with any
	// intermediate certificates (if present), finishing with the root certificate.
	Chains []*CertificateChain `protobuf:"bytes,1,rep,name=chains,proto3" json:"chains,omitempty"`
	// contains filtered or unexported fields
}

func (*TrustBundle) Descriptor deprecated 

func (*TrustBundle) Descriptor() ([]byte, []int)

Deprecated: Use TrustBundle.ProtoReflect.Descriptor instead.

func (*TrustBundle) GetChains 

func (x *TrustBundle) GetChains() []*CertificateChain

func (*TrustBundle) ProtoMessage 

func (*TrustBundle) ProtoMessage()

func (*TrustBundle) ProtoReflect 

func (x *TrustBundle) ProtoReflect() protoreflect.Message

func (*TrustBundle) Reset 

func (x *TrustBundle) Reset()

func (*TrustBundle) String 

func (x *TrustBundle) String() string

type UnimplementedCAServer 

type UnimplementedCAServer struct{}

UnimplementedCAServer must be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedCAServer) CreateSigningCertificate 

func (UnimplementedCAServer) CreateSigningCertificate(context.Context, *CreateSigningCertificateRequest) (*SigningCertificate, error)

func (UnimplementedCAServer) GetConfiguration added in v0.5.0 

func (UnimplementedCAServer) GetConfiguration(context.Context, *GetConfigurationRequest) (*Configuration, error)

func (UnimplementedCAServer) GetTrustBundle 

func (UnimplementedCAServer) GetTrustBundle(context.Context, *GetTrustBundleRequest) (*TrustBundle, error)

type UnsafeCAServer 

type UnsafeCAServer interface {
	// contains filtered or unexported methods
}

UnsafeCAServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to CAServer will result in compilation errors.

Source Files

View all Source files

Directories

Path Synopsis
Package legacy is a reverse proxy.
 Package legacy is a reverse proxy.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.