...

Text file src/github.com/letsencrypt/boulder/ca/proto/ca.proto

Documentation: github.com/letsencrypt/boulder/ca/proto 

     1syntax = "proto3";
     2
     3package ca;
     4option go_package = "github.com/letsencrypt/boulder/ca/proto";
     5
     6import "core/proto/core.proto";
     7import "google/protobuf/timestamp.proto";
     8
     9// CertificateAuthority issues certificates.
    10service CertificateAuthority {
    11  rpc IssuePrecertificate(IssueCertificateRequest) returns (IssuePrecertificateResponse) {}
    12  rpc IssueCertificateForPrecertificate(IssueCertificateForPrecertificateRequest) returns (core.Certificate) {}
    13}
    14
    15message IssueCertificateRequest {
    16  bytes csr = 1;
    17  int64 registrationID = 2;
    18  int64 orderID = 3;
    19  int64 issuerNameID = 4;
    20}
    21
    22message IssuePrecertificateResponse {
    23  bytes DER = 1;
    24}
    25
    26message IssueCertificateForPrecertificateRequest {
    27  bytes DER = 1;
    28  repeated bytes SCTs = 2;
    29  int64 registrationID = 3;
    30  int64 orderID = 4;
    31}
    32
    33// OCSPGenerator generates OCSP. We separate this out from
    34// CertificateAuthority so that we can restrict access to a different subset of
    35// hosts, so the hosts that need to request OCSP generation don't need to be
    36// able to request certificate issuance.
    37service OCSPGenerator {
    38  rpc GenerateOCSP(GenerateOCSPRequest) returns (OCSPResponse) {}
    39}
    40
    41// Exactly one of certDER or [serial and issuerID] must be set.
    42message GenerateOCSPRequest {
    43  // Next unused field number: 8
    44  string status = 2;
    45  int32 reason = 3;
    46  int64 revokedAtNS = 4; // Unix timestamp (nanoseconds)
    47  google.protobuf.Timestamp revokedAt = 7;
    48  string serial = 5;
    49  int64 issuerID = 6;
    50}
    51
    52message OCSPResponse {
    53  bytes response = 1;
    54}
    55
    56// CRLGenerator signs CRLs. It is separated for the same reason as OCSPGenerator.
    57service CRLGenerator {
    58  rpc GenerateCRL(stream GenerateCRLRequest) returns (stream GenerateCRLResponse) {}
    59}
    60
    61message GenerateCRLRequest {
    62  oneof payload {
    63    CRLMetadata metadata = 1;
    64    core.CRLEntry entry = 2;
    65  }
    66}
    67
    68message CRLMetadata {
    69  // Next unused field number: 5
    70  int64 issuerNameID = 1;
    71  int64 thisUpdateNS = 2; // Unix timestamp (nanoseconds), also used for CRLNumber.
    72  google.protobuf.Timestamp thisUpdate = 4;
    73  int64 shardIdx = 3;
    74}
    75
    76message GenerateCRLResponse {
    77  bytes chunk = 1;
    78}

View as plain text