syntax = "proto3";

package ra;
option go_package = "github.com/letsencrypt/boulder/ra/proto";

import "core/proto/core.proto";
import "ca/proto/ca.proto";
import "google/protobuf/empty.proto";

service RegistrationAuthority {
  rpc NewRegistration(core.Registration) returns (core.Registration) {}
  rpc UpdateRegistration(UpdateRegistrationRequest) returns (core.Registration) {}
  rpc PerformValidation(PerformValidationRequest) returns (core.Authorization) {}
  rpc DeactivateRegistration(core.Registration) returns (google.protobuf.Empty) {}
  rpc DeactivateAuthorization(core.Authorization) returns (google.protobuf.Empty) {}
  rpc RevokeCertByApplicant(RevokeCertByApplicantRequest) returns (google.protobuf.Empty) {}
  rpc RevokeCertByKey(RevokeCertByKeyRequest) returns (google.protobuf.Empty) {}
  rpc AdministrativelyRevokeCertificate(AdministrativelyRevokeCertificateRequest) returns (google.protobuf.Empty) {}
  rpc NewOrder(NewOrderRequest) returns (core.Order) {}
  rpc FinalizeOrder(FinalizeOrderRequest) returns (core.Order) {}
  // Generate an OCSP response based on the DB's current status and reason code.
  rpc GenerateOCSP(GenerateOCSPRequest) returns (ca.OCSPResponse) {}
}

message GenerateOCSPRequest {
  string serial = 1;
}

message UpdateRegistrationRequest {
  core.Registration base = 1;
  core.Registration update = 2;
}

message UpdateAuthorizationRequest {
  core.Authorization authz = 1;
  int64 challengeIndex = 2;
  core.Challenge response = 3;
}

message PerformValidationRequest {
  core.Authorization authz = 1;
  int64 challengeIndex = 2;
}

message RevokeCertByApplicantRequest {
  bytes cert = 1;
  int64 code = 2;
  int64 regID = 3;
}

message RevokeCertByKeyRequest {
  bytes cert = 1;
  reserved 2; // previously code
}

message AdministrativelyRevokeCertificateRequest {
  // The `cert` field may be omitted. If it is omitted,
  // the revocation reason (`code`) must not be keyCompromise,
  // and purging the Akamai cache will not happen because the
  // base URL for the certificate's OCSP server is not known.
  bytes cert = 1;
  // The `serial` field is required.
  string serial = 4;
  int64 code = 2;
  string adminName = 3;
  bool skipBlockKey = 5;
}

message NewOrderRequest {
  int64 registrationID = 1;
  repeated string names = 2;
}

message FinalizeOrderRequest {
  core.Order order = 1;
  bytes csr = 2;
}