diff options
Diffstat (limited to 'vendor/github.com/letsencrypt/boulder/core')
6 files changed, 2070 insertions, 0 deletions
diff --git a/vendor/github.com/letsencrypt/boulder/core/challenges.go b/vendor/github.com/letsencrypt/boulder/core/challenges.go new file mode 100644 index 000000000..4b4a67c48 --- /dev/null +++ b/vendor/github.com/letsencrypt/boulder/core/challenges.go @@ -0,0 +1,27 @@ +package core + +func newChallenge(challengeType AcmeChallenge, token string) Challenge { + return Challenge{ + Type: challengeType, + Status: StatusPending, + Token: token, + } +} + +// HTTPChallenge01 constructs a random http-01 challenge. If token is empty a random token +// will be generated, otherwise the provided token is used. +func HTTPChallenge01(token string) Challenge { + return newChallenge(ChallengeTypeHTTP01, token) +} + +// DNSChallenge01 constructs a random dns-01 challenge. If token is empty a random token +// will be generated, otherwise the provided token is used. +func DNSChallenge01(token string) Challenge { + return newChallenge(ChallengeTypeDNS01, token) +} + +// TLSALPNChallenge01 constructs a random tls-alpn-01 challenge. If token is empty a random token +// will be generated, otherwise the provided token is used. +func TLSALPNChallenge01(token string) Challenge { + return newChallenge(ChallengeTypeTLSALPN01, token) +} diff --git a/vendor/github.com/letsencrypt/boulder/core/interfaces.go b/vendor/github.com/letsencrypt/boulder/core/interfaces.go new file mode 100644 index 000000000..85cdc9a49 --- /dev/null +++ b/vendor/github.com/letsencrypt/boulder/core/interfaces.go @@ -0,0 +1,14 @@ +package core + +import ( + "github.com/letsencrypt/boulder/identifier" +) + +// PolicyAuthority defines the public interface for the Boulder PA +// TODO(#5891): Move this interface to a more appropriate location. +type PolicyAuthority interface { + WillingToIssue(domain identifier.ACMEIdentifier) error + WillingToIssueWildcards(identifiers []identifier.ACMEIdentifier) error + ChallengesFor(domain identifier.ACMEIdentifier) ([]Challenge, error) + ChallengeTypeEnabled(t AcmeChallenge) bool +} diff --git a/vendor/github.com/letsencrypt/boulder/core/objects.go b/vendor/github.com/letsencrypt/boulder/core/objects.go new file mode 100644 index 000000000..9e328e823 --- /dev/null +++ b/vendor/github.com/letsencrypt/boulder/core/objects.go @@ -0,0 +1,536 @@ +package core + +import ( + "crypto" + "crypto/x509" + "encoding/base64" + "encoding/json" + "fmt" + "hash/fnv" + "net" + "strings" + "time" + + "gopkg.in/square/go-jose.v2" + + "github.com/letsencrypt/boulder/identifier" + "github.com/letsencrypt/boulder/probs" + "github.com/letsencrypt/boulder/revocation" +) + +// AcmeStatus defines the state of a given authorization +type AcmeStatus string + +// These statuses are the states of authorizations, challenges, and registrations +const ( + StatusUnknown = AcmeStatus("unknown") // Unknown status; the default + StatusPending = AcmeStatus("pending") // In process; client has next action + StatusProcessing = AcmeStatus("processing") // In process; server has next action + StatusReady = AcmeStatus("ready") // Order is ready for finalization + StatusValid = AcmeStatus("valid") // Object is valid + StatusInvalid = AcmeStatus("invalid") // Validation failed + StatusRevoked = AcmeStatus("revoked") // Object no longer valid + StatusDeactivated = AcmeStatus("deactivated") // Object has been deactivated +) + +// AcmeResource values identify different types of ACME resources +type AcmeResource string + +// The types of ACME resources +const ( + ResourceNewReg = AcmeResource("new-reg") + ResourceNewAuthz = AcmeResource("new-authz") + ResourceNewCert = AcmeResource("new-cert") + ResourceRevokeCert = AcmeResource("revoke-cert") + ResourceRegistration = AcmeResource("reg") + ResourceChallenge = AcmeResource("challenge") + ResourceAuthz = AcmeResource("authz") + ResourceKeyChange = AcmeResource("key-change") +) + +// AcmeChallenge values identify different types of ACME challenges +type AcmeChallenge string + +// These types are the available challenges +// TODO(#5009): Make this a custom type as well. +const ( + ChallengeTypeHTTP01 = AcmeChallenge("http-01") + ChallengeTypeDNS01 = AcmeChallenge("dns-01") + ChallengeTypeTLSALPN01 = AcmeChallenge("tls-alpn-01") +) + +// IsValid tests whether the challenge is a known challenge +func (c AcmeChallenge) IsValid() bool { + switch c { + case ChallengeTypeHTTP01, ChallengeTypeDNS01, ChallengeTypeTLSALPN01: + return true + default: + return false + } +} + +// OCSPStatus defines the state of OCSP for a domain +type OCSPStatus string + +// These status are the states of OCSP +const ( + OCSPStatusGood = OCSPStatus("good") + OCSPStatusRevoked = OCSPStatus("revoked") +) + +// DNSPrefix is attached to DNS names in DNS challenges +const DNSPrefix = "_acme-challenge" + +// CertificateRequest is just a CSR +// +// This data is unmarshalled from JSON by way of RawCertificateRequest, which +// represents the actual structure received from the client. +type CertificateRequest struct { + CSR *x509.CertificateRequest // The CSR + Bytes []byte // The original bytes of the CSR, for logging. +} + +type RawCertificateRequest struct { + CSR JSONBuffer `json:"csr"` // The encoded CSR +} + +// UnmarshalJSON provides an implementation for decoding CertificateRequest objects. +func (cr *CertificateRequest) UnmarshalJSON(data []byte) error { + var raw RawCertificateRequest + err := json.Unmarshal(data, &raw) + if err != nil { + return err + } + + csr, err := x509.ParseCertificateRequest(raw.CSR) + if err != nil { + return err + } + + cr.CSR = csr + cr.Bytes = raw.CSR + return nil +} + +// MarshalJSON provides an implementation for encoding CertificateRequest objects. +func (cr CertificateRequest) MarshalJSON() ([]byte, error) { + return json.Marshal(RawCertificateRequest{ + CSR: cr.CSR.Raw, + }) +} + +// Registration objects represent non-public metadata attached +// to account keys. +type Registration struct { + // Unique identifier + ID int64 `json:"id,omitempty" db:"id"` + + // Account key to which the details are attached + Key *jose.JSONWebKey `json:"key"` + + // Contact URIs + Contact *[]string `json:"contact,omitempty"` + + // Agreement with terms of service + Agreement string `json:"agreement,omitempty"` + + // InitialIP is the IP address from which the registration was created + InitialIP net.IP `json:"initialIp"` + + // CreatedAt is the time the registration was created. + CreatedAt *time.Time `json:"createdAt,omitempty"` + + Status AcmeStatus `json:"status"` +} + +// ValidationRecord represents a validation attempt against a specific URL/hostname +// and the IP addresses that were resolved and used +type ValidationRecord struct { + // SimpleHTTP only + URL string `json:"url,omitempty"` + + // Shared + Hostname string `json:"hostname"` + Port string `json:"port,omitempty"` + AddressesResolved []net.IP `json:"addressesResolved,omitempty"` + AddressUsed net.IP `json:"addressUsed,omitempty"` + // AddressesTried contains a list of addresses tried before the `AddressUsed`. + // Presently this will only ever be one IP from `AddressesResolved` since the + // only retry is in the case of a v6 failure with one v4 fallback. E.g. if + // a record with `AddressesResolved: { 127.0.0.1, ::1 }` were processed for + // a challenge validation with the IPv6 first flag on and the ::1 address + // failed but the 127.0.0.1 retry succeeded then the record would end up + // being: + // { + // ... + // AddressesResolved: [ 127.0.0.1, ::1 ], + // AddressUsed: 127.0.0.1 + // AddressesTried: [ ::1 ], + // ... + // } + AddressesTried []net.IP `json:"addressesTried,omitempty"` + + // OldTLS is true if any request in the validation chain used HTTPS and negotiated + // a TLS version lower than 1.2. + // TODO(#6011): Remove once TLS 1.0 and 1.1 support is gone. + OldTLS bool `json:"oldTLS,omitempty"` +} + +func looksLikeKeyAuthorization(str string) error { + parts := strings.Split(str, ".") + if len(parts) != 2 { + return fmt.Errorf("Invalid key authorization: does not look like a key authorization") + } else if !LooksLikeAToken(parts[0]) { + return fmt.Errorf("Invalid key authorization: malformed token") + } else if !LooksLikeAToken(parts[1]) { + // Thumbprints have the same syntax as tokens in boulder + // Both are base64-encoded and 32 octets + return fmt.Errorf("Invalid key authorization: malformed key thumbprint") + } + return nil +} + +// Challenge is an aggregate of all data needed for any challenges. +// +// Rather than define individual types for different types of +// challenge, we just throw all the elements into one bucket, +// together with the common metadata elements. +type Challenge struct { + // The type of challenge + Type AcmeChallenge `json:"type"` + + // The status of this challenge + Status AcmeStatus `json:"status,omitempty"` + + // Contains the error that occurred during challenge validation, if any + Error *probs.ProblemDetails `json:"error,omitempty"` + + // A URI to which a response can be POSTed + URI string `json:"uri,omitempty"` + + // For the V2 API the "URI" field is deprecated in favour of URL. + URL string `json:"url,omitempty"` + + // Used by http-01, tls-sni-01, tls-alpn-01 and dns-01 challenges + Token string `json:"token,omitempty"` + + // The expected KeyAuthorization for validation of the challenge. Populated by + // the RA prior to passing the challenge to the VA. For legacy reasons this + // field is called "ProvidedKeyAuthorization" because it was initially set by + // the content of the challenge update POST from the client. It is no longer + // set that way and should be renamed to "KeyAuthorization". + // TODO(@cpu): Rename `ProvidedKeyAuthorization` to `KeyAuthorization`. + ProvidedKeyAuthorization string `json:"keyAuthorization,omitempty"` + + // Contains information about URLs used or redirected to and IPs resolved and + // used + ValidationRecord []ValidationRecord `json:"validationRecord,omitempty"` + // The time at which the server validated the challenge. Required by + // RFC8555 if status is valid. + Validated *time.Time `json:"validated,omitempty"` +} + +// ExpectedKeyAuthorization computes the expected KeyAuthorization value for +// the challenge. +func (ch Challenge) ExpectedKeyAuthorization(key *jose.JSONWebKey) (string, error) { + if key == nil { + return "", fmt.Errorf("Cannot authorize a nil key") + } + + thumbprint, err := key.Thumbprint(crypto.SHA256) + if err != nil { + return "", err + } + + return ch.Token + "." + base64.RawURLEncoding.EncodeToString(thumbprint), nil +} + +// RecordsSane checks the sanity of a ValidationRecord object before sending it +// back to the RA to be stored. +func (ch Challenge) RecordsSane() bool { + if ch.ValidationRecord == nil || len(ch.ValidationRecord) == 0 { + return false + } + + switch ch.Type { + case ChallengeTypeHTTP01: + for _, rec := range ch.ValidationRecord { + if rec.URL == "" || rec.Hostname == "" || rec.Port == "" || rec.AddressUsed == nil || + len(rec.AddressesResolved) == 0 { + return false + } + } + case ChallengeTypeTLSALPN01: + if len(ch.ValidationRecord) > 1 { + return false + } + if ch.ValidationRecord[0].URL != "" { + return false + } + if ch.ValidationRecord[0].Hostname == "" || ch.ValidationRecord[0].Port == "" || + ch.ValidationRecord[0].AddressUsed == nil || len(ch.ValidationRecord[0].AddressesResolved) == 0 { + return false + } + case ChallengeTypeDNS01: + if len(ch.ValidationRecord) > 1 { + return false + } + if ch.ValidationRecord[0].Hostname == "" { + return false + } + return true + default: // Unsupported challenge type + return false + } + + return true +} + +// CheckConsistencyForClientOffer checks the fields of a challenge object before it is +// given to the client. +func (ch Challenge) CheckConsistencyForClientOffer() error { + err := ch.checkConsistency() + if err != nil { + return err + } + + // Before completion, the key authorization field should be empty + if ch.ProvidedKeyAuthorization != "" { + return fmt.Errorf("A response to this challenge was already submitted.") + } + return nil +} + +// CheckConsistencyForValidation checks the fields of a challenge object before it is +// given to the VA. +func (ch Challenge) CheckConsistencyForValidation() error { + err := ch.checkConsistency() + if err != nil { + return err + } + + // If the challenge is completed, then there should be a key authorization + return looksLikeKeyAuthorization(ch.ProvidedKeyAuthorization) +} + +// checkConsistency checks the sanity of a challenge object before issued to the client. +func (ch Challenge) checkConsistency() error { + if ch.Status != StatusPending { + return fmt.Errorf("The challenge is not pending.") + } + + // There always needs to be a token + if !LooksLikeAToken(ch.Token) { + return fmt.Errorf("The token is missing.") + } + return nil +} + +// StringID is used to generate a ID for challenges associated with new style authorizations. +// This is necessary as these challenges no longer have a unique non-sequential identifier +// in the new storage scheme. This identifier is generated by constructing a fnv hash over the +// challenge token and type and encoding the first 4 bytes of it using the base64 URL encoding. +func (ch Challenge) StringID() string { + h := fnv.New128a() + h.Write([]byte(ch.Token)) + h.Write([]byte(ch.Type)) + return base64.RawURLEncoding.EncodeToString(h.Sum(nil)[0:4]) +} + +// Authorization represents the authorization of an account key holder +// to act on behalf of a domain. This struct is intended to be used both +// internally and for JSON marshaling on the wire. Any fields that should be +// suppressed on the wire (e.g., ID, regID) must be made empty before marshaling. +type Authorization struct { + // An identifier for this authorization, unique across + // authorizations and certificates within this instance. + ID string `json:"id,omitempty" db:"id"` + + // The identifier for which authorization is being given + Identifier identifier.ACMEIdentifier `json:"identifier,omitempty" db:"identifier"` + + // The registration ID associated with the authorization + RegistrationID int64 `json:"regId,omitempty" db:"registrationID"` + + // The status of the validation of this authorization + Status AcmeStatus `json:"status,omitempty" db:"status"` + + // The date after which this authorization will be no + // longer be considered valid. Note: a certificate may be issued even on the + // last day of an authorization's lifetime. The last day for which someone can + // hold a valid certificate based on an authorization is authorization + // lifetime + certificate lifetime. + Expires *time.Time `json:"expires,omitempty" db:"expires"` + + // An array of challenges objects used to validate the + // applicant's control of the identifier. For authorizations + // in process, these are challenges to be fulfilled; for + // final authorizations, they describe the evidence that + // the server used in support of granting the authorization. + // + // There should only ever be one challenge of each type in this + // slice and the order of these challenges may not be predictable. + Challenges []Challenge `json:"challenges,omitempty" db:"-"` + + // This field is deprecated. It's filled in by WFE for the ACMEv1 API. + Combinations [][]int `json:"combinations,omitempty" db:"combinations"` + + // Wildcard is a Boulder-specific Authorization field that indicates the + // authorization was created as a result of an order containing a name with + // a `*.`wildcard prefix. This will help convey to users that an + // Authorization with the identifier `example.com` and one DNS-01 challenge + // corresponds to a name `*.example.com` from an associated order. + Wildcard bool `json:"wildcard,omitempty" db:"-"` +} + +// FindChallengeByStringID will look for a challenge matching the given ID inside +// this authorization. If found, it will return the index of that challenge within +// the Authorization's Challenges array. Otherwise it will return -1. +func (authz *Authorization) FindChallengeByStringID(id string) int { + for i, c := range authz.Challenges { + if c.StringID() == id { + return i + } + } + return -1 +} + +// SolvedBy will look through the Authorizations challenges, returning the type +// of the *first* challenge it finds with Status: valid, or an error if no +// challenge is valid. +func (authz *Authorization) SolvedBy() (*AcmeChallenge, error) { + if len(authz.Challenges) == 0 { + return nil, fmt.Errorf("Authorization has no challenges") + } + for _, chal := range authz.Challenges { + if chal.Status == StatusValid { + return &chal.Type, nil + } + } + return nil, fmt.Errorf("Authorization not solved by any challenge") +} + +// JSONBuffer fields get encoded and decoded JOSE-style, in base64url encoding +// with stripped padding. +type JSONBuffer []byte + +// URL-safe base64 encode that strips padding +func base64URLEncode(data []byte) string { + var result = base64.URLEncoding.EncodeToString(data) + return strings.TrimRight(result, "=") +} + +// URL-safe base64 decoder that adds padding +func base64URLDecode(data string) ([]byte, error) { + var missing = (4 - len(data)%4) % 4 + data += strings.Repeat("=", missing) + return base64.URLEncoding.DecodeString(data) +} + +// MarshalJSON encodes a JSONBuffer for transmission. +func (jb JSONBuffer) MarshalJSON() (result []byte, err error) { + return json.Marshal(base64URLEncode(jb)) +} + +// UnmarshalJSON decodes a JSONBuffer to an object. +func (jb *JSONBuffer) UnmarshalJSON(data []byte) (err error) { + var str string + err = json.Unmarshal(data, &str) + if err != nil { + return err + } + *jb, err = base64URLDecode(str) + return +} + +// Certificate objects are entirely internal to the server. The only +// thing exposed on the wire is the certificate itself. +type Certificate struct { + ID int64 `db:"id"` + RegistrationID int64 `db:"registrationID"` + + Serial string `db:"serial"` + Digest string `db:"digest"` + DER []byte `db:"der"` + Issued time.Time `db:"issued"` + Expires time.Time `db:"expires"` +} + +// CertificateStatus structs are internal to the server. They represent the +// latest data about the status of the certificate, required for OCSP updating +// and for validating that the subscriber has accepted the certificate. +type CertificateStatus struct { + ID int64 `db:"id"` + + Serial string `db:"serial"` + + // status: 'good' or 'revoked'. Note that good, expired certificates remain + // with status 'good' but don't necessarily get fresh OCSP responses. + Status OCSPStatus `db:"status"` + + // ocspLastUpdated: The date and time of the last time we generated an OCSP + // response. If we have never generated one, this has the zero value of + // time.Time, i.e. Jan 1 1970. + OCSPLastUpdated time.Time `db:"ocspLastUpdated"` + + // revokedDate: If status is 'revoked', this is the date and time it was + // revoked. Otherwise it has the zero value of time.Time, i.e. Jan 1 1970. + RevokedDate time.Time `db:"revokedDate"` + + // revokedReason: If status is 'revoked', this is the reason code for the + // revocation. Otherwise it is zero (which happens to be the reason + // code for 'unspecified'). + RevokedReason revocation.Reason `db:"revokedReason"` + + LastExpirationNagSent time.Time `db:"lastExpirationNagSent"` + + // The encoded and signed OCSP response. + OCSPResponse []byte `db:"ocspResponse"` + + // For performance reasons[0] we duplicate the `Expires` field of the + // `Certificates` object/table in `CertificateStatus` to avoid a costly `JOIN` + // later on just to retrieve this `Time` value. This helps both the OCSP + // updater and the expiration-mailer stay performant. + // + // Similarly, we add an explicit `IsExpired` boolean to `CertificateStatus` + // table that the OCSP updater so that the database can create a meaningful + // index on `(isExpired, ocspLastUpdated)` without a `JOIN` on `certificates`. + // For more detail see Boulder #1864[0]. + // + // [0]: https://github.com/letsencrypt/boulder/issues/1864 + NotAfter time.Time `db:"notAfter"` + IsExpired bool `db:"isExpired"` + + // TODO(#5152): Change this to an issuance.Issuer(Name)ID after it no longer + // has to support both IssuerNameIDs and IssuerIDs. + IssuerID int64 +} + +// FQDNSet contains the SHA256 hash of the lowercased, comma joined dNSNames +// contained in a certificate. +type FQDNSet struct { + ID int64 + SetHash []byte + Serial string + Issued time.Time + Expires time.Time +} + +// SCTDERs is a convenience type +type SCTDERs [][]byte + +// CertDER is a convenience type that helps differentiate what the +// underlying byte slice contains +type CertDER []byte + +// SuggestedWindow is a type exposed inside the RenewalInfo resource. +type SuggestedWindow struct { + Start time.Time `json:"start"` + End time.Time `json:"end"` +} + +// RenewalInfo is a type which is exposed to clients which query the renewalInfo +// endpoint specified in draft-aaron-ari. +type RenewalInfo struct { + SuggestedWindow SuggestedWindow `json:"suggestedWindow"` +} diff --git a/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go b/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go new file mode 100644 index 000000000..3a9cc1036 --- /dev/null +++ b/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go @@ -0,0 +1,1100 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0 +// protoc v3.15.6 +// source: core.proto + +package proto + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Challenge struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` + Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"` + Status string `protobuf:"bytes,6,opt,name=status,proto3" json:"status,omitempty"` + Uri string `protobuf:"bytes,9,opt,name=uri,proto3" json:"uri,omitempty"` + Token string `protobuf:"bytes,3,opt,name=token,proto3" json:"token,omitempty"` + KeyAuthorization string `protobuf:"bytes,5,opt,name=keyAuthorization,proto3" json:"keyAuthorization,omitempty"` + Validationrecords []*ValidationRecord `protobuf:"bytes,10,rep,name=validationrecords,proto3" json:"validationrecords,omitempty"` + Error *ProblemDetails `protobuf:"bytes,7,opt,name=error,proto3" json:"error,omitempty"` + Validated int64 `protobuf:"varint,11,opt,name=validated,proto3" json:"validated,omitempty"` +} + +func (x *Challenge) Reset() { + *x = Challenge{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Challenge) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Challenge) ProtoMessage() {} + +func (x *Challenge) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Challenge.ProtoReflect.Descriptor instead. +func (*Challenge) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{0} +} + +func (x *Challenge) GetId() int64 { + if x != nil { + return x.Id + } + return 0 +} + +func (x *Challenge) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *Challenge) GetStatus() string { + if x != nil { + return x.Status + } + return "" +} + +func (x *Challenge) GetUri() string { + if x != nil { + return x.Uri + } + return "" +} + +func (x *Challenge) GetToken() string { + if x != nil { + return x.Token + } + return "" +} + +func (x *Challenge) GetKeyAuthorization() string { + if x != nil { + return x.KeyAuthorization + } + return "" +} + +func (x *Challenge) GetValidationrecords() []*ValidationRecord { + if x != nil { + return x.Validationrecords + } + return nil +} + +func (x *Challenge) GetError() *ProblemDetails { + if x != nil { + return x.Error + } + return nil +} + +func (x *Challenge) GetValidated() int64 { + if x != nil { + return x.Validated + } + return 0 +} + +type ValidationRecord struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Hostname string `protobuf:"bytes,1,opt,name=hostname,proto3" json:"hostname,omitempty"` + Port string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"` + AddressesResolved [][]byte `protobuf:"bytes,3,rep,name=addressesResolved,proto3" json:"addressesResolved,omitempty"` // net.IP.MarshalText() + AddressUsed []byte `protobuf:"bytes,4,opt,name=addressUsed,proto3" json:"addressUsed,omitempty"` // net.IP.MarshalText() + Authorities []string `protobuf:"bytes,5,rep,name=authorities,proto3" json:"authorities,omitempty"` + Url string `protobuf:"bytes,6,opt,name=url,proto3" json:"url,omitempty"` + // A list of addresses tried before the address used (see + // core/objects.go and the comment on the ValidationRecord structure + // definition for more information. + AddressesTried [][]byte `protobuf:"bytes,7,rep,name=addressesTried,proto3" json:"addressesTried,omitempty"` // net.IP.MarshalText() +} + +func (x *ValidationRecord) Reset() { + *x = ValidationRecord{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ValidationRecord) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ValidationRecord) ProtoMessage() {} + +func (x *ValidationRecord) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ValidationRecord.ProtoReflect.Descriptor instead. +func (*ValidationRecord) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{1} +} + +func (x *ValidationRecord) GetHostname() string { + if x != nil { + return x.Hostname + } + return "" +} + +func (x *ValidationRecord) GetPort() string { + if x != nil { + return x.Port + } + return "" +} + +func (x *ValidationRecord) GetAddressesResolved() [][]byte { + if x != nil { + return x.AddressesResolved + } + return nil +} + +func (x *ValidationRecord) GetAddressUsed() []byte { + if x != nil { + return x.AddressUsed + } + return nil +} + +func (x *ValidationRecord) GetAuthorities() []string { + if x != nil { + return x.Authorities + } + return nil +} + +func (x *ValidationRecord) GetUrl() string { + if x != nil { + return x.Url + } + return "" +} + +func (x *ValidationRecord) GetAddressesTried() [][]byte { + if x != nil { + return x.AddressesTried + } + return nil +} + +type ProblemDetails struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ProblemType string `protobuf:"bytes,1,opt,name=problemType,proto3" json:"problemType,omitempty"` + Detail string `protobuf:"bytes,2,opt,name=detail,proto3" json:"detail,omitempty"` + HttpStatus int32 `protobuf:"varint,3,opt,name=httpStatus,proto3" json:"httpStatus,omitempty"` +} + +func (x *ProblemDetails) Reset() { + *x = ProblemDetails{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ProblemDetails) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ProblemDetails) ProtoMessage() {} + +func (x *ProblemDetails) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ProblemDetails.ProtoReflect.Descriptor instead. +func (*ProblemDetails) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{2} +} + +func (x *ProblemDetails) GetProblemType() string { + if x != nil { + return x.ProblemType + } + return "" +} + +func (x *ProblemDetails) GetDetail() string { + if x != nil { + return x.Detail + } + return "" +} + +func (x *ProblemDetails) GetHttpStatus() int32 { + if x != nil { + return x.HttpStatus + } + return 0 +} + +type Certificate struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + RegistrationID int64 `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"` + Serial string `protobuf:"bytes,2,opt,name=serial,proto3" json:"serial,omitempty"` + Digest string `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"` + Der []byte `protobuf:"bytes,4,opt,name=der,proto3" json:"der,omitempty"` + Issued int64 `protobuf:"varint,5,opt,name=issued,proto3" json:"issued,omitempty"` // Unix timestamp (nanoseconds) + Expires int64 `protobuf:"varint,6,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds) +} + +func (x *Certificate) Reset() { + *x = Certificate{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Certificate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Certificate) ProtoMessage() {} + +func (x *Certificate) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Certificate.ProtoReflect.Descriptor instead. +func (*Certificate) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{3} +} + +func (x *Certificate) GetRegistrationID() int64 { + if x != nil { + return x.RegistrationID + } + return 0 +} + +func (x *Certificate) GetSerial() string { + if x != nil { + return x.Serial + } + return "" +} + +func (x *Certificate) GetDigest() string { + if x != nil { + return x.Digest + } + return "" +} + +func (x *Certificate) GetDer() []byte { + if x != nil { + return x.Der + } + return nil +} + +func (x *Certificate) GetIssued() int64 { + if x != nil { + return x.Issued + } + return 0 +} + +func (x *Certificate) GetExpires() int64 { + if x != nil { + return x.Expires + } + return 0 +} + +type CertificateStatus struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Serial string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"` + Status string `protobuf:"bytes,3,opt,name=status,proto3" json:"status,omitempty"` + OcspLastUpdated int64 `protobuf:"varint,4,opt,name=ocspLastUpdated,proto3" json:"ocspLastUpdated,omitempty"` + RevokedDate int64 `protobuf:"varint,5,opt,name=revokedDate,proto3" json:"revokedDate,omitempty"` + RevokedReason int64 `protobuf:"varint,6,opt,name=revokedReason,proto3" json:"revokedReason,omitempty"` + LastExpirationNagSent int64 `protobuf:"varint,7,opt,name=lastExpirationNagSent,proto3" json:"lastExpirationNagSent,omitempty"` + OcspResponse []byte `protobuf:"bytes,8,opt,name=ocspResponse,proto3" json:"ocspResponse,omitempty"` + NotAfter int64 `protobuf:"varint,9,opt,name=notAfter,proto3" json:"notAfter,omitempty"` + IsExpired bool `protobuf:"varint,10,opt,name=isExpired,proto3" json:"isExpired,omitempty"` + IssuerID int64 `protobuf:"varint,11,opt,name=issuerID,proto3" json:"issuerID,omitempty"` +} + +func (x *CertificateStatus) Reset() { + *x = CertificateStatus{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CertificateStatus) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CertificateStatus) ProtoMessage() {} + +func (x *CertificateStatus) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CertificateStatus.ProtoReflect.Descriptor instead. +func (*CertificateStatus) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{4} +} + +func (x *CertificateStatus) GetSerial() string { + if x != nil { + return x.Serial + } + return "" +} + +func (x *CertificateStatus) GetStatus() string { + if x != nil { + return x.Status + } + return "" +} + +func (x *CertificateStatus) GetOcspLastUpdated() int64 { + if x != nil { + return x.OcspLastUpdated + } + return 0 +} + +func (x *CertificateStatus) GetRevokedDate() int64 { + if x != nil { + return x.RevokedDate + } + return 0 +} + +func (x *CertificateStatus) GetRevokedReason() int64 { + if x != nil { + return x.RevokedReason + } + return 0 +} + +func (x *CertificateStatus) GetLastExpirationNagSent() int64 { + if x != nil { + return x.LastExpirationNagSent + } + return 0 +} + +func (x *CertificateStatus) GetOcspResponse() []byte { + if x != nil { + return x.OcspResponse + } + return nil +} + +func (x *CertificateStatus) GetNotAfter() int64 { + if x != nil { + return x.NotAfter + } + return 0 +} + +func (x *CertificateStatus) GetIsExpired() bool { + if x != nil { + return x.IsExpired + } + return false +} + +func (x *CertificateStatus) GetIssuerID() int64 { + if x != nil { + return x.IssuerID + } + return 0 +} + +type Registration struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` + Key []byte `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` + Contact []string `protobuf:"bytes,3,rep,name=contact,proto3" json:"contact,omitempty"` + ContactsPresent bool `protobuf:"varint,4,opt,name=contactsPresent,proto3" json:"contactsPresent,omitempty"` + Agreement string `protobuf:"bytes,5,opt,name=agreement,proto3" json:"agreement,omitempty"` + InitialIP []byte `protobuf:"bytes,6,opt,name=initialIP,proto3" json:"initialIP,omitempty"` + CreatedAt int64 `protobuf:"varint,7,opt,name=createdAt,proto3" json:"createdAt,omitempty"` // Unix timestamp (nanoseconds) + Status string `protobuf:"bytes,8,opt,name=status,proto3" json:"status,omitempty"` +} + +func (x *Registration) Reset() { + *x = Registration{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Registration) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Registration) ProtoMessage() {} + +func (x *Registration) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Registration.ProtoReflect.Descriptor instead. +func (*Registration) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{5} +} + +func (x *Registration) GetId() int64 { + if x != nil { + return x.Id + } + return 0 +} + +func (x *Registration) GetKey() []byte { + if x != nil { + return x.Key + } + return nil +} + +func (x *Registration) GetContact() []string { + if x != nil { + return x.Contact + } + return nil +} + +func (x *Registration) GetContactsPresent() bool { + if x != nil { + return x.ContactsPresent + } + return false +} + +func (x *Registration) GetAgreement() string { + if x != nil { + return x.Agreement + } + return "" +} + +func (x *Registration) GetInitialIP() []byte { + if x != nil { + return x.InitialIP + } + return nil +} + +func (x *Registration) GetCreatedAt() int64 { + if x != nil { + return x.CreatedAt + } + return 0 +} + +func (x *Registration) GetStatus() string { + if x != nil { + return x.Status + } + return "" +} + +type Authorization struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Identifier string `protobuf:"bytes,2,opt,name=identifier,proto3" json:"identifier,omitempty"` + RegistrationID int64 `protobuf:"varint,3,opt,name=registrationID,proto3" json:"registrationID,omitempty"` + Status string `protobuf:"bytes,4,opt,name=status,proto3" json:"status,omitempty"` + Expires int64 `protobuf:"varint,5,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds) + Challenges []*Challenge `protobuf:"bytes,6,rep,name=challenges,proto3" json:"challenges,omitempty"` +} + +func (x *Authorization) Reset() { + *x = Authorization{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Authorization) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Authorization) ProtoMessage() {} + +func (x *Authorization) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Authorization.ProtoReflect.Descriptor instead. +func (*Authorization) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{6} +} + +func (x *Authorization) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *Authorization) GetIdentifier() string { + if x != nil { + return x.Identifier + } + return "" +} + +func (x *Authorization) GetRegistrationID() int64 { + if x != nil { + return x.RegistrationID + } + return 0 +} + +func (x *Authorization) GetStatus() string { + if x != nil { + return x.Status + } + return "" +} + +func (x *Authorization) GetExpires() int64 { + if x != nil { + return x.Expires + } + return 0 +} + +func (x *Authorization) GetChallenges() []*Challenge { + if x != nil { + return x.Challenges + } + return nil +} + +type Order struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` + RegistrationID int64 `protobuf:"varint,2,opt,name=registrationID,proto3" json:"registrationID,omitempty"` + Expires int64 `protobuf:"varint,3,opt,name=expires,proto3" json:"expires,omitempty"` + Error *ProblemDetails `protobuf:"bytes,4,opt,name=error,proto3" json:"error,omitempty"` + CertificateSerial string `protobuf:"bytes,5,opt,name=certificateSerial,proto3" json:"certificateSerial,omitempty"` + Status string `protobuf:"bytes,7,opt,name=status,proto3" json:"status,omitempty"` + Names []string `protobuf:"bytes,8,rep,name=names,proto3" json:"names,omitempty"` + BeganProcessing bool `protobuf:"varint,9,opt,name=beganProcessing,proto3" json:"beganProcessing,omitempty"` + Created int64 `protobuf:"varint,10,opt,name=created,proto3" json:"created,omitempty"` + V2Authorizations []int64 `protobuf:"varint,11,rep,packed,name=v2Authorizations,proto3" json:"v2Authorizations,omitempty"` +} + +func (x *Order) Reset() { + *x = Order{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Order) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Order) ProtoMessage() {} + +func (x *Order) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Order.ProtoReflect.Descriptor instead. +func (*Order) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{7} +} + +func (x *Order) GetId() int64 { + if x != nil { + return x.Id + } + return 0 +} + +func (x *Order) GetRegistrationID() int64 { + if x != nil { + return x.RegistrationID + } + return 0 +} + +func (x *Order) GetExpires() int64 { + if x != nil { + return x.Expires + } + return 0 +} + +func (x *Order) GetError() *ProblemDetails { + if x != nil { + return x.Error + } + return nil +} + +func (x *Order) GetCertificateSerial() string { + if x != nil { + return x.CertificateSerial + } + return "" +} + +func (x *Order) GetStatus() string { + if x != nil { + return x.Status + } + return "" +} + +func (x *Order) GetNames() []string { + if x != nil { + return x.Names + } + return nil +} + +func (x *Order) GetBeganProcessing() bool { + if x != nil { + return x.BeganProcessing + } + return false +} + +func (x *Order) GetCreated() int64 { + if x != nil { + return x.Created + } + return 0 +} + +func (x *Order) GetV2Authorizations() []int64 { + if x != nil { + return x.V2Authorizations + } + return nil +} + +var File_core_proto protoreflect.FileDescriptor + +var file_core_proto_rawDesc = []byte{ + 0x0a, 0x0a, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x6f, + 0x72, 0x65, 0x22, 0xab, 0x02, 0x0a, 0x09, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, + 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, + 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x10, 0x0a, 0x03, + 0x75, 0x72, 0x69, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x14, + 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2a, 0x0a, 0x10, 0x6b, 0x65, 0x79, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, + 0x6b, 0x65, 0x79, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x44, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x72, 0x65, + 0x63, 0x6f, 0x72, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, + 0x6f, 0x72, 0x64, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x72, + 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, + 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, 0x18, + 0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, + 0x22, 0xee, 0x01, 0x0a, 0x10, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x65, 0x63, 0x6f, 0x72, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0c, + 0x52, 0x11, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x55, 0x73, + 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x55, 0x73, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x61, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x54, 0x72, 0x69, 0x65, 0x64, 0x18, 0x07, 0x20, 0x03, 0x28, + 0x0c, 0x52, 0x0e, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x54, 0x72, 0x69, 0x65, + 0x64, 0x22, 0x6a, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, + 0x69, 0x6c, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x54, 0x79, + 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x62, 0x6c, 0x65, + 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x12, 0x1e, 0x0a, + 0x0a, 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0xa9, 0x01, + 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x26, 0x0a, + 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, + 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, + 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0c, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, + 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x12, + 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x22, 0xeb, 0x02, 0x0a, 0x11, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, + 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, + 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, + 0x28, 0x0a, 0x0f, 0x6f, 0x63, 0x73, 0x70, 0x4c, 0x61, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0f, 0x6f, 0x63, 0x73, 0x70, 0x4c, 0x61, + 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x72, 0x65, 0x76, + 0x6f, 0x6b, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, + 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x72, + 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73, 0x6f, + 0x6e, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x61, 0x73, 0x74, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x67, 0x53, 0x65, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x15, 0x6c, 0x61, 0x73, 0x74, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x4e, 0x61, 0x67, 0x53, 0x65, 0x6e, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x63, 0x73, 0x70, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x6f, + 0x63, 0x73, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x6e, + 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6e, + 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x73, 0x45, 0x78, 0x70, + 0x69, 0x72, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x45, 0x78, + 0x70, 0x69, 0x72, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, + 0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, + 0x44, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xe6, 0x01, 0x0a, 0x0c, 0x52, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, + 0x6e, 0x74, 0x61, 0x63, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6e, + 0x74, 0x61, 0x63, 0x74, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, + 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x63, + 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x12, 0x1c, + 0x0a, 0x09, 0x61, 0x67, 0x72, 0x65, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x61, 0x67, 0x72, 0x65, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c, 0x0a, 0x09, + 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x49, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x09, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x49, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x22, 0xd6, 0x01, 0x0a, 0x0d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, + 0x69, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, + 0x65, 0x72, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x0a, + 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x0f, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, + 0x65, 0x52, 0x0a, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x73, 0x4a, 0x04, 0x08, + 0x07, 0x10, 0x08, 0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, 0x22, 0xd7, 0x02, 0x0a, 0x05, 0x4f, 0x72, + 0x64, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x02, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x65, + 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, + 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62, + 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, + 0x72, 0x12, 0x2c, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, + 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, + 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x28, 0x0a, + 0x0f, 0x62, 0x65, 0x67, 0x61, 0x6e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, + 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x62, 0x65, 0x67, 0x61, 0x6e, 0x50, 0x72, 0x6f, + 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x64, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x03, 0x52, 0x10, 0x76, 0x32, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x04, 0x08, + 0x06, 0x10, 0x07, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, + 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_core_proto_rawDescOnce sync.Once + file_core_proto_rawDescData = file_core_proto_rawDesc +) + +func file_core_proto_rawDescGZIP() []byte { + file_core_proto_rawDescOnce.Do(func() { + file_core_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_proto_rawDescData) + }) + return file_core_proto_rawDescData +} + +var file_core_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_core_proto_goTypes = []interface{}{ + (*Challenge)(nil), // 0: core.Challenge + (*ValidationRecord)(nil), // 1: core.ValidationRecord + (*ProblemDetails)(nil), // 2: core.ProblemDetails + (*Certificate)(nil), // 3: core.Certificate + (*CertificateStatus)(nil), // 4: core.CertificateStatus + (*Registration)(nil), // 5: core.Registration + (*Authorization)(nil), // 6: core.Authorization + (*Order)(nil), // 7: core.Order +} +var file_core_proto_depIdxs = []int32{ + 1, // 0: core.Challenge.validationrecords:type_name -> core.ValidationRecord + 2, // 1: core.Challenge.error:type_name -> core.ProblemDetails + 0, // 2: core.Authorization.challenges:type_name -> core.Challenge + 2, // 3: core.Order.error:type_name -> core.ProblemDetails + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_core_proto_init() } +func file_core_proto_init() { + if File_core_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_core_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Challenge); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ValidationRecord); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ProblemDetails); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Certificate); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CertificateStatus); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Registration); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Authorization); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Order); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_core_proto_rawDesc, + NumEnums: 0, + NumMessages: 8, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_core_proto_goTypes, + DependencyIndexes: file_core_proto_depIdxs, + MessageInfos: file_core_proto_msgTypes, + }.Build() + File_core_proto = out.File + file_core_proto_rawDesc = nil + file_core_proto_goTypes = nil + file_core_proto_depIdxs = nil +} diff --git a/vendor/github.com/letsencrypt/boulder/core/proto/core.proto b/vendor/github.com/letsencrypt/boulder/core/proto/core.proto new file mode 100644 index 000000000..06abe5e99 --- /dev/null +++ b/vendor/github.com/letsencrypt/boulder/core/proto/core.proto @@ -0,0 +1,95 @@ +syntax = "proto3"; + +package core; +option go_package = "github.com/letsencrypt/boulder/core/proto"; + +message Challenge { + int64 id = 1; + string type = 2; + string status = 6; + string uri = 9; + string token = 3; + string keyAuthorization = 5; + repeated ValidationRecord validationrecords = 10; + ProblemDetails error = 7; + int64 validated = 11; +} + +message ValidationRecord { + string hostname = 1; + string port = 2; + repeated bytes addressesResolved = 3; // net.IP.MarshalText() + bytes addressUsed = 4; // net.IP.MarshalText() + + repeated string authorities = 5; + string url = 6; + // A list of addresses tried before the address used (see + // core/objects.go and the comment on the ValidationRecord structure + // definition for more information. + repeated bytes addressesTried = 7; // net.IP.MarshalText() +} + +message ProblemDetails { + string problemType = 1; + string detail = 2; + int32 httpStatus = 3; +} + +message Certificate { + int64 registrationID = 1; + string serial = 2; + string digest = 3; + bytes der = 4; + int64 issued = 5; // Unix timestamp (nanoseconds) + int64 expires = 6; // Unix timestamp (nanoseconds) +} + +message CertificateStatus { + string serial = 1; + reserved 2; // previously subscriberApproved + string status = 3; + int64 ocspLastUpdated = 4; + int64 revokedDate = 5; + int64 revokedReason = 6; + int64 lastExpirationNagSent = 7; + bytes ocspResponse = 8; + int64 notAfter = 9; + bool isExpired = 10; + int64 issuerID = 11; +} + +message Registration { + int64 id = 1; + bytes key = 2; + repeated string contact = 3; + bool contactsPresent = 4; + string agreement = 5; + bytes initialIP = 6; + int64 createdAt = 7; // Unix timestamp (nanoseconds) + string status = 8; +} + +message Authorization { + string id = 1; + string identifier = 2; + int64 registrationID = 3; + string status = 4; + int64 expires = 5; // Unix timestamp (nanoseconds) + repeated core.Challenge challenges = 6; + reserved 7; // previously combinations + reserved 8; // previously v2 +} + +message Order { + int64 id = 1; + int64 registrationID = 2; + int64 expires = 3; + ProblemDetails error = 4; + string certificateSerial = 5; + reserved 6; // previously authorizations, deprecated in favor of v2Authorizations + string status = 7; + repeated string names = 8; + bool beganProcessing = 9; + int64 created = 10; + repeated int64 v2Authorizations = 11; +} diff --git a/vendor/github.com/letsencrypt/boulder/core/util.go b/vendor/github.com/letsencrypt/boulder/core/util.go new file mode 100644 index 000000000..29f0d9c3d --- /dev/null +++ b/vendor/github.com/letsencrypt/boulder/core/util.go @@ -0,0 +1,298 @@ +package core + +import ( + "bytes" + "crypto" + "crypto/rand" + "crypto/sha256" + "crypto/x509" + "encoding/base64" + "encoding/hex" + "encoding/pem" + "errors" + "expvar" + "fmt" + "io" + "io/ioutil" + "math/big" + mrand "math/rand" + "reflect" + "regexp" + "sort" + "strings" + "time" + "unicode" + + jose "gopkg.in/square/go-jose.v2" +) + +// Package Variables Variables + +// BuildID is set by the compiler (using -ldflags "-X core.BuildID $(git rev-parse --short HEAD)") +// and is used by GetBuildID +var BuildID string + +// BuildHost is set by the compiler and is used by GetBuildHost +var BuildHost string + +// BuildTime is set by the compiler and is used by GetBuildTime +var BuildTime string + +func init() { + expvar.NewString("BuildID").Set(BuildID) + expvar.NewString("BuildTime").Set(BuildTime) +} + +// Random stuff + +type randSource interface { + Read(p []byte) (n int, err error) +} + +// RandReader is used so that it can be replaced in tests that require +// deterministic output +var RandReader randSource = rand.Reader + +// RandomString returns a randomly generated string of the requested length. +func RandomString(byteLength int) string { + b := make([]byte, byteLength) + _, err := io.ReadFull(RandReader, b) + if err != nil { + panic(fmt.Sprintf("Error reading random bytes: %s", err)) + } + return base64.RawURLEncoding.EncodeToString(b) +} + +// NewToken produces a random string for Challenges, etc. +func NewToken() string { + return RandomString(32) +} + +var tokenFormat = regexp.MustCompile(`^[\w-]{43}$`) + +// LooksLikeAToken checks whether a string represents a 32-octet value in +// the URL-safe base64 alphabet. +func LooksLikeAToken(token string) bool { + return tokenFormat.MatchString(token) +} + +// Fingerprints + +// Fingerprint256 produces an unpadded, URL-safe Base64-encoded SHA256 digest +// of the data. +func Fingerprint256(data []byte) string { + d := sha256.New() + _, _ = d.Write(data) // Never returns an error + return base64.RawURLEncoding.EncodeToString(d.Sum(nil)) +} + +type Sha256Digest [sha256.Size]byte + +// KeyDigest produces a Base64-encoded SHA256 digest of a +// provided public key. +func KeyDigest(key crypto.PublicKey) (Sha256Digest, error) { + switch t := key.(type) { + case *jose.JSONWebKey: + if t == nil { + return Sha256Digest{}, fmt.Errorf("Cannot compute digest of nil key") + } + return KeyDigest(t.Key) + case jose.JSONWebKey: + return KeyDigest(t.Key) + default: + keyDER, err := x509.MarshalPKIXPublicKey(key) + if err != nil { + return Sha256Digest{}, err + } + return sha256.Sum256(keyDER), nil + } +} + +// KeyDigestB64 produces a padded, standard Base64-encoded SHA256 digest of a +// provided public key. +func KeyDigestB64(key crypto.PublicKey) (string, error) { + digest, err := KeyDigest(key) + if err != nil { + return "", err + } + return base64.StdEncoding.EncodeToString(digest[:]), nil +} + +// KeyDigestEquals determines whether two public keys have the same digest. +func KeyDigestEquals(j, k crypto.PublicKey) bool { + digestJ, errJ := KeyDigestB64(j) + digestK, errK := KeyDigestB64(k) + // Keys that don't have a valid digest (due to marshalling problems) + // are never equal. So, e.g. nil keys are not equal. + if errJ != nil || errK != nil { + return false + } + return digestJ == digestK +} + +// PublicKeysEqual determines whether two public keys have the same marshalled +// bytes as one another +func PublicKeysEqual(a, b interface{}) (bool, error) { + if a == nil || b == nil { + return false, errors.New("One or more nil arguments to PublicKeysEqual") + } + aBytes, err := x509.MarshalPKIXPublicKey(a) + if err != nil { + return false, err + } + bBytes, err := x509.MarshalPKIXPublicKey(b) + if err != nil { + return false, err + } + return bytes.Equal(aBytes, bBytes), nil +} + +// SerialToString converts a certificate serial number (big.Int) to a String +// consistently. +func SerialToString(serial *big.Int) string { + return fmt.Sprintf("%036x", serial) +} + +// StringToSerial converts a string into a certificate serial number (big.Int) +// consistently. +func StringToSerial(serial string) (*big.Int, error) { + var serialNum big.Int + if !ValidSerial(serial) { + return &serialNum, errors.New("Invalid serial number") + } + _, err := fmt.Sscanf(serial, "%036x", &serialNum) + return &serialNum, err +} + +// ValidSerial tests whether the input string represents a syntactically +// valid serial number, i.e., that it is a valid hex string between 32 +// and 36 characters long. +func ValidSerial(serial string) bool { + // Originally, serial numbers were 32 hex characters long. We later increased + // them to 36, but we allow the shorter ones because they exist in some + // production databases. + if len(serial) != 32 && len(serial) != 36 { + return false + } + _, err := hex.DecodeString(serial) + return err == nil +} + +// GetBuildID identifies what build is running. +func GetBuildID() (retID string) { + retID = BuildID + if retID == "" { + retID = "Unspecified" + } + return +} + +// GetBuildTime identifies when this build was made +func GetBuildTime() (retID string) { + retID = BuildTime + if retID == "" { + retID = "Unspecified" + } + return +} + +// GetBuildHost identifies the building host +func GetBuildHost() (retID string) { + retID = BuildHost + if retID == "" { + retID = "Unspecified" + } + return +} + +// IsAnyNilOrZero returns whether any of the supplied values are nil, or (if not) +// if any of them is its type's zero-value. This is useful for validating that +// all required fields on a proto message are present. +func IsAnyNilOrZero(vals ...interface{}) bool { + for _, val := range vals { + switch v := val.(type) { + case nil: + return true + case []byte: + if len(v) == 0 { + return true + } + default: + if reflect.ValueOf(v).IsZero() { + return true + } + } + } + return false +} + +// UniqueLowerNames returns the set of all unique names in the input after all +// of them are lowercased. The returned names will be in their lowercased form +// and sorted alphabetically. +func UniqueLowerNames(names []string) (unique []string) { + nameMap := make(map[string]int, len(names)) + for _, name := range names { + nameMap[strings.ToLower(name)] = 1 + } + + unique = make([]string, 0, len(nameMap)) + for name := range nameMap { + unique = append(unique, name) + } + sort.Strings(unique) + return +} + +// LoadCert loads a PEM certificate specified by filename or returns an error +func LoadCert(filename string) (*x509.Certificate, error) { + certPEM, err := ioutil.ReadFile(filename) + if err != nil { + return nil, err + } + block, _ := pem.Decode(certPEM) + if block == nil { + return nil, fmt.Errorf("No data in cert PEM file %s", filename) + } + cert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, err + } + return cert, nil +} + +// retryJitter is used to prevent bunched retried queries from falling into lockstep +const retryJitter = 0.2 + +// RetryBackoff calculates a backoff time based on number of retries, will always +// add jitter so requests that start in unison won't fall into lockstep. Because of +// this the returned duration can always be larger than the maximum by a factor of +// retryJitter. Adapted from +// https://github.com/grpc/grpc-go/blob/v1.11.3/backoff.go#L77-L96 +func RetryBackoff(retries int, base, max time.Duration, factor float64) time.Duration { + if retries == 0 { + return 0 + } + backoff, fMax := float64(base), float64(max) + for backoff < fMax && retries > 1 { + backoff *= factor + retries-- + } + if backoff > fMax { + backoff = fMax + } + // Randomize backoff delays so that if a cluster of requests start at + // the same time, they won't operate in lockstep. + backoff *= (1 - retryJitter) + 2*retryJitter*mrand.Float64() + return time.Duration(backoff) +} + +// IsASCII determines if every character in a string is encoded in +// the ASCII character set. +func IsASCII(str string) bool { + for _, r := range str { + if r > unicode.MaxASCII { + return false + } + } + return true +} |