pb

package
v0.0.0-...-ca2f5af Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 12, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	CertificateType_name = map[int32]string{
		0: "CT_UNKNOWN",
		1: "CT_X509",
	}
	CertificateType_value = map[string]int32{
		"CT_UNKNOWN": 0,
		"CT_X509":    1,
	}
)

Enum value maps for CertificateType.

View Source
var (
	KeyType_name = map[int32]string{
		0: "KT_UNKNOWN",
		1: "KT_RSA",
	}
	KeyType_value = map[string]int32{
		"KT_UNKNOWN": 0,
		"KT_RSA":     1,
	}
)

Enum value maps for KeyType.

View Source
var (
	Endpoint_Type_name = map[int32]string{
		0: "EP_UNSPECIFIED",
		1: "EP_IPSEC_TUNNEL",
		2: "EP_DAEMON",
	}
	Endpoint_Type_value = map[string]int32{
		"EP_UNSPECIFIED":  0,
		"EP_IPSEC_TUNNEL": 1,
		"EP_DAEMON":       2,
	}
)

Enum value maps for Endpoint_Type.

Functions

func RegisterCertificateManagementServer

func RegisterCertificateManagementServer(s *grpc.Server, srv CertificateManagementServer)

Types

type CSR

type CSR struct {

	// Type of certificate.
	Type CertificateType `protobuf:"varint,1,opt,name=type,proto3,enum=gnoi.certificate.CertificateType" json:"type,omitempty"`
	// Bytes representing the CSR.
	// The exact encoding depends upon the type of certificate requested.
	// for X509: This should be the PEM encoded CSR.
	Csr []byte `protobuf:"bytes,2,opt,name=csr,proto3" json:"csr,omitempty"`
	// contains filtered or unexported fields
}

A Certificate Signing Request.

func (*CSR) Descriptor deprecated

func (*CSR) Descriptor() ([]byte, []int)

Deprecated: Use CSR.ProtoReflect.Descriptor instead.

func (*CSR) GetCsr

func (x *CSR) GetCsr() []byte

func (*CSR) GetType

func (x *CSR) GetType() CertificateType

func (*CSR) ProtoMessage

func (*CSR) ProtoMessage()

func (*CSR) ProtoReflect

func (x *CSR) ProtoReflect() protoreflect.Message

func (*CSR) Reset

func (x *CSR) Reset()

func (*CSR) String

func (x *CSR) String() string

type CSRParams

type CSRParams struct {

	// The type of certificate which will be associated for this CSR.
	Type CertificateType `protobuf:"varint,1,opt,name=type,proto3,enum=gnoi.certificate.CertificateType" json:"type,omitempty"`
	// Minimum size of the key to be used by the target when generating a
	// public/private key pair.
	MinKeySize uint32 `protobuf:"varint,2,opt,name=min_key_size,json=minKeySize,proto3" json:"min_key_size,omitempty"`
	// If provided, the target must use the provided key type. If the target
	// cannot use the algorithm specified in the key_type, it should cancel the
	// stream with an Unimplemented error.
	KeyType KeyType `protobuf:"varint,3,opt,name=key_type,json=keyType,proto3,enum=gnoi.certificate.KeyType" json:"key_type,omitempty"`
	// --- common set of parameters applicable for any type of certificate --- //
	CommonName         string `protobuf:"bytes,4,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty"`                         // e.g "device.corp.google.com"
	Country            string `protobuf:"bytes,5,opt,name=country,proto3" json:"country,omitempty"`                                                 // e.g "US"
	State              string `protobuf:"bytes,6,opt,name=state,proto3" json:"state,omitempty"`                                                     // e.g "CA"
	City               string `protobuf:"bytes,7,opt,name=city,proto3" json:"city,omitempty"`                                                       // e.g "Mountain View"
	Organization       string `protobuf:"bytes,8,opt,name=organization,proto3" json:"organization,omitempty"`                                       // e.g "Google"
	OrganizationalUnit string `protobuf:"bytes,9,opt,name=organizational_unit,json=organizationalUnit,proto3" json:"organizational_unit,omitempty"` // e.g "Security"
	IpAddress          string `protobuf:"bytes,10,opt,name=ip_address,json=ipAddress,proto3" json:"ip_address,omitempty"`
	EmailId            string `protobuf:"bytes,11,opt,name=email_id,json=emailId,proto3" json:"email_id,omitempty"`
	// contains filtered or unexported fields
}

Parameters to be used when generating a Certificate Signing Request.

func (*CSRParams) Descriptor deprecated

func (*CSRParams) Descriptor() ([]byte, []int)

Deprecated: Use CSRParams.ProtoReflect.Descriptor instead.

func (*CSRParams) GetCity

func (x *CSRParams) GetCity() string

func (*CSRParams) GetCommonName

func (x *CSRParams) GetCommonName() string

func (*CSRParams) GetCountry

func (x *CSRParams) GetCountry() string

func (*CSRParams) GetEmailId

func (x *CSRParams) GetEmailId() string

func (*CSRParams) GetIpAddress

func (x *CSRParams) GetIpAddress() string

func (*CSRParams) GetKeyType

func (x *CSRParams) GetKeyType() KeyType

func (*CSRParams) GetMinKeySize

func (x *CSRParams) GetMinKeySize() uint32

func (*CSRParams) GetOrganization

func (x *CSRParams) GetOrganization() string

func (*CSRParams) GetOrganizationalUnit

func (x *CSRParams) GetOrganizationalUnit() string

func (*CSRParams) GetState

func (x *CSRParams) GetState() string

func (*CSRParams) GetType

func (x *CSRParams) GetType() CertificateType

func (*CSRParams) ProtoMessage

func (*CSRParams) ProtoMessage()

func (*CSRParams) ProtoReflect

func (x *CSRParams) ProtoReflect() protoreflect.Message

func (*CSRParams) Reset

func (x *CSRParams) Reset()

func (*CSRParams) String

func (x *CSRParams) String() string

type CanGenerateCSRRequest

type CanGenerateCSRRequest struct {
	KeyType         KeyType         `protobuf:"varint,1,opt,name=key_type,json=keyType,proto3,enum=gnoi.certificate.KeyType" json:"key_type,omitempty"`
	CertificateType CertificateType `` /* 145-byte string literal not displayed */
	KeySize         uint32          `protobuf:"varint,3,opt,name=key_size,json=keySize,proto3" json:"key_size,omitempty"`
	// contains filtered or unexported fields
}

A request to ask the target if it can generate key pairs.

func (*CanGenerateCSRRequest) Descriptor deprecated

func (*CanGenerateCSRRequest) Descriptor() ([]byte, []int)

Deprecated: Use CanGenerateCSRRequest.ProtoReflect.Descriptor instead.

func (*CanGenerateCSRRequest) GetCertificateType

func (x *CanGenerateCSRRequest) GetCertificateType() CertificateType

func (*CanGenerateCSRRequest) GetKeySize

func (x *CanGenerateCSRRequest) GetKeySize() uint32

func (*CanGenerateCSRRequest) GetKeyType

func (x *CanGenerateCSRRequest) GetKeyType() KeyType

func (*CanGenerateCSRRequest) ProtoMessage

func (*CanGenerateCSRRequest) ProtoMessage()

func (*CanGenerateCSRRequest) ProtoReflect

func (x *CanGenerateCSRRequest) ProtoReflect() protoreflect.Message

func (*CanGenerateCSRRequest) Reset

func (x *CanGenerateCSRRequest) Reset()

func (*CanGenerateCSRRequest) String

func (x *CanGenerateCSRRequest) String() string

type CanGenerateCSRResponse

type CanGenerateCSRResponse struct {
	CanGenerate bool `protobuf:"varint,4,opt,name=can_generate,json=canGenerate,proto3" json:"can_generate,omitempty"`
	// contains filtered or unexported fields
}

Response from the target about whether it can generate a CSR with the given parameters.

func (*CanGenerateCSRResponse) Descriptor deprecated

func (*CanGenerateCSRResponse) Descriptor() ([]byte, []int)

Deprecated: Use CanGenerateCSRResponse.ProtoReflect.Descriptor instead.

func (*CanGenerateCSRResponse) GetCanGenerate

func (x *CanGenerateCSRResponse) GetCanGenerate() bool

func (*CanGenerateCSRResponse) ProtoMessage

func (*CanGenerateCSRResponse) ProtoMessage()

func (*CanGenerateCSRResponse) ProtoReflect

func (x *CanGenerateCSRResponse) ProtoReflect() protoreflect.Message

func (*CanGenerateCSRResponse) Reset

func (x *CanGenerateCSRResponse) Reset()

func (*CanGenerateCSRResponse) String

func (x *CanGenerateCSRResponse) String() string

type Certificate

type Certificate struct {

	// Type of certificate.
	Type CertificateType `protobuf:"varint,1,opt,name=type,proto3,enum=gnoi.certificate.CertificateType" json:"type,omitempty"`
	// Actual certificate.
	// The exact encoding depends upon the type of certificate.
	// for X509, this should be a PEM encoded Certificate.
	Certificate []byte `protobuf:"bytes,2,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// contains filtered or unexported fields
}

A certificate.

func (*Certificate) Descriptor deprecated

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCertificate

func (x *Certificate) GetCertificate() []byte

func (*Certificate) GetType

func (x *Certificate) GetType() CertificateType

func (*Certificate) ProtoMessage

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset

func (x *Certificate) Reset()

func (*Certificate) String

func (x *Certificate) String() string

type CertificateInfo

type CertificateInfo struct {
	CertificateId string       `protobuf:"bytes,1,opt,name=certificate_id,json=certificateId,proto3" json:"certificate_id,omitempty"`
	Certificate   *Certificate `protobuf:"bytes,2,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// List of endpoints using this certificate.
	Endpoints []*Endpoint `protobuf:"bytes,3,rep,name=endpoints,proto3" json:"endpoints,omitempty"`
	// System modification time when the certificate was installed/rotated in
	// nanoseconds since epoch.
	ModificationTime int64 `protobuf:"varint,4,opt,name=modification_time,json=modificationTime,proto3" json:"modification_time,omitempty"`
	// contains filtered or unexported fields
}

func (*CertificateInfo) Descriptor deprecated

func (*CertificateInfo) Descriptor() ([]byte, []int)

Deprecated: Use CertificateInfo.ProtoReflect.Descriptor instead.

func (*CertificateInfo) GetCertificate

func (x *CertificateInfo) GetCertificate() *Certificate

func (*CertificateInfo) GetCertificateId

func (x *CertificateInfo) GetCertificateId() string

func (*CertificateInfo) GetEndpoints

func (x *CertificateInfo) GetEndpoints() []*Endpoint

func (*CertificateInfo) GetModificationTime

func (x *CertificateInfo) GetModificationTime() int64

func (*CertificateInfo) ProtoMessage

func (*CertificateInfo) ProtoMessage()

func (*CertificateInfo) ProtoReflect

func (x *CertificateInfo) ProtoReflect() protoreflect.Message

func (*CertificateInfo) Reset

func (x *CertificateInfo) Reset()

func (*CertificateInfo) String

func (x *CertificateInfo) String() string

type CertificateManagementClient

type CertificateManagementClient interface {
	// Rotate will replace an existing Certificate on the target by creating a
	// new CSR request and placing the new Certificate based on the CSR on the
	// target. If the stream is broken or any steps in the process fail the
	// target must rollback to the original Certificate.
	//
	// The following describes the sequence of messages that must be exchanged
	// in the Rotate() RPC.
	//
	// Sequence of expected messages:
	// Case 1: When Target generates the CSR.
	//
	//   Step 1: Start the stream
	//     Client <---- Rotate() RPC stream begin ------> Target
	//
	//   Step 2: CSR
	//     Client -----> GenerateCSRRequest----> Target
	//     Client <----- GenerateCSRResponse <--- Target
	//
	//   Step 3: Certificate Signing
	//     Client gets the certificate signed by the CA.
	//
	//   Step 4: Send Certificate to Target.
	//     Client --> LoadCertificateRequest ----> Target
	//     Client <-- LoadCertificateResponse <--- Target
	//
	//   Step 5: Test/Validation by the client.
	//     This step should be to create a new connection to the target using
	//     The new certificate and validate that the certificate works.
	//     Once verfied, the client will then proceed to finalize the rotation.
	//     If the new connection cannot be completed the client will cancel the
	//     RPC thereby forcing the target to rollback the certificate.
	//
	//   Step 6: Final commit.
	//     Client ---> FinalizeRequest ----> Target
	//
	//
	// Case 2: When Client generates the CSR.
	//   Step 1: Start the stream
	//     Client <---- Rotate() RPC stream begin ----> Target
	//
	//   Step 2: CSR
	//     Client generates its own certificate.
	//
	//   Step 3: Certificate Signing
	//     Client gets the certificate signed by the CA.
	//
	//   Step 4: Send Certificate to Target.
	//     Client ---> LoadCertificateRequest ----> Target
	//     Client <--- LoadCertificateResponse <--- Target
	//
	//   Step 5: Test/Validation by the client.
	//
	//   Step 6: Final commit.
	//     Client ---> FinalizeRequest ----> Target
	Rotate(ctx context.Context, opts ...grpc.CallOption) (CertificateManagement_RotateClient, error)
	// Install will put a new Certificate on the target by creating a new CSR
	// request and placing the new Certificate based on the CSR on the target.The
	// new Certificate will be associated with a new Certificate Id on the target.
	// If the target has a pre existing Certificate with the given Certificate Id,
	// the operation should fail.
	// If the stream is broken or any steps in the process fail the target must
	// revert any changes in state.
	//
	// The following describes the sequence of messages that must be exchanged
	// in the Install() RPC.
	//
	// Sequence of expected messages:
	// Case 1: When Target generates the CSR-------------------------:
	//
	//   Step 1: Start the stream
	//     Client <---- Install() RPC stream begin ------> Target
	//
	//   Step 2: CSR
	//     Client -----> GenerateCSRRequest() ----> Target
	//     Client <---- GenerateCSRResponse() <---- Target
	//
	//   Step 3: Certificate Signing
	//     Client gets the certificate signed by the CA.
	//
	//   Step 4: Send Certificate to Target.
	//     Client -> LoadCertificateRequest() ----> Target
	//     Client <- LoadCertificateResponse() <--- Target
	//
	// Case 2: When Client generates the CSR-------------------------:
	//   Step 1: Start the stream
	//     Client <---- Install() RPC stream begin ------> Target
	//
	//   Step 2: CSR
	//     Client generates its own certificate.
	//
	//   Step 3: Certificate Signing
	//     Client gets the certificate signed by the CA.
	//
	//   Step 4: Send Certificate to Target.
	//     Client -> LoadCertificateRequest() ----> Target
	//     Client <- LoadCertificateResponse() <--- Target
	//
	Install(ctx context.Context, opts ...grpc.CallOption) (CertificateManagement_InstallClient, error)
	// An RPC to get the certificates on the target.
	GetCertificates(ctx context.Context, in *GetCertificatesRequest, opts ...grpc.CallOption) (*GetCertificatesResponse, error)
	// An RPC to revoke specific certificates.
	// If a certificate is not present on the target, the request should silently
	// succeed. Revoking a certificate should render the existing certificate
	// unusable by any endpoints.
	RevokeCertificates(ctx context.Context, in *RevokeCertificatesRequest, opts ...grpc.CallOption) (*RevokeCertificatesResponse, error)
	// An RPC to ask a target if it can generate a Certificate.
	CanGenerateCSR(ctx context.Context, in *CanGenerateCSRRequest, opts ...grpc.CallOption) (*CanGenerateCSRResponse, error)
}

CertificateManagementClient is the client API for CertificateManagement service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

type CertificateManagementServer

type CertificateManagementServer interface {
	// Rotate will replace an existing Certificate on the target by creating a
	// new CSR request and placing the new Certificate based on the CSR on the
	// target. If the stream is broken or any steps in the process fail the
	// target must rollback to the original Certificate.
	//
	// The following describes the sequence of messages that must be exchanged
	// in the Rotate() RPC.
	//
	// Sequence of expected messages:
	// Case 1: When Target generates the CSR.
	//
	//   Step 1: Start the stream
	//     Client <---- Rotate() RPC stream begin ------> Target
	//
	//   Step 2: CSR
	//     Client -----> GenerateCSRRequest----> Target
	//     Client <----- GenerateCSRResponse <--- Target
	//
	//   Step 3: Certificate Signing
	//     Client gets the certificate signed by the CA.
	//
	//   Step 4: Send Certificate to Target.
	//     Client --> LoadCertificateRequest ----> Target
	//     Client <-- LoadCertificateResponse <--- Target
	//
	//   Step 5: Test/Validation by the client.
	//     This step should be to create a new connection to the target using
	//     The new certificate and validate that the certificate works.
	//     Once verfied, the client will then proceed to finalize the rotation.
	//     If the new connection cannot be completed the client will cancel the
	//     RPC thereby forcing the target to rollback the certificate.
	//
	//   Step 6: Final commit.
	//     Client ---> FinalizeRequest ----> Target
	//
	//
	// Case 2: When Client generates the CSR.
	//   Step 1: Start the stream
	//     Client <---- Rotate() RPC stream begin ----> Target
	//
	//   Step 2: CSR
	//     Client generates its own certificate.
	//
	//   Step 3: Certificate Signing
	//     Client gets the certificate signed by the CA.
	//
	//   Step 4: Send Certificate to Target.
	//     Client ---> LoadCertificateRequest ----> Target
	//     Client <--- LoadCertificateResponse <--- Target
	//
	//   Step 5: Test/Validation by the client.
	//
	//   Step 6: Final commit.
	//     Client ---> FinalizeRequest ----> Target
	Rotate(CertificateManagement_RotateServer) error
	// Install will put a new Certificate on the target by creating a new CSR
	// request and placing the new Certificate based on the CSR on the target.The
	// new Certificate will be associated with a new Certificate Id on the target.
	// If the target has a pre existing Certificate with the given Certificate Id,
	// the operation should fail.
	// If the stream is broken or any steps in the process fail the target must
	// revert any changes in state.
	//
	// The following describes the sequence of messages that must be exchanged
	// in the Install() RPC.
	//
	// Sequence of expected messages:
	// Case 1: When Target generates the CSR-------------------------:
	//
	//   Step 1: Start the stream
	//     Client <---- Install() RPC stream begin ------> Target
	//
	//   Step 2: CSR
	//     Client -----> GenerateCSRRequest() ----> Target
	//     Client <---- GenerateCSRResponse() <---- Target
	//
	//   Step 3: Certificate Signing
	//     Client gets the certificate signed by the CA.
	//
	//   Step 4: Send Certificate to Target.
	//     Client -> LoadCertificateRequest() ----> Target
	//     Client <- LoadCertificateResponse() <--- Target
	//
	// Case 2: When Client generates the CSR-------------------------:
	//   Step 1: Start the stream
	//     Client <---- Install() RPC stream begin ------> Target
	//
	//   Step 2: CSR
	//     Client generates its own certificate.
	//
	//   Step 3: Certificate Signing
	//     Client gets the certificate signed by the CA.
	//
	//   Step 4: Send Certificate to Target.
	//     Client -> LoadCertificateRequest() ----> Target
	//     Client <- LoadCertificateResponse() <--- Target
	//
	Install(CertificateManagement_InstallServer) error
	// An RPC to get the certificates on the target.
	GetCertificates(context.Context, *GetCertificatesRequest) (*GetCertificatesResponse, error)
	// An RPC to revoke specific certificates.
	// If a certificate is not present on the target, the request should silently
	// succeed. Revoking a certificate should render the existing certificate
	// unusable by any endpoints.
	RevokeCertificates(context.Context, *RevokeCertificatesRequest) (*RevokeCertificatesResponse, error)
	// An RPC to ask a target if it can generate a Certificate.
	CanGenerateCSR(context.Context, *CanGenerateCSRRequest) (*CanGenerateCSRResponse, error)
}

CertificateManagementServer is the server API for CertificateManagement service.

type CertificateManagement_InstallClient

type CertificateManagement_InstallClient interface {
	Send(*InstallCertificateRequest) error
	Recv() (*InstallCertificateResponse, error)
	grpc.ClientStream
}

type CertificateManagement_InstallServer

type CertificateManagement_InstallServer interface {
	Send(*InstallCertificateResponse) error
	Recv() (*InstallCertificateRequest, error)
	grpc.ServerStream
}

type CertificateManagement_RotateClient

type CertificateManagement_RotateClient interface {
	Send(*RotateCertificateRequest) error
	Recv() (*RotateCertificateResponse, error)
	grpc.ClientStream
}

type CertificateManagement_RotateServer

type CertificateManagement_RotateServer interface {
	Send(*RotateCertificateResponse) error
	Recv() (*RotateCertificateRequest, error)
	grpc.ServerStream
}

type CertificateRevocationError

type CertificateRevocationError struct {
	CertificateId string `protobuf:"bytes,1,opt,name=certificate_id,json=certificateId,proto3" json:"certificate_id,omitempty"`
	ErrorMessage  string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
	// contains filtered or unexported fields
}

An error message indicating why a certificate id could not be revoked.

func (*CertificateRevocationError) Descriptor deprecated

func (*CertificateRevocationError) Descriptor() ([]byte, []int)

Deprecated: Use CertificateRevocationError.ProtoReflect.Descriptor instead.

func (*CertificateRevocationError) GetCertificateId

func (x *CertificateRevocationError) GetCertificateId() string

func (*CertificateRevocationError) GetErrorMessage

func (x *CertificateRevocationError) GetErrorMessage() string

func (*CertificateRevocationError) ProtoMessage

func (*CertificateRevocationError) ProtoMessage()

func (*CertificateRevocationError) ProtoReflect

func (*CertificateRevocationError) Reset

func (x *CertificateRevocationError) Reset()

func (*CertificateRevocationError) String

func (x *CertificateRevocationError) String() string

type CertificateType

type CertificateType int32

Types of certificates.

const (
	// 1 - 500 for public use.
	// 501 onwards for private use.
	CertificateType_CT_UNKNOWN CertificateType = 0
	CertificateType_CT_X509    CertificateType = 1
)

func (CertificateType) Descriptor

func (CertificateType) Enum

func (x CertificateType) Enum() *CertificateType

func (CertificateType) EnumDescriptor deprecated

func (CertificateType) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateType.Descriptor instead.

func (CertificateType) Number

func (CertificateType) String

func (x CertificateType) String() string

func (CertificateType) Type

type Endpoint

type Endpoint struct {
	Type Endpoint_Type `protobuf:"varint,1,opt,name=type,proto3,enum=gnoi.certificate.Endpoint_Type" json:"type,omitempty"`
	// Human readable identifier for an endpoint.
	Endpoint string `protobuf:"bytes,2,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
	// contains filtered or unexported fields
}

An endpoint represents an entity on the target which can use a certificate.

func (*Endpoint) Descriptor deprecated

func (*Endpoint) Descriptor() ([]byte, []int)

Deprecated: Use Endpoint.ProtoReflect.Descriptor instead.

func (*Endpoint) GetEndpoint

func (x *Endpoint) GetEndpoint() string

func (*Endpoint) GetType

func (x *Endpoint) GetType() Endpoint_Type

func (*Endpoint) ProtoMessage

func (*Endpoint) ProtoMessage()

func (*Endpoint) ProtoReflect

func (x *Endpoint) ProtoReflect() protoreflect.Message

func (*Endpoint) Reset

func (x *Endpoint) Reset()

func (*Endpoint) String

func (x *Endpoint) String() string

type Endpoint_Type

type Endpoint_Type int32

Type of endpoint that can use a cert. This list is to be extended based on conversation with vendors.

const (
	Endpoint_EP_UNSPECIFIED  Endpoint_Type = 0
	Endpoint_EP_IPSEC_TUNNEL Endpoint_Type = 1
	Endpoint_EP_DAEMON       Endpoint_Type = 2
)

func (Endpoint_Type) Descriptor

func (Endpoint_Type) Enum

func (x Endpoint_Type) Enum() *Endpoint_Type

func (Endpoint_Type) EnumDescriptor deprecated

func (Endpoint_Type) EnumDescriptor() ([]byte, []int)

Deprecated: Use Endpoint_Type.Descriptor instead.

func (Endpoint_Type) Number

func (Endpoint_Type) String

func (x Endpoint_Type) String() string

func (Endpoint_Type) Type

type FinalizeRequest

type FinalizeRequest struct {
	// contains filtered or unexported fields
}

A Finalize message is sent to the target to confirm the Rotation of the certificate and that the certificate should not be rolled back when the RPC concludes. The certificate must be rolled back if the target returns an error after receiving a Finalize message.

func (*FinalizeRequest) Descriptor deprecated

func (*FinalizeRequest) Descriptor() ([]byte, []int)

Deprecated: Use FinalizeRequest.ProtoReflect.Descriptor instead.

func (*FinalizeRequest) ProtoMessage

func (*FinalizeRequest) ProtoMessage()

func (*FinalizeRequest) ProtoReflect

func (x *FinalizeRequest) ProtoReflect() protoreflect.Message

func (*FinalizeRequest) Reset

func (x *FinalizeRequest) Reset()

func (*FinalizeRequest) String

func (x *FinalizeRequest) String() string

type GenerateCSRRequest

type GenerateCSRRequest struct {

	// Parameters for creating a CSR.
	CsrParams *CSRParams `protobuf:"bytes,1,opt,name=csr_params,json=csrParams,proto3" json:"csr_params,omitempty"`
	// The certificate id with which this CSR will be associated. The target
	// configuration should bind an entity which wants to use a certificate to
	// the certificate_id it should use.
	CertificateId string `protobuf:"bytes,2,opt,name=certificate_id,json=certificateId,proto3" json:"certificate_id,omitempty"`
	// contains filtered or unexported fields
}

Request to generate the CSR. When this request is made for rotating an existing certificate as part of the Rotate() RPC, then the target must ensure that the "certificate_id" is already created and exists on the target. If the Certificate Rotation proceeds to load the certificate, it must associate the new certificate with the previously created "certificate_id".

When this request is made for installing a completely new certificate as part of the Install() RPC , then the target must ensure that the "certificate_id" is completely new and no entities on the target are should be bound to this certificate_id. If any existing certificate matches the certificate_id, then this request should fail.

If there is another ongoing Rotate/Install RPC with the same certificate_id, the GenerateCSRRequest should fail.

func (*GenerateCSRRequest) Descriptor deprecated

func (*GenerateCSRRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateCSRRequest.ProtoReflect.Descriptor instead.

func (*GenerateCSRRequest) GetCertificateId

func (x *GenerateCSRRequest) GetCertificateId() string

func (*GenerateCSRRequest) GetCsrParams

func (x *GenerateCSRRequest) GetCsrParams() *CSRParams

func (*GenerateCSRRequest) ProtoMessage

func (*GenerateCSRRequest) ProtoMessage()

func (*GenerateCSRRequest) ProtoReflect

func (x *GenerateCSRRequest) ProtoReflect() protoreflect.Message

func (*GenerateCSRRequest) Reset

func (x *GenerateCSRRequest) Reset()

func (*GenerateCSRRequest) String

func (x *GenerateCSRRequest) String() string

type GenerateCSRResponse

type GenerateCSRResponse struct {
	Csr *CSR `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// contains filtered or unexported fields
}

GenerateCSRResponse contains the CSR associated with the Certificate ID supplied in the GenerateCSRRequest. When a Certificate is subsequently installed on the target in the same streaming RPC session, it must be associated to that Certificate ID.

An Unimplemented error will be returned if the target cannot generate a CSR as per the request. In this case, the caller must generate its own key pair.

func (*GenerateCSRResponse) Descriptor deprecated

func (*GenerateCSRResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateCSRResponse.ProtoReflect.Descriptor instead.

func (*GenerateCSRResponse) GetCsr

func (x *GenerateCSRResponse) GetCsr() *CSR

func (*GenerateCSRResponse) ProtoMessage

func (*GenerateCSRResponse) ProtoMessage()

func (*GenerateCSRResponse) ProtoReflect

func (x *GenerateCSRResponse) ProtoReflect() protoreflect.Message

func (*GenerateCSRResponse) Reset

func (x *GenerateCSRResponse) Reset()

func (*GenerateCSRResponse) String

func (x *GenerateCSRResponse) String() string

type GetCertificatesRequest

type GetCertificatesRequest struct {
	// contains filtered or unexported fields
}

The request to query all the certificates on the target.

func (*GetCertificatesRequest) Descriptor deprecated

func (*GetCertificatesRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificatesRequest.ProtoReflect.Descriptor instead.

func (*GetCertificatesRequest) ProtoMessage

func (*GetCertificatesRequest) ProtoMessage()

func (*GetCertificatesRequest) ProtoReflect

func (x *GetCertificatesRequest) ProtoReflect() protoreflect.Message

func (*GetCertificatesRequest) Reset

func (x *GetCertificatesRequest) Reset()

func (*GetCertificatesRequest) String

func (x *GetCertificatesRequest) String() string

type GetCertificatesResponse

type GetCertificatesResponse struct {
	CertificateInfo []*CertificateInfo `protobuf:"bytes,1,rep,name=certificate_info,json=certificateInfo,proto3" json:"certificate_info,omitempty"`
	// contains filtered or unexported fields
}

Response from the target about the certificates that exist on the target what what is using them.

func (*GetCertificatesResponse) Descriptor deprecated

func (*GetCertificatesResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetCertificatesResponse.ProtoReflect.Descriptor instead.

func (*GetCertificatesResponse) GetCertificateInfo

func (x *GetCertificatesResponse) GetCertificateInfo() []*CertificateInfo

func (*GetCertificatesResponse) ProtoMessage

func (*GetCertificatesResponse) ProtoMessage()

func (*GetCertificatesResponse) ProtoReflect

func (x *GetCertificatesResponse) ProtoReflect() protoreflect.Message

func (*GetCertificatesResponse) Reset

func (x *GetCertificatesResponse) Reset()

func (*GetCertificatesResponse) String

func (x *GetCertificatesResponse) String() string

type InstallCertificateRequest

type InstallCertificateRequest struct {

	// Request Messages.
	//
	// Types that are assignable to InstallRequest:
	//	*InstallCertificateRequest_GenerateCsr
	//	*InstallCertificateRequest_LoadCertificate
	InstallRequest isInstallCertificateRequest_InstallRequest `protobuf_oneof:"install_request"`
	// contains filtered or unexported fields
}

Request messages to install new certificates on the target.

func (*InstallCertificateRequest) Descriptor deprecated

func (*InstallCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use InstallCertificateRequest.ProtoReflect.Descriptor instead.

func (*InstallCertificateRequest) GetGenerateCsr

func (x *InstallCertificateRequest) GetGenerateCsr() *GenerateCSRRequest

func (*InstallCertificateRequest) GetInstallRequest

func (m *InstallCertificateRequest) GetInstallRequest() isInstallCertificateRequest_InstallRequest

func (*InstallCertificateRequest) GetLoadCertificate

func (x *InstallCertificateRequest) GetLoadCertificate() *LoadCertificateRequest

func (*InstallCertificateRequest) ProtoMessage

func (*InstallCertificateRequest) ProtoMessage()

func (*InstallCertificateRequest) ProtoReflect

func (*InstallCertificateRequest) Reset

func (x *InstallCertificateRequest) Reset()

func (*InstallCertificateRequest) String

func (x *InstallCertificateRequest) String() string

type InstallCertificateRequest_GenerateCsr

type InstallCertificateRequest_GenerateCsr struct {
	GenerateCsr *GenerateCSRRequest `protobuf:"bytes,1,opt,name=generate_csr,json=generateCsr,proto3,oneof"`
}

type InstallCertificateRequest_LoadCertificate

type InstallCertificateRequest_LoadCertificate struct {
	LoadCertificate *LoadCertificateRequest `protobuf:"bytes,2,opt,name=load_certificate,json=loadCertificate,proto3,oneof"`
}

type InstallCertificateResponse

type InstallCertificateResponse struct {

	// Response messages.
	//
	// Types that are assignable to InstallResponse:
	//	*InstallCertificateResponse_GeneratedCsr
	//	*InstallCertificateResponse_LoadCertificate
	InstallResponse isInstallCertificateResponse_InstallResponse `protobuf_oneof:"install_response"`
	// contains filtered or unexported fields
}

Response Messages from the target for the InstallCertificateRequest.

func (*InstallCertificateResponse) Descriptor deprecated

func (*InstallCertificateResponse) Descriptor() ([]byte, []int)

Deprecated: Use InstallCertificateResponse.ProtoReflect.Descriptor instead.

func (*InstallCertificateResponse) GetGeneratedCsr

func (x *InstallCertificateResponse) GetGeneratedCsr() *GenerateCSRResponse

func (*InstallCertificateResponse) GetInstallResponse

func (m *InstallCertificateResponse) GetInstallResponse() isInstallCertificateResponse_InstallResponse

func (*InstallCertificateResponse) GetLoadCertificate

func (x *InstallCertificateResponse) GetLoadCertificate() *LoadCertificateResponse

func (*InstallCertificateResponse) ProtoMessage

func (*InstallCertificateResponse) ProtoMessage()

func (*InstallCertificateResponse) ProtoReflect

func (*InstallCertificateResponse) Reset

func (x *InstallCertificateResponse) Reset()

func (*InstallCertificateResponse) String

func (x *InstallCertificateResponse) String() string

type InstallCertificateResponse_GeneratedCsr

type InstallCertificateResponse_GeneratedCsr struct {
	GeneratedCsr *GenerateCSRResponse `protobuf:"bytes,1,opt,name=generated_csr,json=generatedCsr,proto3,oneof"`
}

type InstallCertificateResponse_LoadCertificate

type InstallCertificateResponse_LoadCertificate struct {
	LoadCertificate *LoadCertificateResponse `protobuf:"bytes,2,opt,name=load_certificate,json=loadCertificate,proto3,oneof"`
}

type KeyPair

type KeyPair struct {
	PrivateKey []byte `protobuf:"bytes,1,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
	PublicKey  []byte `protobuf:"bytes,2,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

A message representing a pair of public/private keys.

func (*KeyPair) Descriptor deprecated

func (*KeyPair) Descriptor() ([]byte, []int)

Deprecated: Use KeyPair.ProtoReflect.Descriptor instead.

func (*KeyPair) GetPrivateKey

func (x *KeyPair) GetPrivateKey() []byte

func (*KeyPair) GetPublicKey

func (x *KeyPair) GetPublicKey() []byte

func (*KeyPair) ProtoMessage

func (*KeyPair) ProtoMessage()

func (*KeyPair) ProtoReflect

func (x *KeyPair) ProtoReflect() protoreflect.Message

func (*KeyPair) Reset

func (x *KeyPair) Reset()

func (*KeyPair) String

func (x *KeyPair) String() string

type KeyType

type KeyType int32

Algorithm to be used for generation the key pair.

const (
	// 1 - 500, for known types.
	// 501 and onwards for private use.
	KeyType_KT_UNKNOWN KeyType = 0
	KeyType_KT_RSA     KeyType = 1
)

func (KeyType) Descriptor

func (KeyType) Descriptor() protoreflect.EnumDescriptor

func (KeyType) Enum

func (x KeyType) Enum() *KeyType

func (KeyType) EnumDescriptor deprecated

func (KeyType) EnumDescriptor() ([]byte, []int)

Deprecated: Use KeyType.Descriptor instead.

func (KeyType) Number

func (x KeyType) Number() protoreflect.EnumNumber

func (KeyType) String

func (x KeyType) String() string

func (KeyType) Type

func (KeyType) Type() protoreflect.EnumType

type LoadCertificateRequest

type LoadCertificateRequest struct {

	// The certificate to be Loaded on the target.
	Certificate *Certificate `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// The key pair to be used with the certificate. This is provided in the event
	// that the target cannot generate a CSR (and the corresponding public/private
	// keys).
	KeyPair *KeyPair `protobuf:"bytes,2,opt,name=key_pair,json=keyPair,proto3" json:"key_pair,omitempty"`
	// Certificate Id of the above certificate. This is to be provided only when
	// there is an externally generated key pair.
	CertificateId string `protobuf:"bytes,3,opt,name=certificate_id,json=certificateId,proto3" json:"certificate_id,omitempty"`
	// Optional bundle of CA certificates. When not empty, the provided
	// certificates should squash the existing bundle. This field provides a
	// simplified means to provision a CA bundle that can be used to validate
	// other peer's certificates.
	CaCertificates []*Certificate `protobuf:"bytes,4,rep,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"`
	// contains filtered or unexported fields
}

LoadCertificateRequest instructs the target to store the given certificate.

Case 1: Target Generated CSR and Key Pair. If the target generated the CSR (and the public/private key pair) during the GenerateCSR request, then the target must associate the certificate with the certificate ID specified in the preceding GenerateCSR request.

Case 2: Externally Generated Key Pair. If the target can not generate a CSR, then the public/private key pair is generated externally. In this case provide the target with the key pair, and the certificate_id to be associated with the new certificate.

If there is another ongoing Rotate/Install RPC with the same certificate_id, the LoadCertificateRequest must fail.

func (*LoadCertificateRequest) Descriptor deprecated

func (*LoadCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use LoadCertificateRequest.ProtoReflect.Descriptor instead.

func (*LoadCertificateRequest) GetCaCertificates

func (x *LoadCertificateRequest) GetCaCertificates() []*Certificate

func (*LoadCertificateRequest) GetCertificate

func (x *LoadCertificateRequest) GetCertificate() *Certificate

func (*LoadCertificateRequest) GetCertificateId

func (x *LoadCertificateRequest) GetCertificateId() string

func (*LoadCertificateRequest) GetKeyPair

func (x *LoadCertificateRequest) GetKeyPair() *KeyPair

func (*LoadCertificateRequest) ProtoMessage

func (*LoadCertificateRequest) ProtoMessage()

func (*LoadCertificateRequest) ProtoReflect

func (x *LoadCertificateRequest) ProtoReflect() protoreflect.Message

func (*LoadCertificateRequest) Reset

func (x *LoadCertificateRequest) Reset()

func (*LoadCertificateRequest) String

func (x *LoadCertificateRequest) String() string

type LoadCertificateResponse

type LoadCertificateResponse struct {
	// contains filtered or unexported fields
}

Response from target after Loading a Certificate. If the target could not load the certificate, it must end the RPC stream with a suitable RPC error about why the Certificate was not loaded.

func (*LoadCertificateResponse) Descriptor deprecated

func (*LoadCertificateResponse) Descriptor() ([]byte, []int)

Deprecated: Use LoadCertificateResponse.ProtoReflect.Descriptor instead.

func (*LoadCertificateResponse) ProtoMessage

func (*LoadCertificateResponse) ProtoMessage()

func (*LoadCertificateResponse) ProtoReflect

func (x *LoadCertificateResponse) ProtoReflect() protoreflect.Message

func (*LoadCertificateResponse) Reset

func (x *LoadCertificateResponse) Reset()

func (*LoadCertificateResponse) String

func (x *LoadCertificateResponse) String() string

type RevokeCertificatesRequest

type RevokeCertificatesRequest struct {

	// Certificates to revoke.
	CertificateId []string `protobuf:"bytes,1,rep,name=certificate_id,json=certificateId,proto3" json:"certificate_id,omitempty"`
	// contains filtered or unexported fields
}

func (*RevokeCertificatesRequest) Descriptor deprecated

func (*RevokeCertificatesRequest) Descriptor() ([]byte, []int)

Deprecated: Use RevokeCertificatesRequest.ProtoReflect.Descriptor instead.

func (*RevokeCertificatesRequest) GetCertificateId

func (x *RevokeCertificatesRequest) GetCertificateId() []string

func (*RevokeCertificatesRequest) ProtoMessage

func (*RevokeCertificatesRequest) ProtoMessage()

func (*RevokeCertificatesRequest) ProtoReflect

func (*RevokeCertificatesRequest) Reset

func (x *RevokeCertificatesRequest) Reset()

func (*RevokeCertificatesRequest) String

func (x *RevokeCertificatesRequest) String() string

type RevokeCertificatesResponse

type RevokeCertificatesResponse struct {

	// List of certificates successfully revoked.
	RevokedCertificateId []string `protobuf:"bytes,1,rep,name=revoked_certificate_id,json=revokedCertificateId,proto3" json:"revoked_certificate_id,omitempty"`
	// List of errors why certain certificates could not be revoked.
	CertificateRevocationError []*CertificateRevocationError `` /* 141-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*RevokeCertificatesResponse) Descriptor deprecated

func (*RevokeCertificatesResponse) Descriptor() ([]byte, []int)

Deprecated: Use RevokeCertificatesResponse.ProtoReflect.Descriptor instead.

func (*RevokeCertificatesResponse) GetCertificateRevocationError

func (x *RevokeCertificatesResponse) GetCertificateRevocationError() []*CertificateRevocationError

func (*RevokeCertificatesResponse) GetRevokedCertificateId

func (x *RevokeCertificatesResponse) GetRevokedCertificateId() []string

func (*RevokeCertificatesResponse) ProtoMessage

func (*RevokeCertificatesResponse) ProtoMessage()

func (*RevokeCertificatesResponse) ProtoReflect

func (*RevokeCertificatesResponse) Reset

func (x *RevokeCertificatesResponse) Reset()

func (*RevokeCertificatesResponse) String

func (x *RevokeCertificatesResponse) String() string

type RotateCertificateRequest

type RotateCertificateRequest struct {

	// Request Messages.
	//
	// Types that are assignable to RotateRequest:
	//	*RotateCertificateRequest_GenerateCsr
	//	*RotateCertificateRequest_LoadCertificate
	//	*RotateCertificateRequest_FinalizeRotation
	RotateRequest isRotateCertificateRequest_RotateRequest `protobuf_oneof:"rotate_request"`
	// contains filtered or unexported fields
}

Request messages to rotate existing certificates on the target.

func (*RotateCertificateRequest) Descriptor deprecated

func (*RotateCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use RotateCertificateRequest.ProtoReflect.Descriptor instead.

func (*RotateCertificateRequest) GetFinalizeRotation

func (x *RotateCertificateRequest) GetFinalizeRotation() *FinalizeRequest

func (*RotateCertificateRequest) GetGenerateCsr

func (x *RotateCertificateRequest) GetGenerateCsr() *GenerateCSRRequest

func (*RotateCertificateRequest) GetLoadCertificate

func (x *RotateCertificateRequest) GetLoadCertificate() *LoadCertificateRequest

func (*RotateCertificateRequest) GetRotateRequest

func (m *RotateCertificateRequest) GetRotateRequest() isRotateCertificateRequest_RotateRequest

func (*RotateCertificateRequest) ProtoMessage

func (*RotateCertificateRequest) ProtoMessage()

func (*RotateCertificateRequest) ProtoReflect

func (x *RotateCertificateRequest) ProtoReflect() protoreflect.Message

func (*RotateCertificateRequest) Reset

func (x *RotateCertificateRequest) Reset()

func (*RotateCertificateRequest) String

func (x *RotateCertificateRequest) String() string

type RotateCertificateRequest_FinalizeRotation

type RotateCertificateRequest_FinalizeRotation struct {
	FinalizeRotation *FinalizeRequest `protobuf:"bytes,3,opt,name=finalize_rotation,json=finalizeRotation,proto3,oneof"`
}

type RotateCertificateRequest_GenerateCsr

type RotateCertificateRequest_GenerateCsr struct {
	GenerateCsr *GenerateCSRRequest `protobuf:"bytes,1,opt,name=generate_csr,json=generateCsr,proto3,oneof"`
}

type RotateCertificateRequest_LoadCertificate

type RotateCertificateRequest_LoadCertificate struct {
	LoadCertificate *LoadCertificateRequest `protobuf:"bytes,2,opt,name=load_certificate,json=loadCertificate,proto3,oneof"`
}

type RotateCertificateResponse

type RotateCertificateResponse struct {

	// Response messages.
	//
	// Types that are assignable to RotateResponse:
	//	*RotateCertificateResponse_GeneratedCsr
	//	*RotateCertificateResponse_LoadCertificate
	RotateResponse isRotateCertificateResponse_RotateResponse `protobuf_oneof:"rotate_response"`
	// contains filtered or unexported fields
}

Response Messages from the target.

func (*RotateCertificateResponse) Descriptor deprecated

func (*RotateCertificateResponse) Descriptor() ([]byte, []int)

Deprecated: Use RotateCertificateResponse.ProtoReflect.Descriptor instead.

func (*RotateCertificateResponse) GetGeneratedCsr

func (x *RotateCertificateResponse) GetGeneratedCsr() *GenerateCSRResponse

func (*RotateCertificateResponse) GetLoadCertificate

func (x *RotateCertificateResponse) GetLoadCertificate() *LoadCertificateResponse

func (*RotateCertificateResponse) GetRotateResponse

func (m *RotateCertificateResponse) GetRotateResponse() isRotateCertificateResponse_RotateResponse

func (*RotateCertificateResponse) ProtoMessage

func (*RotateCertificateResponse) ProtoMessage()

func (*RotateCertificateResponse) ProtoReflect

func (*RotateCertificateResponse) Reset

func (x *RotateCertificateResponse) Reset()

func (*RotateCertificateResponse) String

func (x *RotateCertificateResponse) String() string

type RotateCertificateResponse_GeneratedCsr

type RotateCertificateResponse_GeneratedCsr struct {
	GeneratedCsr *GenerateCSRResponse `protobuf:"bytes,1,opt,name=generated_csr,json=generatedCsr,proto3,oneof"`
}

type RotateCertificateResponse_LoadCertificate

type RotateCertificateResponse_LoadCertificate struct {
	LoadCertificate *LoadCertificateResponse `protobuf:"bytes,2,opt,name=load_certificate,json=loadCertificate,proto3,oneof"`
}

type UnimplementedCertificateManagementServer

type UnimplementedCertificateManagementServer struct {
}

UnimplementedCertificateManagementServer can be embedded to have forward compatible implementations.

func (*UnimplementedCertificateManagementServer) CanGenerateCSR

func (*UnimplementedCertificateManagementServer) GetCertificates

func (*UnimplementedCertificateManagementServer) Install

func (*UnimplementedCertificateManagementServer) RevokeCertificates

func (*UnimplementedCertificateManagementServer) Rotate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL