cert

package
v1.4.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 1, 2024 License: Apache-2.0 Imports: 10 Imported by: 9

README

gNSI.certz

gNSI certz Service Protobuf Definition

Contributors: hines@google.com, morrowc@google.com, tmadejski@google.com Last Updated: 2023-05-31

Background

The certz service definition provides the API to be used for rotating and testing PKI primitives used on network systems. The Rotate() is bidirectional streaming RPC which permit mutating Certificates, Root Certificate Bundles, Certificate Revocation Lists and Authentication Policies. For Rotate() stream it is possible to mutate one or more of the elements, and to send a Finalize message once the in-flight change has been verified to be operational. Failure to send the Finalize message will result in the candidate element being discarded and the original element being used instead.

Motivation

Management of the PKI elements for a network system should have a clear and direct method for installation and update.

Certz.Rotate()

Certz.Rotate() will permit rotation, and verification of function, of any of the PKI elements. The normal use-case would be to:

  • send an CertificateBundle to a network system as a RotateCertificateRequest.
  • verify that the services which will use the new certificate bundle continue to operate normally.
  • send a FinalizeRequest to finish the rotation process.
SSL profiles

SSL profiles logically group a certificate (private and public keys), Certificate Authority chain of certificates (a.k.a. a CA trust bundle) and a set of Certificate Revocation Lists into a set that then can be assigned as a whole to a gRPC server.

There is always at least one profile present on a target - the system_default_profile which is vendor provided. This profile cannot be changed. If the use but when the ssl_profile_id field in the RotateCertificateRequest message is not set (or set to an empty string) it also refers this SSL profile. (This statement will be deprecated once all vendors standardize on the key name)

Profiles existing on a target can be discovered using the Certz.GetProfileList() RPC.

A SSL profile can be added using the Certz.AddProfile() RPC.

When no longer a profile is needed it can be removed from the target via Certz.DeleteProfile() RPC. Note that the gNxI SSL profile cannot be removed.

The SSL profile ID of a gRPC server is exposed in the YANG leaf ssl-profile-id which is an augment to the /oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state container.

Authentication Policy

An authentication policy is a set of rules that defines which CA can be trusted to sign certificates for which subjects. By rotating authentication policies, data center admins can ensure all endpoints are updated to validate certificates presented by their peers during mutual authentication are signed by one of the authorized CAs in the authentication framework as specified in the policy. This helps to minimize the impact of a security breach, as it prevents, for example, an attacker from using a less privileged CA to sign for high value users/roles.

Details

When a client tries to establish a gRPC connection to a gRPC server, the server must verify that the client is authorized to do so. To do that the client presents a certificate to the server, which the server verifies to see if it was issued by a trusted Certificate Authority (CA).

In large scale PKI deployments consisting of multiple signing authorities assigned to issue certificates of specific users/entities with their own key hierarchies, use of an authentication policy is one solution to maintain a single Trust Bundle across all applications. Use of one Trust Bundle consisting of the root certificates of all signing authorities simplifies maintenance and avoid endpoint application configuration complexities.

In such deployment, a centrally maintained authentication policy specifies which signing authorities are permitted to issue certificates for which group of users. In other words, after validating a connecting peer's certificates against the Trust Bundle during a TLS handshake, the endpoint will also validate the peer's and the certificate issuer's identities against the authentication policy before accepting the connection.

User Experiences
System default SSL profile

The system will always provide a default TLS profile that uses the IDevID cert. This profile will always be available and cannot be changed. It should use the name "system_default_profile".

An attempt to change or delete this profile will return an error.

The system will start with this profile and either bootz or enrollz will be responsible for creating an alternate profile during device turnup if those workflows are used.

Create a SSL profile

Call Certz.AddProfile RPC with the ssl_profile_id field specifying the ID of the new SSL profile. A new profile can choose to use existing artifacts from other profiles, via sending Entity messages with ExistingEntity set with the ssl_profile_id set to the source profile to copy from, and the entity_type field set to the type of entity to be copied.

Delete a SSL profile

Call Certz.DeleteProfile RPC with the ssl_profile_id field specifying the ID of the SSL profile to be deleted.

List existing SSL profiles

Call Certz.GetProfileList RPC. The response will list all existing SSL profiles.

A Certificate is to be rotated or updated

Create, and test, a new certificate and a private key.

Send that certificate, its private key and all required intermediate certificate chain to the target network system in the Certz.UploadRequest's entity.certificate_chain field.

Verify that the certificate newly rotated is used by services which require it.

Send a Certz.FinalizeRequest message to the Certz.Rotate RPC to close out the action.

If the stream is disconnected prior to the Finalize message being sent, the proposed configuration is rolled back automatically.

A Certificate is rotated, the session breaks before FinalizeRequest

Create a new certificate chain and a private key.

Send that certificate, its private key and all required intermediate certificate chain to the target network system in the Certz.UploadRequest's entity.certificate_chain field.

Verify that the certificate newly deployed is usable by the relevant services, that the services properly present the certificate upon new service connections.

The connection to the network system is broken, there is no Certz.FinalizeRequest sent.

The gNSI service rolls back the candidate and re-installs the original certificate and associated private key.

An Authentication Policy is to be rotated or updated

Create a new authentication policy.

Send that authentication policy to the target network system in the Certz.UploadRequest's entity.authentication_policy field.

Verify that the authentication policy newly rotated is used by services which require it.

Send a Certz.FinalizeRequest message to the Certz.Rotate RPC to close out the action.

If the stream is disconnected prior to the Certz.FinalizeRequest message being sent, the proposed authentication policy is rolled back automatically.

An Authentication Policy is rotated, the session breaks before FinalizeRequest

Create a new authentication policy.

Send that authentication policy to the target network system in the Certz.UploadRequest's entity.authentication_policy field.

Verify that the authentication policy newly deployed is usable by the relevant services, that the services properly uses the authentication policy upon new service connections.

The connection to the network system is broken, there is no Certz.FinalizeRequest sent.

The gNSI service rolls back the candidate and re-installs the original authentication policy.

Open Questions/Considerations

None to date.

OpenConfig Data models for gNSI certz

Yang data models for certz are defined in the [OpenConfig public repository(https://github.com/openconfig/public/tree/master/release/models/gnsi)]. Documentation for OpenConfig including searchable list of paths and tree representations are at OpenConfig.net

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	CSRSuite_name = map[int32]string{
		0:  "CSRSUITE_CIPHER_UNSPECIFIED",
		1:  "CSRSUITE_X509_KEY_TYPE_RSA_2048_SIGNATURE_ALGORITHM_SHA_2_256",
		2:  "CSRSUITE_X509_KEY_TYPE_RSA_2048_SIGNATURE_ALGORITHM_SHA_2_384",
		3:  "CSRSUITE_X509_KEY_TYPE_RSA_2048_SIGNATURE_ALGORITHM_SHA_2_512",
		4:  "CSRSUITE_X509_KEY_TYPE_RSA_3072_SIGNATURE_ALGORITHM_SHA_2_256",
		5:  "CSRSUITE_X509_KEY_TYPE_RSA_3072_SIGNATURE_ALGORITHM_SHA_2_384",
		6:  "CSRSUITE_X509_KEY_TYPE_RSA_3072_SIGNATURE_ALGORITHM_SHA_2_512",
		7:  "CSRSUITE_X509_KEY_TYPE_RSA_4096_SIGNATURE_ALGORITHM_SHA_2_256",
		8:  "CSRSUITE_X509_KEY_TYPE_RSA_4096_SIGNATURE_ALGORITHM_SHA_2_384",
		9:  "CSRSUITE_X509_KEY_TYPE_RSA_4096_SIGNATURE_ALGORITHM_SHA_2_512",
		10: "CSRSUITE_X509_KEY_TYPE_ECDSA_PRIME256V1_SIGNATURE_ALGORITHM_SHA_2_256",
		11: "CSRSUITE_X509_KEY_TYPE_ECDSA_PRIME256V1_SIGNATURE_ALGORITHM_SHA_2_384",
		12: "CSRSUITE_X509_KEY_TYPE_ECDSA_PRIME256V1_SIGNATURE_ALGORITHM_SHA_2_512",
		13: "CSRSUITE_X509_KEY_TYPE_ECDSA_SECP384R1_SIGNATURE_ALGORITHM_SHA_2_256",
		14: "CSRSUITE_X509_KEY_TYPE_ECDSA_SECP384R1_SIGNATURE_ALGORITHM_SHA_2_384",
		15: "CSRSUITE_X509_KEY_TYPE_ECDSA_SECP384R1_SIGNATURE_ALGORITHM_SHA_2_512",
		16: "CSRSUITE_X509_KEY_TYPE_ECDSA_SECP521R1_SIGNATURE_ALGORITHM_SHA_2_256",
		17: "CSRSUITE_X509_KEY_TYPE_ECDSA_SECP521R1_SIGNATURE_ALGORITHM_SHA_2_384",
		18: "CSRSUITE_X509_KEY_TYPE_ECDSA_SECP521R1_SIGNATURE_ALGORITHM_SHA_2_512",
		19: "CSRSUITE_X509_KEY_TYPE_EDDSA_ED25519",
	}
	CSRSuite_value = map[string]int32{
		"CSRSUITE_CIPHER_UNSPECIFIED":                                           0,
		"CSRSUITE_X509_KEY_TYPE_RSA_2048_SIGNATURE_ALGORITHM_SHA_2_256":         1,
		"CSRSUITE_X509_KEY_TYPE_RSA_2048_SIGNATURE_ALGORITHM_SHA_2_384":         2,
		"CSRSUITE_X509_KEY_TYPE_RSA_2048_SIGNATURE_ALGORITHM_SHA_2_512":         3,
		"CSRSUITE_X509_KEY_TYPE_RSA_3072_SIGNATURE_ALGORITHM_SHA_2_256":         4,
		"CSRSUITE_X509_KEY_TYPE_RSA_3072_SIGNATURE_ALGORITHM_SHA_2_384":         5,
		"CSRSUITE_X509_KEY_TYPE_RSA_3072_SIGNATURE_ALGORITHM_SHA_2_512":         6,
		"CSRSUITE_X509_KEY_TYPE_RSA_4096_SIGNATURE_ALGORITHM_SHA_2_256":         7,
		"CSRSUITE_X509_KEY_TYPE_RSA_4096_SIGNATURE_ALGORITHM_SHA_2_384":         8,
		"CSRSUITE_X509_KEY_TYPE_RSA_4096_SIGNATURE_ALGORITHM_SHA_2_512":         9,
		"CSRSUITE_X509_KEY_TYPE_ECDSA_PRIME256V1_SIGNATURE_ALGORITHM_SHA_2_256": 10,
		"CSRSUITE_X509_KEY_TYPE_ECDSA_PRIME256V1_SIGNATURE_ALGORITHM_SHA_2_384": 11,
		"CSRSUITE_X509_KEY_TYPE_ECDSA_PRIME256V1_SIGNATURE_ALGORITHM_SHA_2_512": 12,
		"CSRSUITE_X509_KEY_TYPE_ECDSA_SECP384R1_SIGNATURE_ALGORITHM_SHA_2_256":  13,
		"CSRSUITE_X509_KEY_TYPE_ECDSA_SECP384R1_SIGNATURE_ALGORITHM_SHA_2_384":  14,
		"CSRSUITE_X509_KEY_TYPE_ECDSA_SECP384R1_SIGNATURE_ALGORITHM_SHA_2_512":  15,
		"CSRSUITE_X509_KEY_TYPE_ECDSA_SECP521R1_SIGNATURE_ALGORITHM_SHA_2_256":  16,
		"CSRSUITE_X509_KEY_TYPE_ECDSA_SECP521R1_SIGNATURE_ALGORITHM_SHA_2_384":  17,
		"CSRSUITE_X509_KEY_TYPE_ECDSA_SECP521R1_SIGNATURE_ALGORITHM_SHA_2_512":  18,
		"CSRSUITE_X509_KEY_TYPE_EDDSA_ED25519":                                  19,
	}
)

Enum value maps for CSRSuite.

View Source 
var (
	CertificateType_name = map[int32]string{
		0: "CERTIFICATE_TYPE_UNSPECIFIED",
		1: "CERTIFICATE_TYPE_X509",
	}
	CertificateType_value = map[string]int32{
		"CERTIFICATE_TYPE_UNSPECIFIED": 0,
		"CERTIFICATE_TYPE_X509":        1,
	}
)

Enum value maps for CertificateType.

View Source 
var (
	CertificateEncoding_name = map[int32]string{
		0: "CERTIFICATE_ENCODING_UNSPECIFIED",
		1: "CERTIFICATE_ENCODING_PEM",
		2: "CERTIFICATE_ENCODING_DER",
		3: "CERTIFICATE_ENCODING_CRT",
	}
	CertificateEncoding_value = map[string]int32{
		"CERTIFICATE_ENCODING_UNSPECIFIED": 0,
		"CERTIFICATE_ENCODING_PEM":         1,
		"CERTIFICATE_ENCODING_DER":         2,
		"CERTIFICATE_ENCODING_CRT":         3,
	}
)

Enum value maps for CertificateEncoding.

View Source 
var (
	Certificate_CertSource_name = map[int32]string{
		0: "CERT_SOURCE_UNSPECIFIED",
		1: "CERT_SOURCE_OIDEVID",
		2: "CERT_SOURCE_IDEVID",
	}
	Certificate_CertSource_value = map[string]int32{
		"CERT_SOURCE_UNSPECIFIED": 0,
		"CERT_SOURCE_OIDEVID":     1,
		"CERT_SOURCE_IDEVID":      2,
	}
)

Enum value maps for Certificate_CertSource.

View Source 
var (
	Certificate_KeySource_name = map[int32]string{
		0: "KEY_SOURCE_UNSPECIFIED",
		1: "KEY_SOURCE_IDEVID_TPM",
		2: "KEY_SOURCE_GENERATED",
	}
	Certificate_KeySource_value = map[string]int32{
		"KEY_SOURCE_UNSPECIFIED": 0,
		"KEY_SOURCE_IDEVID_TPM":  1,
		"KEY_SOURCE_GENERATED":   2,
	}
)

Enum value maps for Certificate_KeySource.

View Source 
var (
	ExistingEntity_EntityType_name = map[int32]string{
		0: "ENTITY_TYPE_UNSPECIFIED",
		1: "ENTITY_TYPE_CERTIFICATE_CHAIN",
		2: "ENTITY_TYPE_TRUST_BUNDLE",
		3: "ENTITY_TYPE_CERTIFICATE_REVOCATION_LIST_BUNDLE",
		4: "ENTITY_TYPE_AUTHENTICATION_POLICY",
	}
	ExistingEntity_EntityType_value = map[string]int32{
		"ENTITY_TYPE_UNSPECIFIED":                        0,
		"ENTITY_TYPE_CERTIFICATE_CHAIN":                  1,
		"ENTITY_TYPE_TRUST_BUNDLE":                       2,
		"ENTITY_TYPE_CERTIFICATE_REVOCATION_LIST_BUNDLE": 3,
		"ENTITY_TYPE_AUTHENTICATION_POLICY":              4,
	}
)

Enum value maps for ExistingEntity_EntityType.

View Source 
var Certz_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "gnsi.certz.v1.Certz",
	HandlerType: (*CertzServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "AddProfile",
			Handler:    _Certz_AddProfile_Handler,
		},
		{
			MethodName: "DeleteProfile",
			Handler:    _Certz_DeleteProfile_Handler,
		},
		{
			MethodName: "GetProfileList",
			Handler:    _Certz_GetProfileList_Handler,
		},
		{
			MethodName: "CanGenerateCSR",
			Handler:    _Certz_CanGenerateCSR_Handler,
		},
	},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "Rotate",
			Handler:       _Certz_Rotate_Handler,
			ServerStreams: true,
			ClientStreams: true,
		},
	},
	Metadata: "github.com/openconfig/gnsi/certz/certz.proto",
}

Certz_ServiceDesc is the grpc.ServiceDesc for Certz service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_github_com_openconfig_gnsi_certz_certz_proto protoreflect.FileDescriptor

Functions

func RegisterCertzServer 

func RegisterCertzServer(s grpc.ServiceRegistrar, srv CertzServer)

Types

type AddProfileRequest 

type AddProfileRequest struct {
	SslProfileId string `protobuf:"bytes,1,opt,name=ssl_profile_id,json=sslProfileId,proto3" json:"ssl_profile_id,omitempty"`
	// contains filtered or unexported fields
}

func (*AddProfileRequest) Descriptor deprecated 

func (*AddProfileRequest) Descriptor() ([]byte, []int)

Deprecated: Use AddProfileRequest.ProtoReflect.Descriptor instead.

func (*AddProfileRequest) GetSslProfileId 

func (x *AddProfileRequest) GetSslProfileId() string

func (*AddProfileRequest) ProtoMessage 

func (*AddProfileRequest) ProtoMessage()

func (*AddProfileRequest) ProtoReflect 

func (x *AddProfileRequest) ProtoReflect() protoreflect.Message

func (*AddProfileRequest) Reset 

func (x *AddProfileRequest) Reset()

func (*AddProfileRequest) String 

func (x *AddProfileRequest) String() string

type AddProfileResponse 

type AddProfileResponse struct {
	// contains filtered or unexported fields
}

func (*AddProfileResponse) Descriptor deprecated 

func (*AddProfileResponse) Descriptor() ([]byte, []int)

Deprecated: Use AddProfileResponse.ProtoReflect.Descriptor instead.

func (*AddProfileResponse) ProtoMessage 

func (*AddProfileResponse) ProtoMessage()

func (*AddProfileResponse) ProtoReflect 

func (x *AddProfileResponse) ProtoReflect() protoreflect.Message

func (*AddProfileResponse) Reset 

func (x *AddProfileResponse) Reset()

func (*AddProfileResponse) String 

func (x *AddProfileResponse) String() string

type AuthenticationPolicy added in v1.2.0 

type AuthenticationPolicy struct {

	// Types that are assignable to Policy:
	//	*AuthenticationPolicy_Serialized
	Policy isAuthenticationPolicy_Policy `protobuf_oneof:"policy"`
	// contains filtered or unexported fields
}

func (*AuthenticationPolicy) Descriptor deprecated added in v1.2.0 

func (*AuthenticationPolicy) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticationPolicy.ProtoReflect.Descriptor instead.

func (*AuthenticationPolicy) GetPolicy added in v1.2.0 

func (m *AuthenticationPolicy) GetPolicy() isAuthenticationPolicy_Policy

func (*AuthenticationPolicy) GetSerialized added in v1.2.0 

func (x *AuthenticationPolicy) GetSerialized() *anypb.Any

func (*AuthenticationPolicy) ProtoMessage added in v1.2.0 

func (*AuthenticationPolicy) ProtoMessage()

func (*AuthenticationPolicy) ProtoReflect added in v1.2.0 

func (x *AuthenticationPolicy) ProtoReflect() protoreflect.Message

func (*AuthenticationPolicy) Reset added in v1.2.0 

func (x *AuthenticationPolicy) Reset()

func (*AuthenticationPolicy) String added in v1.2.0 

func (x *AuthenticationPolicy) String() string

type AuthenticationPolicy_Serialized added in v1.2.0 

type AuthenticationPolicy_Serialized struct {
	Serialized *anypb.Any `protobuf:"bytes,1,opt,name=serialized,proto3,oneof"`
}

type CSRParams 

type CSRParams struct {
	CsrSuite           CSRSuite        `protobuf:"varint,1,opt,name=csr_suite,json=csrSuite,proto3,enum=gnsi.certz.v1.CSRSuite" json:"csr_suite,omitempty"`
	CommonName         string          `protobuf:"bytes,2,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty"`
	Country            string          `protobuf:"bytes,3,opt,name=country,proto3" json:"country,omitempty"`
	State              string          `protobuf:"bytes,4,opt,name=state,proto3" json:"state,omitempty"`
	City               string          `protobuf:"bytes,5,opt,name=city,proto3" json:"city,omitempty"`
	Organization       string          `protobuf:"bytes,6,opt,name=organization,proto3" json:"organization,omitempty"`
	OrganizationalUnit string          `protobuf:"bytes,7,opt,name=organizational_unit,json=organizationalUnit,proto3" json:"organizational_unit,omitempty"`
	IpAddress          string          `protobuf:"bytes,8,opt,name=ip_address,json=ipAddress,proto3" json:"ip_address,omitempty"`
	EmailId            string          `protobuf:"bytes,9,opt,name=email_id,json=emailId,proto3" json:"email_id,omitempty"`
	San                *V3ExtensionSAN `protobuf:"bytes,10,opt,name=san,proto3" json:"san,omitempty"`
	// contains filtered or unexported fields
}

func (*CSRParams) Descriptor deprecated 

func (*CSRParams) Descriptor() ([]byte, []int)

Deprecated: Use CSRParams.ProtoReflect.Descriptor instead.

func (*CSRParams) GetCity 

func (x *CSRParams) GetCity() string

func (*CSRParams) GetCommonName 

func (x *CSRParams) GetCommonName() string

func (*CSRParams) GetCountry 

func (x *CSRParams) GetCountry() string

func (*CSRParams) GetCsrSuite 

func (x *CSRParams) GetCsrSuite() CSRSuite

func (*CSRParams) GetEmailId 

func (x *CSRParams) GetEmailId() string

func (*CSRParams) GetIpAddress 

func (x *CSRParams) GetIpAddress() string

func (*CSRParams) GetOrganization 

func (x *CSRParams) GetOrganization() string

func (*CSRParams) GetOrganizationalUnit 

func (x *CSRParams) GetOrganizationalUnit() string

func (*CSRParams) GetSan 

func (x *CSRParams) GetSan() *V3ExtensionSAN

func (*CSRParams) GetState 

func (x *CSRParams) GetState() string

func (*CSRParams) ProtoMessage 

func (*CSRParams) ProtoMessage()

func (*CSRParams) ProtoReflect 

func (x *CSRParams) ProtoReflect() protoreflect.Message

func (*CSRParams) Reset 

func (x *CSRParams) Reset()

func (*CSRParams) String 

func (x *CSRParams) String() string

type CSRSuite 

type CSRSuite int32
const (
	CSRSuite_CSRSUITE_CIPHER_UNSPECIFIED                                           CSRSuite = 0
	CSRSuite_CSRSUITE_X509_KEY_TYPE_RSA_2048_SIGNATURE_ALGORITHM_SHA_2_256         CSRSuite = 1
	CSRSuite_CSRSUITE_X509_KEY_TYPE_RSA_2048_SIGNATURE_ALGORITHM_SHA_2_384         CSRSuite = 2
	CSRSuite_CSRSUITE_X509_KEY_TYPE_RSA_2048_SIGNATURE_ALGORITHM_SHA_2_512         CSRSuite = 3
	CSRSuite_CSRSUITE_X509_KEY_TYPE_RSA_3072_SIGNATURE_ALGORITHM_SHA_2_256         CSRSuite = 4
	CSRSuite_CSRSUITE_X509_KEY_TYPE_RSA_3072_SIGNATURE_ALGORITHM_SHA_2_384         CSRSuite = 5
	CSRSuite_CSRSUITE_X509_KEY_TYPE_RSA_3072_SIGNATURE_ALGORITHM_SHA_2_512         CSRSuite = 6
	CSRSuite_CSRSUITE_X509_KEY_TYPE_RSA_4096_SIGNATURE_ALGORITHM_SHA_2_256         CSRSuite = 7
	CSRSuite_CSRSUITE_X509_KEY_TYPE_RSA_4096_SIGNATURE_ALGORITHM_SHA_2_384         CSRSuite = 8
	CSRSuite_CSRSUITE_X509_KEY_TYPE_RSA_4096_SIGNATURE_ALGORITHM_SHA_2_512         CSRSuite = 9
	CSRSuite_CSRSUITE_X509_KEY_TYPE_ECDSA_PRIME256V1_SIGNATURE_ALGORITHM_SHA_2_256 CSRSuite = 10
	CSRSuite_CSRSUITE_X509_KEY_TYPE_ECDSA_PRIME256V1_SIGNATURE_ALGORITHM_SHA_2_384 CSRSuite = 11
	CSRSuite_CSRSUITE_X509_KEY_TYPE_ECDSA_PRIME256V1_SIGNATURE_ALGORITHM_SHA_2_512 CSRSuite = 12
	CSRSuite_CSRSUITE_X509_KEY_TYPE_ECDSA_SECP384R1_SIGNATURE_ALGORITHM_SHA_2_256  CSRSuite = 13
	CSRSuite_CSRSUITE_X509_KEY_TYPE_ECDSA_SECP384R1_SIGNATURE_ALGORITHM_SHA_2_384  CSRSuite = 14
	CSRSuite_CSRSUITE_X509_KEY_TYPE_ECDSA_SECP384R1_SIGNATURE_ALGORITHM_SHA_2_512  CSRSuite = 15
	CSRSuite_CSRSUITE_X509_KEY_TYPE_ECDSA_SECP521R1_SIGNATURE_ALGORITHM_SHA_2_256  CSRSuite = 16
	CSRSuite_CSRSUITE_X509_KEY_TYPE_ECDSA_SECP521R1_SIGNATURE_ALGORITHM_SHA_2_384  CSRSuite = 17
	CSRSuite_CSRSUITE_X509_KEY_TYPE_ECDSA_SECP521R1_SIGNATURE_ALGORITHM_SHA_2_512  CSRSuite = 18
	CSRSuite_CSRSUITE_X509_KEY_TYPE_EDDSA_ED25519                                  CSRSuite = 19
)

func (CSRSuite) Descriptor 

func (CSRSuite) Descriptor() protoreflect.EnumDescriptor

func (CSRSuite) Enum 

func (x CSRSuite) Enum() *CSRSuite

func (CSRSuite) EnumDescriptor deprecated 

func (CSRSuite) EnumDescriptor() ([]byte, []int)

Deprecated: Use CSRSuite.Descriptor instead.

func (CSRSuite) Number 

func (x CSRSuite) Number() protoreflect.EnumNumber

func (CSRSuite) String 

func (x CSRSuite) String() string

func (CSRSuite) Type 

func (CSRSuite) Type() protoreflect.EnumType

type CanGenerateCSRRequest 

type CanGenerateCSRRequest struct {
	Params *CSRParams `protobuf:"bytes,1,opt,name=params,proto3" json:"params,omitempty"`
	// contains filtered or unexported fields
}

func (*CanGenerateCSRRequest) Descriptor deprecated 

func (*CanGenerateCSRRequest) Descriptor() ([]byte, []int)

Deprecated: Use CanGenerateCSRRequest.ProtoReflect.Descriptor instead.

func (*CanGenerateCSRRequest) GetParams 

func (x *CanGenerateCSRRequest) GetParams() *CSRParams

func (*CanGenerateCSRRequest) ProtoMessage 

func (*CanGenerateCSRRequest) ProtoMessage()

func (*CanGenerateCSRRequest) ProtoReflect 

func (x *CanGenerateCSRRequest) ProtoReflect() protoreflect.Message

func (*CanGenerateCSRRequest) Reset 

func (x *CanGenerateCSRRequest) Reset()

func (*CanGenerateCSRRequest) String 

func (x *CanGenerateCSRRequest) String() string

type CanGenerateCSRResponse 

type CanGenerateCSRResponse struct {
	CanGenerate bool `protobuf:"varint,4,opt,name=can_generate,json=canGenerate,proto3" json:"can_generate,omitempty"`
	// contains filtered or unexported fields
}

func (*CanGenerateCSRResponse) Descriptor deprecated 

func (*CanGenerateCSRResponse) Descriptor() ([]byte, []int)

Deprecated: Use CanGenerateCSRResponse.ProtoReflect.Descriptor instead.

func (*CanGenerateCSRResponse) GetCanGenerate 

func (x *CanGenerateCSRResponse) GetCanGenerate() bool

func (*CanGenerateCSRResponse) ProtoMessage 

func (*CanGenerateCSRResponse) ProtoMessage()

func (*CanGenerateCSRResponse) ProtoReflect 

func (x *CanGenerateCSRResponse) ProtoReflect() protoreflect.Message

func (*CanGenerateCSRResponse) Reset 

func (x *CanGenerateCSRResponse) Reset()

func (*CanGenerateCSRResponse) String 

func (x *CanGenerateCSRResponse) String() string

type Certificate 

type Certificate struct {
	Type     CertificateType     `protobuf:"varint,1,opt,name=type,proto3,enum=gnsi.certz.v1.CertificateType" json:"type,omitempty"`
	Encoding CertificateEncoding `protobuf:"varint,2,opt,name=encoding,proto3,enum=gnsi.certz.v1.CertificateEncoding" json:"encoding,omitempty"`
	// Deprecated: Marked as deprecated in github.com/openconfig/gnsi/certz/certz.proto.
	Certificate []byte `protobuf:"bytes,3,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// Deprecated: Marked as deprecated in github.com/openconfig/gnsi/certz/certz.proto.
	PrivateKey []byte `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
	// Types that are assignable to CertificateType:
	//	*Certificate_RawCertificate
	//	*Certificate_CertSource_
	CertificateType isCertificate_CertificateType `protobuf_oneof:"certificate_type"`
	// Types that are assignable to PrivateKeyType:
	//	*Certificate_RawPrivateKey
	//	*Certificate_KeySource_
	PrivateKeyType isCertificate_PrivateKeyType `protobuf_oneof:"private_key_type"`
	// contains filtered or unexported fields
}

func (*Certificate) Descriptor deprecated 

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCertSource added in v1.4.1 

func (x *Certificate) GetCertSource() Certificate_CertSource

func (*Certificate) GetCertificate deprecated 

func (x *Certificate) GetCertificate() []byte

Deprecated: Marked as deprecated in github.com/openconfig/gnsi/certz/certz.proto.

func (*Certificate) GetCertificateType added in v1.4.1 

func (m *Certificate) GetCertificateType() isCertificate_CertificateType

func (*Certificate) GetEncoding 

func (x *Certificate) GetEncoding() CertificateEncoding

func (*Certificate) GetKeySource added in v1.4.1 

func (x *Certificate) GetKeySource() Certificate_KeySource

func (*Certificate) GetPrivateKey deprecated 

func (x *Certificate) GetPrivateKey() []byte

Deprecated: Marked as deprecated in github.com/openconfig/gnsi/certz/certz.proto.

func (*Certificate) GetPrivateKeyType added in v1.4.1 

func (m *Certificate) GetPrivateKeyType() isCertificate_PrivateKeyType

func (*Certificate) GetRawCertificate added in v1.4.1 

func (x *Certificate) GetRawCertificate() []byte

func (*Certificate) GetRawPrivateKey added in v1.4.1 

func (x *Certificate) GetRawPrivateKey() []byte

func (*Certificate) GetType 

func (x *Certificate) GetType() CertificateType

func (*Certificate) ProtoMessage 

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect 

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset 

func (x *Certificate) Reset()

func (*Certificate) String 

func (x *Certificate) String() string

type CertificateChain 

type CertificateChain struct {
	Certificate *Certificate      `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
	Parent      *CertificateChain `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
	// contains filtered or unexported fields
}

func (*CertificateChain) Descriptor deprecated 

func (*CertificateChain) Descriptor() ([]byte, []int)

Deprecated: Use CertificateChain.ProtoReflect.Descriptor instead.

func (*CertificateChain) GetCertificate 

func (x *CertificateChain) GetCertificate() *Certificate

func (*CertificateChain) GetParent 

func (x *CertificateChain) GetParent() *CertificateChain

func (*CertificateChain) ProtoMessage 

func (*CertificateChain) ProtoMessage()

func (*CertificateChain) ProtoReflect 

func (x *CertificateChain) ProtoReflect() protoreflect.Message

func (*CertificateChain) Reset 

func (x *CertificateChain) Reset()

func (*CertificateChain) String 

func (x *CertificateChain) String() string

type CertificateEncoding 

type CertificateEncoding int32
const (
	CertificateEncoding_CERTIFICATE_ENCODING_UNSPECIFIED CertificateEncoding = 0
	CertificateEncoding_CERTIFICATE_ENCODING_PEM         CertificateEncoding = 1
	CertificateEncoding_CERTIFICATE_ENCODING_DER         CertificateEncoding = 2
	CertificateEncoding_CERTIFICATE_ENCODING_CRT         CertificateEncoding = 3
)

func (CertificateEncoding) Descriptor 

func (CertificateEncoding) Descriptor() protoreflect.EnumDescriptor

func (CertificateEncoding) Enum 

func (x CertificateEncoding) Enum() *CertificateEncoding

func (CertificateEncoding) EnumDescriptor deprecated 

func (CertificateEncoding) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateEncoding.Descriptor instead.

func (CertificateEncoding) Number 

func (x CertificateEncoding) Number() protoreflect.EnumNumber

func (CertificateEncoding) String 

func (x CertificateEncoding) String() string

func (CertificateEncoding) Type 

func (CertificateEncoding) Type() protoreflect.EnumType

type CertificateRevocationList 

type CertificateRevocationList struct {
	Type                      CertificateType     `protobuf:"varint,1,opt,name=type,proto3,enum=gnsi.certz.v1.CertificateType" json:"type,omitempty"`
	Encoding                  CertificateEncoding `protobuf:"varint,2,opt,name=encoding,proto3,enum=gnsi.certz.v1.CertificateEncoding" json:"encoding,omitempty"`
	CertificateRevocationList []byte              `` /* 138-byte string literal not displayed */
	Id                        string              `protobuf:"bytes,4,opt,name=id,proto3" json:"id,omitempty"`
	// contains filtered or unexported fields
}

func (*CertificateRevocationList) Descriptor deprecated 

func (*CertificateRevocationList) Descriptor() ([]byte, []int)

Deprecated: Use CertificateRevocationList.ProtoReflect.Descriptor instead.

func (*CertificateRevocationList) GetCertificateRevocationList 

func (x *CertificateRevocationList) GetCertificateRevocationList() []byte

func (*CertificateRevocationList) GetEncoding 

func (x *CertificateRevocationList) GetEncoding() CertificateEncoding

func (*CertificateRevocationList) GetId 

func (x *CertificateRevocationList) GetId() string

func (*CertificateRevocationList) GetType 

func (x *CertificateRevocationList) GetType() CertificateType

func (*CertificateRevocationList) ProtoMessage 

func (*CertificateRevocationList) ProtoMessage()

func (*CertificateRevocationList) ProtoReflect 

func (x *CertificateRevocationList) ProtoReflect() protoreflect.Message

func (*CertificateRevocationList) Reset 

func (x *CertificateRevocationList) Reset()

func (*CertificateRevocationList) String 

func (x *CertificateRevocationList) String() string

type CertificateRevocationListBundle 

type CertificateRevocationListBundle struct {
	CertificateRevocationLists []*CertificateRevocationList `` /* 141-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*CertificateRevocationListBundle) Descriptor deprecated 

func (*CertificateRevocationListBundle) Descriptor() ([]byte, []int)

Deprecated: Use CertificateRevocationListBundle.ProtoReflect.Descriptor instead.

func (*CertificateRevocationListBundle) GetCertificateRevocationLists 

func (x *CertificateRevocationListBundle) GetCertificateRevocationLists() []*CertificateRevocationList

func (*CertificateRevocationListBundle) ProtoMessage 

func (*CertificateRevocationListBundle) ProtoMessage()

func (*CertificateRevocationListBundle) ProtoReflect 

func (x *CertificateRevocationListBundle) ProtoReflect() protoreflect.Message

func (*CertificateRevocationListBundle) Reset 

func (x *CertificateRevocationListBundle) Reset()

func (*CertificateRevocationListBundle) String 

func (x *CertificateRevocationListBundle) String() string

type CertificateSigningRequest 

type CertificateSigningRequest struct {
	Type                      CertificateType     `protobuf:"varint,1,opt,name=type,proto3,enum=gnsi.certz.v1.CertificateType" json:"type,omitempty"`
	Encoding                  CertificateEncoding `protobuf:"varint,2,opt,name=encoding,proto3,enum=gnsi.certz.v1.CertificateEncoding" json:"encoding,omitempty"`
	CertificateSigningRequest []byte              `` /* 138-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*CertificateSigningRequest) Descriptor deprecated 

func (*CertificateSigningRequest) Descriptor() ([]byte, []int)

Deprecated: Use CertificateSigningRequest.ProtoReflect.Descriptor instead.

func (*CertificateSigningRequest) GetCertificateSigningRequest 

func (x *CertificateSigningRequest) GetCertificateSigningRequest() []byte

func (*CertificateSigningRequest) GetEncoding 

func (x *CertificateSigningRequest) GetEncoding() CertificateEncoding

func (*CertificateSigningRequest) GetType 

func (x *CertificateSigningRequest) GetType() CertificateType

func (*CertificateSigningRequest) ProtoMessage 

func (*CertificateSigningRequest) ProtoMessage()

func (*CertificateSigningRequest) ProtoReflect 

func (x *CertificateSigningRequest) ProtoReflect() protoreflect.Message

func (*CertificateSigningRequest) Reset 

func (x *CertificateSigningRequest) Reset()

func (*CertificateSigningRequest) String 

func (x *CertificateSigningRequest) String() string

type CertificateType 

type CertificateType int32
const (
	CertificateType_CERTIFICATE_TYPE_UNSPECIFIED CertificateType = 0
	CertificateType_CERTIFICATE_TYPE_X509        CertificateType = 1
)

func (CertificateType) Descriptor 

func (CertificateType) Descriptor() protoreflect.EnumDescriptor

func (CertificateType) Enum 

func (x CertificateType) Enum() *CertificateType

func (CertificateType) EnumDescriptor deprecated 

func (CertificateType) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateType.Descriptor instead.

func (CertificateType) Number 

func (x CertificateType) Number() protoreflect.EnumNumber

func (CertificateType) String 

func (x CertificateType) String() string

func (CertificateType) Type 

func (CertificateType) Type() protoreflect.EnumType

type Certificate_CertSource added in v1.4.1 

type Certificate_CertSource int32
const (
	Certificate_CERT_SOURCE_UNSPECIFIED Certificate_CertSource = 0
	Certificate_CERT_SOURCE_OIDEVID     Certificate_CertSource = 1
	Certificate_CERT_SOURCE_IDEVID      Certificate_CertSource = 2
)

func (Certificate_CertSource) Descriptor added in v1.4.1 

func (Certificate_CertSource) Descriptor() protoreflect.EnumDescriptor

func (Certificate_CertSource) Enum added in v1.4.1 

func (x Certificate_CertSource) Enum() *Certificate_CertSource

func (Certificate_CertSource) EnumDescriptor deprecated added in v1.4.1 

func (Certificate_CertSource) EnumDescriptor() ([]byte, []int)

Deprecated: Use Certificate_CertSource.Descriptor instead.

func (Certificate_CertSource) Number added in v1.4.1 

func (x Certificate_CertSource) Number() protoreflect.EnumNumber

func (Certificate_CertSource) String added in v1.4.1 

func (x Certificate_CertSource) String() string

func (Certificate_CertSource) Type added in v1.4.1 

func (Certificate_CertSource) Type() protoreflect.EnumType

type Certificate_CertSource_ added in v1.4.1 

type Certificate_CertSource_ struct {
	CertSource Certificate_CertSource `protobuf:"varint,6,opt,name=cert_source,json=certSource,proto3,enum=gnsi.certz.v1.Certificate_CertSource,oneof"`
}

type Certificate_KeySource added in v1.4.1 

type Certificate_KeySource int32
const (
	Certificate_KEY_SOURCE_UNSPECIFIED Certificate_KeySource = 0
	Certificate_KEY_SOURCE_IDEVID_TPM  Certificate_KeySource = 1
	Certificate_KEY_SOURCE_GENERATED   Certificate_KeySource = 2
)

func (Certificate_KeySource) Descriptor added in v1.4.1 

func (Certificate_KeySource) Descriptor() protoreflect.EnumDescriptor

func (Certificate_KeySource) Enum added in v1.4.1 

func (x Certificate_KeySource) Enum() *Certificate_KeySource

func (Certificate_KeySource) EnumDescriptor deprecated added in v1.4.1 

func (Certificate_KeySource) EnumDescriptor() ([]byte, []int)

Deprecated: Use Certificate_KeySource.Descriptor instead.

func (Certificate_KeySource) Number added in v1.4.1 

func (x Certificate_KeySource) Number() protoreflect.EnumNumber

func (Certificate_KeySource) String added in v1.4.1 

func (x Certificate_KeySource) String() string

func (Certificate_KeySource) Type added in v1.4.1 

func (Certificate_KeySource) Type() protoreflect.EnumType

type Certificate_KeySource_ added in v1.4.1 

type Certificate_KeySource_ struct {
	KeySource Certificate_KeySource `protobuf:"varint,8,opt,name=key_source,json=keySource,proto3,enum=gnsi.certz.v1.Certificate_KeySource,oneof"`
}

type Certificate_RawCertificate added in v1.4.1 

type Certificate_RawCertificate struct {
	RawCertificate []byte `protobuf:"bytes,5,opt,name=raw_certificate,json=rawCertificate,proto3,oneof"`
}

type Certificate_RawPrivateKey added in v1.4.1 

type Certificate_RawPrivateKey struct {
	RawPrivateKey []byte `protobuf:"bytes,7,opt,name=raw_private_key,json=rawPrivateKey,proto3,oneof"`
}

type CertzClient 

type CertzClient interface {
	Rotate(ctx context.Context, opts ...grpc.CallOption) (Certz_RotateClient, error)
	AddProfile(ctx context.Context, in *AddProfileRequest, opts ...grpc.CallOption) (*AddProfileResponse, error)
	DeleteProfile(ctx context.Context, in *DeleteProfileRequest, opts ...grpc.CallOption) (*DeleteProfileResponse, error)
	GetProfileList(ctx context.Context, in *GetProfileListRequest, opts ...grpc.CallOption) (*GetProfileListResponse, error)
	CanGenerateCSR(ctx context.Context, in *CanGenerateCSRRequest, opts ...grpc.CallOption) (*CanGenerateCSRResponse, error)
}

CertzClient is the client API for Certz service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewCertzClient 

func NewCertzClient(cc grpc.ClientConnInterface) CertzClient

type CertzServer 

type CertzServer interface {
	Rotate(Certz_RotateServer) error
	AddProfile(context.Context, *AddProfileRequest) (*AddProfileResponse, error)
	DeleteProfile(context.Context, *DeleteProfileRequest) (*DeleteProfileResponse, error)
	GetProfileList(context.Context, *GetProfileListRequest) (*GetProfileListResponse, error)
	CanGenerateCSR(context.Context, *CanGenerateCSRRequest) (*CanGenerateCSRResponse, error)
	// contains filtered or unexported methods
}

CertzServer is the server API for Certz service. All implementations must embed UnimplementedCertzServer for forward compatibility

type Certz_RotateClient 

type Certz_RotateClient interface {
	Send(*RotateCertificateRequest) error
	Recv() (*RotateCertificateResponse, error)
	grpc.ClientStream
}

type Certz_RotateServer 

type Certz_RotateServer interface {
	Send(*RotateCertificateResponse) error
	Recv() (*RotateCertificateRequest, error)
	grpc.ServerStream
}

type DeleteProfileRequest 

type DeleteProfileRequest struct {
	SslProfileId string `protobuf:"bytes,1,opt,name=ssl_profile_id,json=sslProfileId,proto3" json:"ssl_profile_id,omitempty"`
	// contains filtered or unexported fields
}

func (*DeleteProfileRequest) Descriptor deprecated 

func (*DeleteProfileRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteProfileRequest.ProtoReflect.Descriptor instead.

func (*DeleteProfileRequest) GetSslProfileId 

func (x *DeleteProfileRequest) GetSslProfileId() string

func (*DeleteProfileRequest) ProtoMessage 

func (*DeleteProfileRequest) ProtoMessage()

func (*DeleteProfileRequest) ProtoReflect 

func (x *DeleteProfileRequest) ProtoReflect() protoreflect.Message

func (*DeleteProfileRequest) Reset 

func (x *DeleteProfileRequest) Reset()

func (*DeleteProfileRequest) String 

func (x *DeleteProfileRequest) String() string

type DeleteProfileResponse 

type DeleteProfileResponse struct {
	// contains filtered or unexported fields
}

func (*DeleteProfileResponse) Descriptor deprecated 

func (*DeleteProfileResponse) Descriptor() ([]byte, []int)

Deprecated: Use DeleteProfileResponse.ProtoReflect.Descriptor instead.

func (*DeleteProfileResponse) ProtoMessage 

func (*DeleteProfileResponse) ProtoMessage()

func (*DeleteProfileResponse) ProtoReflect 

func (x *DeleteProfileResponse) ProtoReflect() protoreflect.Message

func (*DeleteProfileResponse) Reset 

func (x *DeleteProfileResponse) Reset()

func (*DeleteProfileResponse) String 

func (x *DeleteProfileResponse) String() string

type Entity 

type Entity struct {
	Version   string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
	CreatedOn uint64 `protobuf:"varint,2,opt,name=created_on,json=createdOn,proto3" json:"created_on,omitempty"`
	// Types that are assignable to Entity:
	//	*Entity_CertificateChain
	//	*Entity_TrustBundle
	//	*Entity_CertificateRevocationListBundle
	//	*Entity_AuthenticationPolicy
	//	*Entity_ExistingEntity
	//	*Entity_TrustBundlePcks7
	Entity isEntity_Entity `protobuf_oneof:"entity"`
	// contains filtered or unexported fields
}

func (*Entity) Descriptor deprecated 

func (*Entity) Descriptor() ([]byte, []int)

Deprecated: Use Entity.ProtoReflect.Descriptor instead.

func (*Entity) GetAuthenticationPolicy added in v1.2.0 

func (x *Entity) GetAuthenticationPolicy() *AuthenticationPolicy

func (*Entity) GetCertificateChain 

func (x *Entity) GetCertificateChain() *CertificateChain

func (*Entity) GetCertificateRevocationListBundle 

func (x *Entity) GetCertificateRevocationListBundle() *CertificateRevocationListBundle

func (*Entity) GetCreatedOn 

func (x *Entity) GetCreatedOn() uint64

func (*Entity) GetEntity 

func (m *Entity) GetEntity() isEntity_Entity

func (*Entity) GetExistingEntity added in v1.4.0 

func (x *Entity) GetExistingEntity() *ExistingEntity

func (*Entity) GetTrustBundle 

func (x *Entity) GetTrustBundle() *CertificateChain

func (*Entity) GetTrustBundlePcks7 added in v1.4.1 

func (x *Entity) GetTrustBundlePcks7() *TrustBundle

func (*Entity) GetVersion 

func (x *Entity) GetVersion() string

func (*Entity) ProtoMessage 

func (*Entity) ProtoMessage()

func (*Entity) ProtoReflect 

func (x *Entity) ProtoReflect() protoreflect.Message

func (*Entity) Reset 

func (x *Entity) Reset()

func (*Entity) String 

func (x *Entity) String() string

type Entity_AuthenticationPolicy added in v1.2.0 

type Entity_AuthenticationPolicy struct {
	AuthenticationPolicy *AuthenticationPolicy `protobuf:"bytes,6,opt,name=authentication_policy,json=authenticationPolicy,proto3,oneof"`
}

type Entity_CertificateChain 

type Entity_CertificateChain struct {
	CertificateChain *CertificateChain `protobuf:"bytes,3,opt,name=certificate_chain,json=certificateChain,proto3,oneof"`
}

type Entity_CertificateRevocationListBundle 

type Entity_CertificateRevocationListBundle struct {
	CertificateRevocationListBundle *CertificateRevocationListBundle `protobuf:"bytes,5,opt,name=certificate_revocation_list_bundle,json=certificateRevocationListBundle,proto3,oneof"`
}

type Entity_ExistingEntity added in v1.4.0 

type Entity_ExistingEntity struct {
	ExistingEntity *ExistingEntity `protobuf:"bytes,7,opt,name=existing_entity,json=existingEntity,proto3,oneof"`
}

type Entity_TrustBundle 

type Entity_TrustBundle struct {
	TrustBundle *CertificateChain `protobuf:"bytes,4,opt,name=trust_bundle,json=trustBundle,proto3,oneof"`
}

type Entity_TrustBundlePcks7 added in v1.4.1 

type Entity_TrustBundlePcks7 struct {
	TrustBundlePcks7 *TrustBundle `protobuf:"bytes,8,opt,name=trust_bundle_pcks7,json=trustBundlePcks7,proto3,oneof"`
}

type ExistingEntity added in v1.4.0 

type ExistingEntity struct {
	SslProfileId string                    `protobuf:"bytes,1,opt,name=ssl_profile_id,json=sslProfileId,proto3" json:"ssl_profile_id,omitempty"`
	EntityType   ExistingEntity_EntityType `` /* 137-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ExistingEntity) Descriptor deprecated added in v1.4.0 

func (*ExistingEntity) Descriptor() ([]byte, []int)

Deprecated: Use ExistingEntity.ProtoReflect.Descriptor instead.

func (*ExistingEntity) GetEntityType added in v1.4.0 

func (x *ExistingEntity) GetEntityType() ExistingEntity_EntityType

func (*ExistingEntity) GetSslProfileId added in v1.4.0 

func (x *ExistingEntity) GetSslProfileId() string

func (*ExistingEntity) ProtoMessage added in v1.4.0 

func (*ExistingEntity) ProtoMessage()

func (*ExistingEntity) ProtoReflect added in v1.4.0 

func (x *ExistingEntity) ProtoReflect() protoreflect.Message

func (*ExistingEntity) Reset added in v1.4.0 

func (x *ExistingEntity) Reset()

func (*ExistingEntity) String added in v1.4.0 

func (x *ExistingEntity) String() string

type ExistingEntity_EntityType added in v1.4.0 

type ExistingEntity_EntityType int32
const (
	ExistingEntity_ENTITY_TYPE_UNSPECIFIED                        ExistingEntity_EntityType = 0
	ExistingEntity_ENTITY_TYPE_CERTIFICATE_CHAIN                  ExistingEntity_EntityType = 1
	ExistingEntity_ENTITY_TYPE_TRUST_BUNDLE                       ExistingEntity_EntityType = 2
	ExistingEntity_ENTITY_TYPE_CERTIFICATE_REVOCATION_LIST_BUNDLE ExistingEntity_EntityType = 3
	ExistingEntity_ENTITY_TYPE_AUTHENTICATION_POLICY              ExistingEntity_EntityType = 4
)

func (ExistingEntity_EntityType) Descriptor added in v1.4.0 

func (ExistingEntity_EntityType) Descriptor() protoreflect.EnumDescriptor

func (ExistingEntity_EntityType) Enum added in v1.4.0 

func (x ExistingEntity_EntityType) Enum() *ExistingEntity_EntityType

func (ExistingEntity_EntityType) EnumDescriptor deprecated added in v1.4.0 

func (ExistingEntity_EntityType) EnumDescriptor() ([]byte, []int)

Deprecated: Use ExistingEntity_EntityType.Descriptor instead.

func (ExistingEntity_EntityType) Number added in v1.4.0 

func (x ExistingEntity_EntityType) Number() protoreflect.EnumNumber

func (ExistingEntity_EntityType) String added in v1.4.0 

func (x ExistingEntity_EntityType) String() string

func (ExistingEntity_EntityType) Type added in v1.4.0 

func (ExistingEntity_EntityType) Type() protoreflect.EnumType

type FinalizeRequest 

type FinalizeRequest struct {
	// contains filtered or unexported fields
}

func (*FinalizeRequest) Descriptor deprecated 

func (*FinalizeRequest) Descriptor() ([]byte, []int)

Deprecated: Use FinalizeRequest.ProtoReflect.Descriptor instead.

func (*FinalizeRequest) ProtoMessage 

func (*FinalizeRequest) ProtoMessage()

func (*FinalizeRequest) ProtoReflect 

func (x *FinalizeRequest) ProtoReflect() protoreflect.Message

func (*FinalizeRequest) Reset 

func (x *FinalizeRequest) Reset()

func (*FinalizeRequest) String 

func (x *FinalizeRequest) String() string

type GenerateCSRRequest 

type GenerateCSRRequest struct {
	Params *CSRParams `protobuf:"bytes,1,opt,name=params,proto3" json:"params,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateCSRRequest) Descriptor deprecated 

func (*GenerateCSRRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateCSRRequest.ProtoReflect.Descriptor instead.

func (*GenerateCSRRequest) GetParams 

func (x *GenerateCSRRequest) GetParams() *CSRParams

func (*GenerateCSRRequest) ProtoMessage 

func (*GenerateCSRRequest) ProtoMessage()

func (*GenerateCSRRequest) ProtoReflect 

func (x *GenerateCSRRequest) ProtoReflect() protoreflect.Message

func (*GenerateCSRRequest) Reset 

func (x *GenerateCSRRequest) Reset()

func (*GenerateCSRRequest) String 

func (x *GenerateCSRRequest) String() string

type GenerateCSRResponse 

type GenerateCSRResponse struct {
	CertificateSigningRequest *CertificateSigningRequest `` /* 138-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*GenerateCSRResponse) Descriptor deprecated 

func (*GenerateCSRResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateCSRResponse.ProtoReflect.Descriptor instead.

func (*GenerateCSRResponse) GetCertificateSigningRequest 

func (x *GenerateCSRResponse) GetCertificateSigningRequest() *CertificateSigningRequest

func (*GenerateCSRResponse) ProtoMessage 

func (*GenerateCSRResponse) ProtoMessage()

func (*GenerateCSRResponse) ProtoReflect 

func (x *GenerateCSRResponse) ProtoReflect() protoreflect.Message

func (*GenerateCSRResponse) Reset 

func (x *GenerateCSRResponse) Reset()

func (*GenerateCSRResponse) String 

func (x *GenerateCSRResponse) String() string

type GetProfileListRequest 

type GetProfileListRequest struct {
	// contains filtered or unexported fields
}

func (*GetProfileListRequest) Descriptor deprecated 

func (*GetProfileListRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetProfileListRequest.ProtoReflect.Descriptor instead.

func (*GetProfileListRequest) ProtoMessage 

func (*GetProfileListRequest) ProtoMessage()

func (*GetProfileListRequest) ProtoReflect 

func (x *GetProfileListRequest) ProtoReflect() protoreflect.Message

func (*GetProfileListRequest) Reset 

func (x *GetProfileListRequest) Reset()

func (*GetProfileListRequest) String 

func (x *GetProfileListRequest) String() string

type GetProfileListResponse 

type GetProfileListResponse struct {
	SslProfileIds []string `protobuf:"bytes,1,rep,name=ssl_profile_ids,json=sslProfileIds,proto3" json:"ssl_profile_ids,omitempty"`
	// contains filtered or unexported fields
}

func (*GetProfileListResponse) Descriptor deprecated 

func (*GetProfileListResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetProfileListResponse.ProtoReflect.Descriptor instead.

func (*GetProfileListResponse) GetSslProfileIds 

func (x *GetProfileListResponse) GetSslProfileIds() []string

func (*GetProfileListResponse) ProtoMessage 

func (*GetProfileListResponse) ProtoMessage()

func (*GetProfileListResponse) ProtoReflect 

func (x *GetProfileListResponse) ProtoReflect() protoreflect.Message

func (*GetProfileListResponse) Reset 

func (x *GetProfileListResponse) Reset()

func (*GetProfileListResponse) String 

func (x *GetProfileListResponse) String() string

type RotateCertificateRequest 

type RotateCertificateRequest struct {
	ForceOverwrite bool   `protobuf:"varint,1,opt,name=force_overwrite,json=forceOverwrite,proto3" json:"force_overwrite,omitempty"`
	SslProfileId   string `protobuf:"bytes,2,opt,name=ssl_profile_id,json=sslProfileId,proto3" json:"ssl_profile_id,omitempty"`
	// Types that are assignable to RotateRequest:
	//	*RotateCertificateRequest_GenerateCsr
	//	*RotateCertificateRequest_Certificates
	//	*RotateCertificateRequest_FinalizeRotation
	RotateRequest isRotateCertificateRequest_RotateRequest `protobuf_oneof:"rotate_request"`
	// contains filtered or unexported fields
}

func (*RotateCertificateRequest) Descriptor deprecated 

func (*RotateCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use RotateCertificateRequest.ProtoReflect.Descriptor instead.

func (*RotateCertificateRequest) GetCertificates 

func (x *RotateCertificateRequest) GetCertificates() *UploadRequest

func (*RotateCertificateRequest) GetFinalizeRotation 

func (x *RotateCertificateRequest) GetFinalizeRotation() *FinalizeRequest

func (*RotateCertificateRequest) GetForceOverwrite 

func (x *RotateCertificateRequest) GetForceOverwrite() bool

func (*RotateCertificateRequest) GetGenerateCsr 

func (x *RotateCertificateRequest) GetGenerateCsr() *GenerateCSRRequest

func (*RotateCertificateRequest) GetRotateRequest 

func (m *RotateCertificateRequest) GetRotateRequest() isRotateCertificateRequest_RotateRequest

func (*RotateCertificateRequest) GetSslProfileId 

func (x *RotateCertificateRequest) GetSslProfileId() string

func (*RotateCertificateRequest) ProtoMessage 

func (*RotateCertificateRequest) ProtoMessage()

func (*RotateCertificateRequest) ProtoReflect 

func (x *RotateCertificateRequest) ProtoReflect() protoreflect.Message

func (*RotateCertificateRequest) Reset 

func (x *RotateCertificateRequest) Reset()

func (*RotateCertificateRequest) String 

func (x *RotateCertificateRequest) String() string

type RotateCertificateRequest_Certificates 

type RotateCertificateRequest_Certificates struct {
	Certificates *UploadRequest `protobuf:"bytes,4,opt,name=certificates,proto3,oneof"`
}

type RotateCertificateRequest_FinalizeRotation 

type RotateCertificateRequest_FinalizeRotation struct {
	FinalizeRotation *FinalizeRequest `protobuf:"bytes,5,opt,name=finalize_rotation,json=finalizeRotation,proto3,oneof"`
}

type RotateCertificateRequest_GenerateCsr 

type RotateCertificateRequest_GenerateCsr struct {
	GenerateCsr *GenerateCSRRequest `protobuf:"bytes,3,opt,name=generate_csr,json=generateCsr,proto3,oneof"`
}

type RotateCertificateResponse 

type RotateCertificateResponse struct {

	// Types that are assignable to RotateResponse:
	//	*RotateCertificateResponse_GeneratedCsr
	//	*RotateCertificateResponse_Certificates
	RotateResponse isRotateCertificateResponse_RotateResponse `protobuf_oneof:"rotate_response"`
	// contains filtered or unexported fields
}

func (*RotateCertificateResponse) Descriptor deprecated 

func (*RotateCertificateResponse) Descriptor() ([]byte, []int)

Deprecated: Use RotateCertificateResponse.ProtoReflect.Descriptor instead.

func (*RotateCertificateResponse) GetCertificates 

func (x *RotateCertificateResponse) GetCertificates() *UploadResponse

func (*RotateCertificateResponse) GetGeneratedCsr 

func (x *RotateCertificateResponse) GetGeneratedCsr() *GenerateCSRResponse

func (*RotateCertificateResponse) GetRotateResponse 

func (m *RotateCertificateResponse) GetRotateResponse() isRotateCertificateResponse_RotateResponse

func (*RotateCertificateResponse) ProtoMessage 

func (*RotateCertificateResponse) ProtoMessage()

func (*RotateCertificateResponse) ProtoReflect 

func (x *RotateCertificateResponse) ProtoReflect() protoreflect.Message

func (*RotateCertificateResponse) Reset 

func (x *RotateCertificateResponse) Reset()

func (*RotateCertificateResponse) String 

func (x *RotateCertificateResponse) String() string

type RotateCertificateResponse_Certificates 

type RotateCertificateResponse_Certificates struct {
	Certificates *UploadResponse `protobuf:"bytes,2,opt,name=certificates,proto3,oneof"`
}

type RotateCertificateResponse_GeneratedCsr 

type RotateCertificateResponse_GeneratedCsr struct {
	GeneratedCsr *GenerateCSRResponse `protobuf:"bytes,1,opt,name=generated_csr,json=generatedCsr,proto3,oneof"`
}

type TrustBundle added in v1.4.1 

type TrustBundle struct {
	Pkcs7Block string `protobuf:"bytes,1,opt,name=pkcs7_block,json=pkcs7Block,proto3" json:"pkcs7_block,omitempty"`
	// contains filtered or unexported fields
}

func (*TrustBundle) Descriptor deprecated added in v1.4.1 

func (*TrustBundle) Descriptor() ([]byte, []int)

Deprecated: Use TrustBundle.ProtoReflect.Descriptor instead.

func (*TrustBundle) GetPkcs7Block added in v1.4.1 

func (x *TrustBundle) GetPkcs7Block() string

func (*TrustBundle) ProtoMessage added in v1.4.1 

func (*TrustBundle) ProtoMessage()

func (*TrustBundle) ProtoReflect added in v1.4.1 

func (x *TrustBundle) ProtoReflect() protoreflect.Message

func (*TrustBundle) Reset added in v1.4.1 

func (x *TrustBundle) Reset()

func (*TrustBundle) String added in v1.4.1 

func (x *TrustBundle) String() string

type UnimplementedCertzServer 

type UnimplementedCertzServer struct {
}

UnimplementedCertzServer must be embedded to have forward compatible implementations.

func (UnimplementedCertzServer) AddProfile 

func (UnimplementedCertzServer) AddProfile(context.Context, *AddProfileRequest) (*AddProfileResponse, error)

func (UnimplementedCertzServer) CanGenerateCSR 

func (UnimplementedCertzServer) CanGenerateCSR(context.Context, *CanGenerateCSRRequest) (*CanGenerateCSRResponse, error)

func (UnimplementedCertzServer) DeleteProfile 

func (UnimplementedCertzServer) DeleteProfile(context.Context, *DeleteProfileRequest) (*DeleteProfileResponse, error)

func (UnimplementedCertzServer) GetProfileList 

func (UnimplementedCertzServer) GetProfileList(context.Context, *GetProfileListRequest) (*GetProfileListResponse, error)

func (UnimplementedCertzServer) Rotate 

func (UnimplementedCertzServer) Rotate(Certz_RotateServer) error

type UnsafeCertzServer 

type UnsafeCertzServer interface {
	// contains filtered or unexported methods
}

UnsafeCertzServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to CertzServer will result in compilation errors.

type UploadRequest 

type UploadRequest struct {
	Entities []*Entity `protobuf:"bytes,1,rep,name=entities,proto3" json:"entities,omitempty"`
	// contains filtered or unexported fields
}

func (*UploadRequest) Descriptor deprecated 

func (*UploadRequest) Descriptor() ([]byte, []int)

Deprecated: Use UploadRequest.ProtoReflect.Descriptor instead.

func (*UploadRequest) GetEntities 

func (x *UploadRequest) GetEntities() []*Entity

func (*UploadRequest) ProtoMessage 

func (*UploadRequest) ProtoMessage()

func (*UploadRequest) ProtoReflect 

func (x *UploadRequest) ProtoReflect() protoreflect.Message

func (*UploadRequest) Reset 

func (x *UploadRequest) Reset()

func (*UploadRequest) String 

func (x *UploadRequest) String() string

type UploadResponse 

type UploadResponse struct {
	// contains filtered or unexported fields
}

func (*UploadResponse) Descriptor deprecated 

func (*UploadResponse) Descriptor() ([]byte, []int)

Deprecated: Use UploadResponse.ProtoReflect.Descriptor instead.

func (*UploadResponse) ProtoMessage 

func (*UploadResponse) ProtoMessage()

func (*UploadResponse) ProtoReflect 

func (x *UploadResponse) ProtoReflect() protoreflect.Message

func (*UploadResponse) Reset 

func (x *UploadResponse) Reset()

func (*UploadResponse) String 

func (x *UploadResponse) String() string

type V3ExtensionSAN 

type V3ExtensionSAN struct {
	Dns    []string `protobuf:"bytes,1,rep,name=dns,proto3" json:"dns,omitempty"`
	Emails []string `protobuf:"bytes,2,rep,name=emails,proto3" json:"emails,omitempty"`
	Ips    []string `protobuf:"bytes,3,rep,name=ips,proto3" json:"ips,omitempty"`
	Uris   []string `protobuf:"bytes,4,rep,name=uris,proto3" json:"uris,omitempty"`
	// contains filtered or unexported fields
}

func (*V3ExtensionSAN) Descriptor deprecated 

func (*V3ExtensionSAN) Descriptor() ([]byte, []int)

Deprecated: Use V3ExtensionSAN.ProtoReflect.Descriptor instead.

func (*V3ExtensionSAN) GetDns 

func (x *V3ExtensionSAN) GetDns() []string

func (*V3ExtensionSAN) GetEmails 

func (x *V3ExtensionSAN) GetEmails() []string

func (*V3ExtensionSAN) GetIps 

func (x *V3ExtensionSAN) GetIps() []string

func (*V3ExtensionSAN) GetUris 

func (x *V3ExtensionSAN) GetUris() []string

func (*V3ExtensionSAN) ProtoMessage 

func (*V3ExtensionSAN) ProtoMessage()

func (*V3ExtensionSAN) ProtoReflect 

func (x *V3ExtensionSAN) ProtoReflect() protoreflect.Message

func (*V3ExtensionSAN) Reset 

func (x *V3ExtensionSAN) Reset()

func (*V3ExtensionSAN) String 

func (x *V3ExtensionSAN) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.