From ac0a9e07cd6e34bf0520404835755e6d6bf1c9b2 Mon Sep 17 00:00:00 2001 From: James Renken Date: Fri, 3 Jan 2025 17:27:52 -0800 Subject: [PATCH 01/14] ra/sa: Remove deprecated UpdateRegistration methods Fixes #5554 --- ra/proto/ra.pb.go | 588 ++++++++++++++++++----------------------- ra/proto/ra.proto | 6 - ra/proto/ra_grpc.pb.go | 38 --- ra/ra.go | 118 --------- ra/ra_test.go | 156 +---------- sa/proto/sa.pb.go | 256 +++++++++--------- sa/proto/sa.proto | 1 - sa/proto/sa_grpc.pb.go | 38 --- sa/sa.go | 40 --- sa/sa_test.go | 20 +- 10 files changed, 397 insertions(+), 864 deletions(-) diff --git a/ra/proto/ra.pb.go b/ra/proto/ra.pb.go index 9acbf535230..b743db5a6ca 100644 --- a/ra/proto/ra.pb.go +++ b/ra/proto/ra.pb.go @@ -70,61 +70,6 @@ func (x *GenerateOCSPRequest) GetSerial() string { return "" } -type UpdateRegistrationRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Base *proto.Registration `protobuf:"bytes,1,opt,name=base,proto3" json:"base,omitempty"` - Update *proto.Registration `protobuf:"bytes,2,opt,name=update,proto3" json:"update,omitempty"` -} - -func (x *UpdateRegistrationRequest) Reset() { - *x = UpdateRegistrationRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UpdateRegistrationRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UpdateRegistrationRequest) ProtoMessage() {} - -func (x *UpdateRegistrationRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UpdateRegistrationRequest.ProtoReflect.Descriptor instead. -func (*UpdateRegistrationRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{1} -} - -func (x *UpdateRegistrationRequest) GetBase() *proto.Registration { - if x != nil { - return x.Base - } - return nil -} - -func (x *UpdateRegistrationRequest) GetUpdate() *proto.Registration { - if x != nil { - return x.Update - } - return nil -} - type UpdateRegistrationContactRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -137,7 +82,7 @@ type UpdateRegistrationContactRequest struct { func (x *UpdateRegistrationContactRequest) Reset() { *x = UpdateRegistrationContactRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[2] + mi := &file_ra_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -150,7 +95,7 @@ func (x *UpdateRegistrationContactRequest) String() string { func (*UpdateRegistrationContactRequest) ProtoMessage() {} func (x *UpdateRegistrationContactRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[2] + mi := &file_ra_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -163,7 +108,7 @@ func (x *UpdateRegistrationContactRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateRegistrationContactRequest.ProtoReflect.Descriptor instead. func (*UpdateRegistrationContactRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{2} + return file_ra_proto_rawDescGZIP(), []int{1} } func (x *UpdateRegistrationContactRequest) GetRegistrationID() int64 { @@ -192,7 +137,7 @@ type UpdateRegistrationKeyRequest struct { func (x *UpdateRegistrationKeyRequest) Reset() { *x = UpdateRegistrationKeyRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[3] + mi := &file_ra_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -205,7 +150,7 @@ func (x *UpdateRegistrationKeyRequest) String() string { func (*UpdateRegistrationKeyRequest) ProtoMessage() {} func (x *UpdateRegistrationKeyRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[3] + mi := &file_ra_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -218,7 +163,7 @@ func (x *UpdateRegistrationKeyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateRegistrationKeyRequest.ProtoReflect.Descriptor instead. func (*UpdateRegistrationKeyRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{3} + return file_ra_proto_rawDescGZIP(), []int{2} } func (x *UpdateRegistrationKeyRequest) GetRegistrationID() int64 { @@ -248,7 +193,7 @@ type UpdateAuthorizationRequest struct { func (x *UpdateAuthorizationRequest) Reset() { *x = UpdateAuthorizationRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[4] + mi := &file_ra_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -261,7 +206,7 @@ func (x *UpdateAuthorizationRequest) String() string { func (*UpdateAuthorizationRequest) ProtoMessage() {} func (x *UpdateAuthorizationRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[4] + mi := &file_ra_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -274,7 +219,7 @@ func (x *UpdateAuthorizationRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateAuthorizationRequest.ProtoReflect.Descriptor instead. func (*UpdateAuthorizationRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{4} + return file_ra_proto_rawDescGZIP(), []int{3} } func (x *UpdateAuthorizationRequest) GetAuthz() *proto.Authorization { @@ -310,7 +255,7 @@ type PerformValidationRequest struct { func (x *PerformValidationRequest) Reset() { *x = PerformValidationRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[5] + mi := &file_ra_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -323,7 +268,7 @@ func (x *PerformValidationRequest) String() string { func (*PerformValidationRequest) ProtoMessage() {} func (x *PerformValidationRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[5] + mi := &file_ra_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -336,7 +281,7 @@ func (x *PerformValidationRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use PerformValidationRequest.ProtoReflect.Descriptor instead. func (*PerformValidationRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{5} + return file_ra_proto_rawDescGZIP(), []int{4} } func (x *PerformValidationRequest) GetAuthz() *proto.Authorization { @@ -366,7 +311,7 @@ type RevokeCertByApplicantRequest struct { func (x *RevokeCertByApplicantRequest) Reset() { *x = RevokeCertByApplicantRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[6] + mi := &file_ra_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -379,7 +324,7 @@ func (x *RevokeCertByApplicantRequest) String() string { func (*RevokeCertByApplicantRequest) ProtoMessage() {} func (x *RevokeCertByApplicantRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[6] + mi := &file_ra_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -392,7 +337,7 @@ func (x *RevokeCertByApplicantRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeCertByApplicantRequest.ProtoReflect.Descriptor instead. func (*RevokeCertByApplicantRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{6} + return file_ra_proto_rawDescGZIP(), []int{5} } func (x *RevokeCertByApplicantRequest) GetCert() []byte { @@ -427,7 +372,7 @@ type RevokeCertByKeyRequest struct { func (x *RevokeCertByKeyRequest) Reset() { *x = RevokeCertByKeyRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[7] + mi := &file_ra_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -440,7 +385,7 @@ func (x *RevokeCertByKeyRequest) String() string { func (*RevokeCertByKeyRequest) ProtoMessage() {} func (x *RevokeCertByKeyRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[7] + mi := &file_ra_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -453,7 +398,7 @@ func (x *RevokeCertByKeyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeCertByKeyRequest.ProtoReflect.Descriptor instead. func (*RevokeCertByKeyRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{7} + return file_ra_proto_rawDescGZIP(), []int{6} } func (x *RevokeCertByKeyRequest) GetCert() []byte { @@ -484,7 +429,7 @@ type AdministrativelyRevokeCertificateRequest struct { func (x *AdministrativelyRevokeCertificateRequest) Reset() { *x = AdministrativelyRevokeCertificateRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[8] + mi := &file_ra_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -497,7 +442,7 @@ func (x *AdministrativelyRevokeCertificateRequest) String() string { func (*AdministrativelyRevokeCertificateRequest) ProtoMessage() {} func (x *AdministrativelyRevokeCertificateRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[8] + mi := &file_ra_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -510,7 +455,7 @@ func (x *AdministrativelyRevokeCertificateRequest) ProtoReflect() protoreflect.M // Deprecated: Use AdministrativelyRevokeCertificateRequest.ProtoReflect.Descriptor instead. func (*AdministrativelyRevokeCertificateRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{8} + return file_ra_proto_rawDescGZIP(), []int{7} } func (x *AdministrativelyRevokeCertificateRequest) GetCert() []byte { @@ -574,7 +519,7 @@ type NewOrderRequest struct { func (x *NewOrderRequest) Reset() { *x = NewOrderRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[9] + mi := &file_ra_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -587,7 +532,7 @@ func (x *NewOrderRequest) String() string { func (*NewOrderRequest) ProtoMessage() {} func (x *NewOrderRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[9] + mi := &file_ra_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -600,7 +545,7 @@ func (x *NewOrderRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use NewOrderRequest.ProtoReflect.Descriptor instead. func (*NewOrderRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{9} + return file_ra_proto_rawDescGZIP(), []int{8} } func (x *NewOrderRequest) GetRegistrationID() int64 { @@ -656,7 +601,7 @@ type GetAuthorizationRequest struct { func (x *GetAuthorizationRequest) Reset() { *x = GetAuthorizationRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[10] + mi := &file_ra_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -669,7 +614,7 @@ func (x *GetAuthorizationRequest) String() string { func (*GetAuthorizationRequest) ProtoMessage() {} func (x *GetAuthorizationRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[10] + mi := &file_ra_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -682,7 +627,7 @@ func (x *GetAuthorizationRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetAuthorizationRequest.ProtoReflect.Descriptor instead. func (*GetAuthorizationRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{10} + return file_ra_proto_rawDescGZIP(), []int{9} } func (x *GetAuthorizationRequest) GetId() int64 { @@ -704,7 +649,7 @@ type FinalizeOrderRequest struct { func (x *FinalizeOrderRequest) Reset() { *x = FinalizeOrderRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[11] + mi := &file_ra_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -717,7 +662,7 @@ func (x *FinalizeOrderRequest) String() string { func (*FinalizeOrderRequest) ProtoMessage() {} func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[11] + mi := &file_ra_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -730,7 +675,7 @@ func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use FinalizeOrderRequest.ProtoReflect.Descriptor instead. func (*FinalizeOrderRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{11} + return file_ra_proto_rawDescGZIP(), []int{10} } func (x *FinalizeOrderRequest) GetOrder() *proto.Order { @@ -759,7 +704,7 @@ type UnpauseAccountRequest struct { func (x *UnpauseAccountRequest) Reset() { *x = UnpauseAccountRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[12] + mi := &file_ra_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -772,7 +717,7 @@ func (x *UnpauseAccountRequest) String() string { func (*UnpauseAccountRequest) ProtoMessage() {} func (x *UnpauseAccountRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[12] + mi := &file_ra_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -785,7 +730,7 @@ func (x *UnpauseAccountRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UnpauseAccountRequest.ProtoReflect.Descriptor instead. func (*UnpauseAccountRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{12} + return file_ra_proto_rawDescGZIP(), []int{11} } func (x *UnpauseAccountRequest) GetRegistrationID() int64 { @@ -807,7 +752,7 @@ type UnpauseAccountResponse struct { func (x *UnpauseAccountResponse) Reset() { *x = UnpauseAccountResponse{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[13] + mi := &file_ra_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -820,7 +765,7 @@ func (x *UnpauseAccountResponse) String() string { func (*UnpauseAccountResponse) ProtoMessage() {} func (x *UnpauseAccountResponse) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[13] + mi := &file_ra_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -833,7 +778,7 @@ func (x *UnpauseAccountResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use UnpauseAccountResponse.ProtoReflect.Descriptor instead. func (*UnpauseAccountResponse) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{13} + return file_ra_proto_rawDescGZIP(), []int{12} } func (x *UnpauseAccountResponse) GetCount() int64 { @@ -854,169 +799,157 @@ var file_ra_proto_rawDesc = []byte{ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x2d, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x22, 0x6f, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, - 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x26, 0x0a, 0x04, 0x62, 0x61, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x62, 0x61, 0x73, 0x65, 0x12, 0x2a, 0x0a, 0x06, 0x75, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, - 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x75, - 0x70, 0x64, 0x61, 0x74, 0x65, 0x22, 0x66, 0x0a, 0x20, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, - 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, - 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, - 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x22, 0x58, 0x0a, - 0x1c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, - 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x03, 0x6a, 0x77, 0x6b, 0x22, 0x9c, 0x01, 0x0a, 0x1a, 0x55, 0x70, 0x64, 0x61, - 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, - 0x7a, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, - 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, - 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x2b, 0x0a, 0x08, 0x72, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x6f, - 0x72, 0x65, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x72, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6d, 0x0a, 0x18, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, - 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x12, 0x26, 0x0a, - 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, - 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x5c, 0x0a, 0x1c, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, - 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, - 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, - 0x67, 0x49, 0x44, 0x22, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, - 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, - 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, - 0x74, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xca, 0x01, 0x0a, 0x28, 0x41, 0x64, 0x6d, 0x69, - 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, - 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, - 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, - 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, - 0x63, 0x6f, 0x64, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x4e, 0x61, 0x6d, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x4b, - 0x65, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c, - 0x6f, 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x61, 0x6c, 0x66, 0x6f, 0x72, - 0x6d, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6d, 0x61, 0x6c, 0x66, 0x6f, - 0x72, 0x6d, 0x65, 0x64, 0x22, 0xf7, 0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, - 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, + 0x72, 0x69, 0x61, 0x6c, 0x22, 0x66, 0x0a, 0x20, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, + 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, + 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, - 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0e, - 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x41, 0x52, 0x49, 0x52, 0x65, 0x6e, - 0x65, 0x77, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x69, 0x73, 0x41, 0x52, - 0x49, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, - 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, - 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x73, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x6c, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x6c, 0x22, 0x29, - 0x0a, 0x17, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x4b, 0x0a, 0x14, 0x46, 0x69, 0x6e, + 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x22, 0x58, 0x0a, 0x1c, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, + 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x03, 0x6a, 0x77, 0x6b, 0x22, 0x9c, 0x01, 0x0a, 0x1a, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, + 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, + 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, + 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x2b, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x6f, 0x72, + 0x65, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x72, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6d, 0x0a, 0x18, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, + 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x12, 0x26, 0x0a, 0x0e, + 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x49, + 0x6e, 0x64, 0x65, 0x78, 0x22, 0x5c, 0x0a, 0x1c, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, + 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x05, + 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, + 0x49, 0x44, 0x22, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, + 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, + 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, + 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xca, 0x01, 0x0a, 0x28, 0x41, 0x64, 0x6d, 0x69, 0x6e, + 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, + 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, + 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, + 0x6f, 0x64, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x4e, 0x61, 0x6d, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x4e, 0x61, 0x6d, + 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x4b, 0x65, + 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x42, 0x6c, 0x6f, + 0x63, 0x6b, 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x6d, + 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6d, 0x61, 0x6c, 0x66, 0x6f, 0x72, + 0x6d, 0x65, 0x64, 0x22, 0xf7, 0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, + 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x72, + 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, + 0x69, 0x61, 0x6c, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x41, 0x52, 0x49, 0x52, 0x65, 0x6e, 0x65, + 0x77, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x69, 0x73, 0x41, 0x52, 0x49, + 0x52, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, + 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, + 0x1c, 0x0a, 0x09, 0x69, 0x73, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x6c, 0x22, 0x29, 0x0a, + 0x17, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x4b, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, + 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x12, 0x21, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x05, 0x6f, 0x72, + 0x64, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x73, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x03, 0x63, 0x73, 0x72, 0x22, 0x3f, 0x0a, 0x15, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, + 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, + 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x22, 0x2e, 0x0a, 0x16, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, + 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x32, 0x9f, 0x08, 0x0a, 0x15, 0x52, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x57, 0x0a, + 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x24, 0x2e, 0x72, 0x61, 0x2e, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x12, + 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x11, 0x50, 0x65, 0x72, 0x66, 0x6f, + 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x72, + 0x61, 0x2e, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, + 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, + 0x00, 0x12, 0x46, 0x0a, 0x16, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x52, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, + 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x17, 0x44, 0x65, 0x61, + 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, + 0x79, 0x22, 0x00, 0x12, 0x53, 0x0a, 0x15, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, + 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x12, 0x20, 0x2e, 0x72, + 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x47, 0x0a, 0x0f, 0x52, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x2e, 0x72, 0x61, + 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, + 0x00, 0x12, 0x6b, 0x0a, 0x21, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x2c, 0x2e, 0x72, 0x61, 0x2e, 0x41, 0x64, 0x6d, 0x69, + 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x2e, + 0x0a, 0x08, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x13, 0x2e, 0x72, 0x61, 0x2e, + 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x46, + 0x0a, 0x10, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x1b, 0x2e, 0x72, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x38, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, + 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x72, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x21, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x05, 0x6f, - 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x73, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x03, 0x63, 0x73, 0x72, 0x22, 0x3f, 0x0a, 0x15, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, - 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, - 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, - 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x22, 0x2e, 0x0a, 0x16, 0x55, 0x6e, 0x70, 0x61, 0x75, - 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, - 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x32, 0xea, 0x08, 0x0a, 0x15, 0x52, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x49, - 0x0a, 0x12, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, - 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, - 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x57, 0x0a, 0x19, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, - 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x24, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, - 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, - 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, - 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x2e, 0x72, 0x61, - 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x11, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, - 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x72, 0x61, 0x2e, 0x50, 0x65, - 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x46, 0x0a, - 0x16, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, - 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, - 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, - 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x17, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, - 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, - 0x53, 0x0a, 0x15, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, - 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, - 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, - 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, - 0x74, 0x79, 0x22, 0x00, 0x12, 0x47, 0x0a, 0x0f, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, - 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, - 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x6b, 0x0a, - 0x21, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, - 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x12, 0x2c, 0x2e, 0x72, 0x61, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, - 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x2e, 0x0a, 0x08, 0x4e, 0x65, - 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x13, 0x2e, 0x72, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, - 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, - 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x10, 0x47, 0x65, - 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, - 0x2e, 0x72, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, - 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x22, 0x00, 0x12, 0x38, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, - 0x64, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x72, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, - 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0c, - 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x72, - 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x0e, 0x55, 0x6e, 0x70, - 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x19, 0x2e, 0x72, 0x61, - 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, - 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, - 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x72, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, + 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, + 0x12, 0x17, 0x2e, 0x72, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, + 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, + 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, + 0x0e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, + 0x19, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x72, 0x61, 0x2e, + 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, + 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x72, 0x61, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1031,71 +964,66 @@ func file_ra_proto_rawDescGZIP() []byte { return file_ra_proto_rawDescData } -var file_ra_proto_msgTypes = make([]protoimpl.MessageInfo, 14) +var file_ra_proto_msgTypes = make([]protoimpl.MessageInfo, 13) var file_ra_proto_goTypes = []interface{}{ (*GenerateOCSPRequest)(nil), // 0: ra.GenerateOCSPRequest - (*UpdateRegistrationRequest)(nil), // 1: ra.UpdateRegistrationRequest - (*UpdateRegistrationContactRequest)(nil), // 2: ra.UpdateRegistrationContactRequest - (*UpdateRegistrationKeyRequest)(nil), // 3: ra.UpdateRegistrationKeyRequest - (*UpdateAuthorizationRequest)(nil), // 4: ra.UpdateAuthorizationRequest - (*PerformValidationRequest)(nil), // 5: ra.PerformValidationRequest - (*RevokeCertByApplicantRequest)(nil), // 6: ra.RevokeCertByApplicantRequest - (*RevokeCertByKeyRequest)(nil), // 7: ra.RevokeCertByKeyRequest - (*AdministrativelyRevokeCertificateRequest)(nil), // 8: ra.AdministrativelyRevokeCertificateRequest - (*NewOrderRequest)(nil), // 9: ra.NewOrderRequest - (*GetAuthorizationRequest)(nil), // 10: ra.GetAuthorizationRequest - (*FinalizeOrderRequest)(nil), // 11: ra.FinalizeOrderRequest - (*UnpauseAccountRequest)(nil), // 12: ra.UnpauseAccountRequest - (*UnpauseAccountResponse)(nil), // 13: ra.UnpauseAccountResponse - (*proto.Registration)(nil), // 14: core.Registration - (*proto.Authorization)(nil), // 15: core.Authorization - (*proto.Challenge)(nil), // 16: core.Challenge - (*proto.Order)(nil), // 17: core.Order - (*emptypb.Empty)(nil), // 18: google.protobuf.Empty - (*proto1.OCSPResponse)(nil), // 19: ca.OCSPResponse + (*UpdateRegistrationContactRequest)(nil), // 1: ra.UpdateRegistrationContactRequest + (*UpdateRegistrationKeyRequest)(nil), // 2: ra.UpdateRegistrationKeyRequest + (*UpdateAuthorizationRequest)(nil), // 3: ra.UpdateAuthorizationRequest + (*PerformValidationRequest)(nil), // 4: ra.PerformValidationRequest + (*RevokeCertByApplicantRequest)(nil), // 5: ra.RevokeCertByApplicantRequest + (*RevokeCertByKeyRequest)(nil), // 6: ra.RevokeCertByKeyRequest + (*AdministrativelyRevokeCertificateRequest)(nil), // 7: ra.AdministrativelyRevokeCertificateRequest + (*NewOrderRequest)(nil), // 8: ra.NewOrderRequest + (*GetAuthorizationRequest)(nil), // 9: ra.GetAuthorizationRequest + (*FinalizeOrderRequest)(nil), // 10: ra.FinalizeOrderRequest + (*UnpauseAccountRequest)(nil), // 11: ra.UnpauseAccountRequest + (*UnpauseAccountResponse)(nil), // 12: ra.UnpauseAccountResponse + (*proto.Authorization)(nil), // 13: core.Authorization + (*proto.Challenge)(nil), // 14: core.Challenge + (*proto.Order)(nil), // 15: core.Order + (*proto.Registration)(nil), // 16: core.Registration + (*emptypb.Empty)(nil), // 17: google.protobuf.Empty + (*proto1.OCSPResponse)(nil), // 18: ca.OCSPResponse } var file_ra_proto_depIdxs = []int32{ - 14, // 0: ra.UpdateRegistrationRequest.base:type_name -> core.Registration - 14, // 1: ra.UpdateRegistrationRequest.update:type_name -> core.Registration - 15, // 2: ra.UpdateAuthorizationRequest.authz:type_name -> core.Authorization - 16, // 3: ra.UpdateAuthorizationRequest.response:type_name -> core.Challenge - 15, // 4: ra.PerformValidationRequest.authz:type_name -> core.Authorization - 17, // 5: ra.FinalizeOrderRequest.order:type_name -> core.Order - 14, // 6: ra.RegistrationAuthority.NewRegistration:input_type -> core.Registration - 1, // 7: ra.RegistrationAuthority.UpdateRegistration:input_type -> ra.UpdateRegistrationRequest - 2, // 8: ra.RegistrationAuthority.UpdateRegistrationContact:input_type -> ra.UpdateRegistrationContactRequest - 3, // 9: ra.RegistrationAuthority.UpdateRegistrationKey:input_type -> ra.UpdateRegistrationKeyRequest - 5, // 10: ra.RegistrationAuthority.PerformValidation:input_type -> ra.PerformValidationRequest - 14, // 11: ra.RegistrationAuthority.DeactivateRegistration:input_type -> core.Registration - 15, // 12: ra.RegistrationAuthority.DeactivateAuthorization:input_type -> core.Authorization - 6, // 13: ra.RegistrationAuthority.RevokeCertByApplicant:input_type -> ra.RevokeCertByApplicantRequest - 7, // 14: ra.RegistrationAuthority.RevokeCertByKey:input_type -> ra.RevokeCertByKeyRequest - 8, // 15: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:input_type -> ra.AdministrativelyRevokeCertificateRequest - 9, // 16: ra.RegistrationAuthority.NewOrder:input_type -> ra.NewOrderRequest - 10, // 17: ra.RegistrationAuthority.GetAuthorization:input_type -> ra.GetAuthorizationRequest - 11, // 18: ra.RegistrationAuthority.FinalizeOrder:input_type -> ra.FinalizeOrderRequest - 0, // 19: ra.RegistrationAuthority.GenerateOCSP:input_type -> ra.GenerateOCSPRequest - 12, // 20: ra.RegistrationAuthority.UnpauseAccount:input_type -> ra.UnpauseAccountRequest - 14, // 21: ra.RegistrationAuthority.NewRegistration:output_type -> core.Registration - 14, // 22: ra.RegistrationAuthority.UpdateRegistration:output_type -> core.Registration - 14, // 23: ra.RegistrationAuthority.UpdateRegistrationContact:output_type -> core.Registration - 14, // 24: ra.RegistrationAuthority.UpdateRegistrationKey:output_type -> core.Registration - 15, // 25: ra.RegistrationAuthority.PerformValidation:output_type -> core.Authorization - 18, // 26: ra.RegistrationAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty - 18, // 27: ra.RegistrationAuthority.DeactivateAuthorization:output_type -> google.protobuf.Empty - 18, // 28: ra.RegistrationAuthority.RevokeCertByApplicant:output_type -> google.protobuf.Empty - 18, // 29: ra.RegistrationAuthority.RevokeCertByKey:output_type -> google.protobuf.Empty - 18, // 30: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:output_type -> google.protobuf.Empty - 17, // 31: ra.RegistrationAuthority.NewOrder:output_type -> core.Order - 15, // 32: ra.RegistrationAuthority.GetAuthorization:output_type -> core.Authorization - 17, // 33: ra.RegistrationAuthority.FinalizeOrder:output_type -> core.Order - 19, // 34: ra.RegistrationAuthority.GenerateOCSP:output_type -> ca.OCSPResponse - 13, // 35: ra.RegistrationAuthority.UnpauseAccount:output_type -> ra.UnpauseAccountResponse - 21, // [21:36] is the sub-list for method output_type - 6, // [6:21] is the sub-list for method input_type - 6, // [6:6] is the sub-list for extension type_name - 6, // [6:6] is the sub-list for extension extendee - 0, // [0:6] is the sub-list for field type_name + 13, // 0: ra.UpdateAuthorizationRequest.authz:type_name -> core.Authorization + 14, // 1: ra.UpdateAuthorizationRequest.response:type_name -> core.Challenge + 13, // 2: ra.PerformValidationRequest.authz:type_name -> core.Authorization + 15, // 3: ra.FinalizeOrderRequest.order:type_name -> core.Order + 16, // 4: ra.RegistrationAuthority.NewRegistration:input_type -> core.Registration + 1, // 5: ra.RegistrationAuthority.UpdateRegistrationContact:input_type -> ra.UpdateRegistrationContactRequest + 2, // 6: ra.RegistrationAuthority.UpdateRegistrationKey:input_type -> ra.UpdateRegistrationKeyRequest + 4, // 7: ra.RegistrationAuthority.PerformValidation:input_type -> ra.PerformValidationRequest + 16, // 8: ra.RegistrationAuthority.DeactivateRegistration:input_type -> core.Registration + 13, // 9: ra.RegistrationAuthority.DeactivateAuthorization:input_type -> core.Authorization + 5, // 10: ra.RegistrationAuthority.RevokeCertByApplicant:input_type -> ra.RevokeCertByApplicantRequest + 6, // 11: ra.RegistrationAuthority.RevokeCertByKey:input_type -> ra.RevokeCertByKeyRequest + 7, // 12: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:input_type -> ra.AdministrativelyRevokeCertificateRequest + 8, // 13: ra.RegistrationAuthority.NewOrder:input_type -> ra.NewOrderRequest + 9, // 14: ra.RegistrationAuthority.GetAuthorization:input_type -> ra.GetAuthorizationRequest + 10, // 15: ra.RegistrationAuthority.FinalizeOrder:input_type -> ra.FinalizeOrderRequest + 0, // 16: ra.RegistrationAuthority.GenerateOCSP:input_type -> ra.GenerateOCSPRequest + 11, // 17: ra.RegistrationAuthority.UnpauseAccount:input_type -> ra.UnpauseAccountRequest + 16, // 18: ra.RegistrationAuthority.NewRegistration:output_type -> core.Registration + 16, // 19: ra.RegistrationAuthority.UpdateRegistrationContact:output_type -> core.Registration + 16, // 20: ra.RegistrationAuthority.UpdateRegistrationKey:output_type -> core.Registration + 13, // 21: ra.RegistrationAuthority.PerformValidation:output_type -> core.Authorization + 17, // 22: ra.RegistrationAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty + 17, // 23: ra.RegistrationAuthority.DeactivateAuthorization:output_type -> google.protobuf.Empty + 17, // 24: ra.RegistrationAuthority.RevokeCertByApplicant:output_type -> google.protobuf.Empty + 17, // 25: ra.RegistrationAuthority.RevokeCertByKey:output_type -> google.protobuf.Empty + 17, // 26: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:output_type -> google.protobuf.Empty + 15, // 27: ra.RegistrationAuthority.NewOrder:output_type -> core.Order + 13, // 28: ra.RegistrationAuthority.GetAuthorization:output_type -> core.Authorization + 15, // 29: ra.RegistrationAuthority.FinalizeOrder:output_type -> core.Order + 18, // 30: ra.RegistrationAuthority.GenerateOCSP:output_type -> ca.OCSPResponse + 12, // 31: ra.RegistrationAuthority.UnpauseAccount:output_type -> ra.UnpauseAccountResponse + 18, // [18:32] is the sub-list for method output_type + 4, // [4:18] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name } func init() { file_ra_proto_init() } @@ -1117,18 +1045,6 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UpdateRegistrationRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_ra_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UpdateRegistrationContactRequest); i { case 0: return &v.state @@ -1140,7 +1056,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UpdateRegistrationKeyRequest); i { case 0: return &v.state @@ -1152,7 +1068,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UpdateAuthorizationRequest); i { case 0: return &v.state @@ -1164,7 +1080,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*PerformValidationRequest); i { case 0: return &v.state @@ -1176,7 +1092,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*RevokeCertByApplicantRequest); i { case 0: return &v.state @@ -1188,7 +1104,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*RevokeCertByKeyRequest); i { case 0: return &v.state @@ -1200,7 +1116,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AdministrativelyRevokeCertificateRequest); i { case 0: return &v.state @@ -1212,7 +1128,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*NewOrderRequest); i { case 0: return &v.state @@ -1224,7 +1140,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetAuthorizationRequest); i { case 0: return &v.state @@ -1236,7 +1152,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*FinalizeOrderRequest); i { case 0: return &v.state @@ -1248,7 +1164,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UnpauseAccountRequest); i { case 0: return &v.state @@ -1260,7 +1176,7 @@ func file_ra_proto_init() { return nil } } - file_ra_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + file_ra_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UnpauseAccountResponse); i { case 0: return &v.state @@ -1279,7 +1195,7 @@ func file_ra_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_ra_proto_rawDesc, NumEnums: 0, - NumMessages: 14, + NumMessages: 13, NumExtensions: 0, NumServices: 1, }, diff --git a/ra/proto/ra.proto b/ra/proto/ra.proto index 90d356c36c9..21e5b4e7b1d 100644 --- a/ra/proto/ra.proto +++ b/ra/proto/ra.proto @@ -9,7 +9,6 @@ import "google/protobuf/empty.proto"; service RegistrationAuthority { rpc NewRegistration(core.Registration) returns (core.Registration) {} - rpc UpdateRegistration(UpdateRegistrationRequest) returns (core.Registration) {} rpc UpdateRegistrationContact(UpdateRegistrationContactRequest) returns (core.Registration) {} rpc UpdateRegistrationKey(UpdateRegistrationKeyRequest) returns (core.Registration) {} rpc PerformValidation(PerformValidationRequest) returns (core.Authorization) {} @@ -30,11 +29,6 @@ message GenerateOCSPRequest { string serial = 1; } -message UpdateRegistrationRequest { - core.Registration base = 1; - core.Registration update = 2; -} - message UpdateRegistrationContactRequest { int64 registrationID = 1; repeated string contacts = 2; diff --git a/ra/proto/ra_grpc.pb.go b/ra/proto/ra_grpc.pb.go index f120393cbac..85dece89a27 100644 --- a/ra/proto/ra_grpc.pb.go +++ b/ra/proto/ra_grpc.pb.go @@ -23,7 +23,6 @@ const _ = grpc.SupportPackageIsVersion9 const ( RegistrationAuthority_NewRegistration_FullMethodName = "/ra.RegistrationAuthority/NewRegistration" - RegistrationAuthority_UpdateRegistration_FullMethodName = "/ra.RegistrationAuthority/UpdateRegistration" RegistrationAuthority_UpdateRegistrationContact_FullMethodName = "/ra.RegistrationAuthority/UpdateRegistrationContact" RegistrationAuthority_UpdateRegistrationKey_FullMethodName = "/ra.RegistrationAuthority/UpdateRegistrationKey" RegistrationAuthority_PerformValidation_FullMethodName = "/ra.RegistrationAuthority/PerformValidation" @@ -44,7 +43,6 @@ const ( // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type RegistrationAuthorityClient interface { NewRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*proto.Registration, error) - UpdateRegistration(ctx context.Context, in *UpdateRegistrationRequest, opts ...grpc.CallOption) (*proto.Registration, error) UpdateRegistrationContact(ctx context.Context, in *UpdateRegistrationContactRequest, opts ...grpc.CallOption) (*proto.Registration, error) UpdateRegistrationKey(ctx context.Context, in *UpdateRegistrationKeyRequest, opts ...grpc.CallOption) (*proto.Registration, error) PerformValidation(ctx context.Context, in *PerformValidationRequest, opts ...grpc.CallOption) (*proto.Authorization, error) @@ -79,16 +77,6 @@ func (c *registrationAuthorityClient) NewRegistration(ctx context.Context, in *p return out, nil } -func (c *registrationAuthorityClient) UpdateRegistration(ctx context.Context, in *UpdateRegistrationRequest, opts ...grpc.CallOption) (*proto.Registration, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - out := new(proto.Registration) - err := c.cc.Invoke(ctx, RegistrationAuthority_UpdateRegistration_FullMethodName, in, out, cOpts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *registrationAuthorityClient) UpdateRegistrationContact(ctx context.Context, in *UpdateRegistrationContactRequest, opts ...grpc.CallOption) (*proto.Registration, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(proto.Registration) @@ -224,7 +212,6 @@ func (c *registrationAuthorityClient) UnpauseAccount(ctx context.Context, in *Un // for forward compatibility type RegistrationAuthorityServer interface { NewRegistration(context.Context, *proto.Registration) (*proto.Registration, error) - UpdateRegistration(context.Context, *UpdateRegistrationRequest) (*proto.Registration, error) UpdateRegistrationContact(context.Context, *UpdateRegistrationContactRequest) (*proto.Registration, error) UpdateRegistrationKey(context.Context, *UpdateRegistrationKeyRequest) (*proto.Registration, error) PerformValidation(context.Context, *PerformValidationRequest) (*proto.Authorization, error) @@ -249,9 +236,6 @@ type UnimplementedRegistrationAuthorityServer struct { func (UnimplementedRegistrationAuthorityServer) NewRegistration(context.Context, *proto.Registration) (*proto.Registration, error) { return nil, status.Errorf(codes.Unimplemented, "method NewRegistration not implemented") } -func (UnimplementedRegistrationAuthorityServer) UpdateRegistration(context.Context, *UpdateRegistrationRequest) (*proto.Registration, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdateRegistration not implemented") -} func (UnimplementedRegistrationAuthorityServer) UpdateRegistrationContact(context.Context, *UpdateRegistrationContactRequest) (*proto.Registration, error) { return nil, status.Errorf(codes.Unimplemented, "method UpdateRegistrationContact not implemented") } @@ -322,24 +306,6 @@ func _RegistrationAuthority_NewRegistration_Handler(srv interface{}, ctx context return interceptor(ctx, in, info, handler) } -func _RegistrationAuthority_UpdateRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UpdateRegistrationRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(RegistrationAuthorityServer).UpdateRegistration(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: RegistrationAuthority_UpdateRegistration_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(RegistrationAuthorityServer).UpdateRegistration(ctx, req.(*UpdateRegistrationRequest)) - } - return interceptor(ctx, in, info, handler) -} - func _RegistrationAuthority_UpdateRegistrationContact_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(UpdateRegistrationContactRequest) if err := dec(in); err != nil { @@ -585,10 +551,6 @@ var RegistrationAuthority_ServiceDesc = grpc.ServiceDesc{ MethodName: "NewRegistration", Handler: _RegistrationAuthority_NewRegistration_Handler, }, - { - MethodName: "UpdateRegistration", - Handler: _RegistrationAuthority_UpdateRegistration_Handler, - }, { MethodName: "UpdateRegistrationContact", Handler: _RegistrationAuthority_UpdateRegistrationContact_Handler, diff --git a/ra/ra.go b/ra/ra.go index bf882e5a834..f4e8f32088b 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -1574,49 +1574,6 @@ func (ra *RegistrationAuthorityImpl) checkNewOrderLimits(ctx context.Context, na return nil } -// UpdateRegistration updates an existing Registration with new values. Caller -// is responsible for making sure that update.Key is only different from base.Key -// if it is being called from the WFE key change endpoint. -// -// Deprecated: Use UpdateRegistrationContact or UpdateRegistrationKey instead. -func (ra *RegistrationAuthorityImpl) UpdateRegistration(ctx context.Context, req *rapb.UpdateRegistrationRequest) (*corepb.Registration, error) { - // Error if the request is nil, there is no account key or IP address - if req.Base == nil || len(req.Base.Key) == 0 || req.Base.Id == 0 { - return nil, errIncompleteGRPCRequest - } - - err := validateContactsPresent(req.Base.Contact, req.Base.ContactsPresent) - if err != nil { - return nil, err - } - err = validateContactsPresent(req.Update.Contact, req.Update.ContactsPresent) - if err != nil { - return nil, err - } - err = ra.validateContacts(req.Update.Contact) - if err != nil { - return nil, err - } - - update, changed := mergeUpdate(req.Base, req.Update) - if !changed { - // If merging the update didn't actually change the base then our work is - // done, we can return before calling ra.SA.UpdateRegistration since there's - // nothing for the SA to do - return req.Base, nil - } - - _, err = ra.SA.UpdateRegistration(ctx, update) - if err != nil { - // berrors.InternalServerError since the user-data was validated before being - // passed to the SA. - err = berrors.InternalServerError("Could not update registration: %s", err) - return nil, err - } - - return update, nil -} - // UpdateRegistrationContact updates an existing Registration's contact. // The updated contacts field may be empty. func (ra *RegistrationAuthorityImpl) UpdateRegistrationContact(ctx context.Context, req *rapb.UpdateRegistrationContactRequest) (*corepb.Registration, error) { @@ -1657,81 +1614,6 @@ func (ra *RegistrationAuthorityImpl) UpdateRegistrationKey(ctx context.Context, return update, nil } -func contactsEqual(a []string, b []string) bool { - if len(a) != len(b) { - return false - } - - // If there is an existing contact slice and it has the same length as the - // new contact slice we need to look at each contact to determine if there - // is a change being made. Use `sort.Strings` here to ensure a consistent - // comparison - sort.Strings(a) - sort.Strings(b) - for i := range len(b) { - // If the contact's string representation differs at any index they aren't - // equal - if a[i] != b[i] { - return false - } - } - - // They are equal! - return true -} - -// MergeUpdate returns a new corepb.Registration with the majority of its fields -// copies from the base Registration, and a subset (Contact, Agreement, and Key) -// copied from the update Registration. It also returns a boolean indicating -// whether or not this operation resulted in a Registration which differs from -// the base. -func mergeUpdate(base *corepb.Registration, update *corepb.Registration) (*corepb.Registration, bool) { - var changed bool - - // Start by copying all of the fields. - res := &corepb.Registration{ - Id: base.Id, - Key: base.Key, - Contact: base.Contact, - ContactsPresent: base.ContactsPresent, - Agreement: base.Agreement, - CreatedAt: base.CreatedAt, - Status: base.Status, - } - - // Note: we allow update.Contact to overwrite base.Contact even if the former - // is empty in order to allow users to remove the contact associated with - // a registration. If the update has ContactsPresent set to false, then we - // know it is not attempting to update the contacts field. - if update.ContactsPresent && !contactsEqual(base.Contact, update.Contact) { - res.Contact = update.Contact - res.ContactsPresent = update.ContactsPresent - changed = true - } - - if len(update.Agreement) > 0 && update.Agreement != base.Agreement { - res.Agreement = update.Agreement - changed = true - } - - if len(update.Key) > 0 { - if len(update.Key) != len(base.Key) { - res.Key = update.Key - changed = true - } else { - for i := range len(base.Key) { - if update.Key[i] != base.Key[i] { - res.Key = update.Key - changed = true - break - } - } - } - } - - return res, changed -} - // recordValidation records an authorization validation event, // it should only be used on v2 style authorizations. func (ra *RegistrationAuthorityImpl) recordValidation(ctx context.Context, authID string, authExpires *time.Time, challenge *core.Challenge) error { diff --git a/ra/ra_test.go b/ra/ra_test.go index 143178e4ead..68cd31c4bdc 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -588,61 +588,6 @@ func TestNewRegistrationBadKey(t *testing.T) { test.AssertError(t, err, "Should have rejected authorization with short key") } -type NoUpdateSA struct { - sapb.StorageAuthorityClient -} - -// Deprecated: When this function is removed, the NoUpdateSA should be moved -// down to join the other mocks and tests for UpdateRegistrationContact & Key, -// where it's also used. -func (sa *NoUpdateSA) UpdateRegistration(_ context.Context, _ *corepb.Registration, _ ...grpc.CallOption) (*emptypb.Empty, error) { - return nil, fmt.Errorf("UpdateRegistration() is mocked to always error") -} - -func (sa *NoUpdateSA) UpdateRegistrationContact(_ context.Context, _ *sapb.UpdateRegistrationContactRequest, _ ...grpc.CallOption) (*corepb.Registration, error) { - return nil, fmt.Errorf("UpdateRegistrationContact() is mocked to always error") -} - -func (sa *NoUpdateSA) UpdateRegistrationKey(_ context.Context, _ *sapb.UpdateRegistrationKeyRequest, _ ...grpc.CallOption) (*corepb.Registration, error) { - return nil, fmt.Errorf("UpdateRegistrationKey() is mocked to always error") -} - -func TestUpdateRegistrationSame(t *testing.T) { - _, _, ra, _, _, cleanUp := initAuthorities(t) - defer cleanUp() - mailto := "mailto:foo@letsencrypt.org" - - // Make a new registration with AccountKeyC and a Contact - acctKeyC, err := AccountKeyC.MarshalJSON() - test.AssertNotError(t, err, "failed to marshal account key") - reg := &corepb.Registration{ - Key: acctKeyC, - Contact: []string{mailto}, - ContactsPresent: true, - Agreement: "I agreed", - } - result, err := ra.NewRegistration(ctx, reg) - test.AssertNotError(t, err, "Could not create new registration") - - // Switch to a mock SA that will always error if UpdateRegistration() is called - ra.SA = &NoUpdateSA{} - - // Make an update to the registration with the same Contact & Agreement values. - updateSame := &corepb.Registration{ - Id: result.Id, - Key: acctKeyC, - Contact: []string{mailto}, - ContactsPresent: true, - Agreement: "I agreed", - } - - // The update operation should *not* error, even with the NoUpdateSA because - // UpdateRegistration() should not be called when the update content doesn't - // actually differ from the existing content - _, err = ra.UpdateRegistration(ctx, &rapb.UpdateRegistrationRequest{Base: result, Update: updateSame}) - test.AssertNotError(t, err, "Error updating registration") -} - func TestPerformValidationExpired(t *testing.T) { _, sa, ra, _, fc, cleanUp := initAuthorities(t) defer cleanUp() @@ -1267,95 +1212,6 @@ func TestCheckExactCertificateLimit(t *testing.T) { } } -func TestRegistrationUpdate(t *testing.T) { - oldURL := "http://old.invalid" - newURL := "http://new.invalid" - base := &corepb.Registration{ - Id: 1, - Contact: []string{oldURL}, - Agreement: "", - } - update := &corepb.Registration{ - Contact: []string{newURL}, - ContactsPresent: true, - Agreement: "totally!", - } - - res, changed := mergeUpdate(base, update) - test.AssertEquals(t, changed, true) - test.AssertEquals(t, res.Contact[0], update.Contact[0]) - test.AssertEquals(t, res.Agreement, update.Agreement) - - // Make sure that a `MergeUpdate` call with an empty string doesn't produce an - // error and results in a change to the base reg. - emptyUpdate := &corepb.Registration{ - Contact: []string{""}, - ContactsPresent: true, - Agreement: "totally!", - } - _, changed = mergeUpdate(res, emptyUpdate) - test.AssertEquals(t, changed, true) -} - -func TestRegistrationContactUpdate(t *testing.T) { - contactURL := "mailto://example@example.com" - - // Test that a registration contact can be removed by updating with an empty - // Contact slice. - base := &corepb.Registration{ - Id: 1, - Contact: []string{contactURL}, - Agreement: "totally!", - } - update := &corepb.Registration{ - Id: 1, - Contact: []string{}, - ContactsPresent: true, - Agreement: "totally!", - } - res, changed := mergeUpdate(base, update) - test.AssertEquals(t, changed, true) - test.Assert(t, len(res.Contact) == 0, "Contact was not deleted in update") - - // Test that a registration contact isn't changed when an update is performed - // with no Contact field - base = &corepb.Registration{ - Id: 1, - Contact: []string{contactURL}, - Agreement: "totally!", - } - update = &corepb.Registration{ - Id: 1, - Agreement: "totally!", - } - res, changed = mergeUpdate(base, update) - test.AssertEquals(t, changed, false) - test.Assert(t, len(res.Contact) == 1, "len(Contact) was updated unexpectedly") - test.Assert(t, (res.Contact)[0] == contactURL, "Contact was changed unexpectedly") -} - -func TestRegistrationKeyUpdate(t *testing.T) { - oldKey, err := rsa.GenerateKey(rand.Reader, 512) - test.AssertNotError(t, err, "rsa.GenerateKey() for oldKey failed") - oldKeyJSON, err := jose.JSONWebKey{Key: oldKey}.MarshalJSON() - test.AssertNotError(t, err, "MarshalJSON for oldKey failed") - - base := &corepb.Registration{Key: oldKeyJSON} - update := &corepb.Registration{} - _, changed := mergeUpdate(base, update) - test.Assert(t, !changed, "mergeUpdate changed the key with empty update") - - newKey, err := rsa.GenerateKey(rand.Reader, 1024) - test.AssertNotError(t, err, "rsa.GenerateKey() for newKey failed") - newKeyJSON, err := jose.JSONWebKey{Key: newKey}.MarshalJSON() - test.AssertNotError(t, err, "MarshalJSON for newKey failed") - - update = &corepb.Registration{Key: newKeyJSON} - res, changed := mergeUpdate(base, update) - test.Assert(t, changed, "mergeUpdate didn't change the key with non-empty update") - test.AssertByteEquals(t, res.Key, update.Key) -} - // A mockSAWithFQDNSet is a mock StorageAuthority that supports // CountCertificatesByName as well as FQDNSetExists. This allows testing // checkCertificatesPerNameRateLimit's FQDN exemption logic. @@ -4505,6 +4361,18 @@ func TestGetAuthorization(t *testing.T) { test.AssertEquals(t, len(authz.Challenges), 0) } +type NoUpdateSA struct { + sapb.StorageAuthorityClient +} + +func (sa *NoUpdateSA) UpdateRegistrationContact(_ context.Context, _ *sapb.UpdateRegistrationContactRequest, _ ...grpc.CallOption) (*corepb.Registration, error) { + return nil, fmt.Errorf("UpdateRegistrationContact() is mocked to always error") +} + +func (sa *NoUpdateSA) UpdateRegistrationKey(_ context.Context, _ *sapb.UpdateRegistrationKeyRequest, _ ...grpc.CallOption) (*corepb.Registration, error) { + return nil, fmt.Errorf("UpdateRegistrationKey() is mocked to always error") +} + // mockSARecordingRegistration tests UpdateRegistrationContact and UpdateRegistrationKey. type mockSARecordingRegistration struct { sapb.StorageAuthorityClient diff --git a/sa/proto/sa.pb.go b/sa/proto/sa.pb.go index c8b42859f3e..98361911ac0 100644 --- a/sa/proto/sa.pb.go +++ b/sa/proto/sa.pb.go @@ -3415,7 +3415,7 @@ var file_sa_proto_rawDesc = []byte{ 0x75, 0x73, 0x65, 0x64, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x0f, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, - 0x69, 0x65, 0x72, 0x73, 0x22, 0x00, 0x32, 0xec, 0x1a, 0x0a, 0x10, 0x53, 0x74, 0x6f, 0x72, 0x61, + 0x69, 0x65, 0x72, 0x73, 0x22, 0x00, 0x32, 0xa8, 0x1a, 0x0a, 0x10, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x53, 0x0a, 0x18, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x23, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, @@ -3593,47 +3593,43 @@ var file_sa_proto_rawDesc = []byte{ 0x4f, 0x72, 0x64, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x12, 0x55, + 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x57, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, - 0x57, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x24, 0x2e, 0x73, - 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, - 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, - 0x79, 0x12, 0x20, 0x2e, 0x73, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, - 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x18, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x46, 0x0a, - 0x0d, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x12, 0x18, - 0x2e, 0x73, 0x61, 0x2e, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, - 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x4c, 0x65, - 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, - 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x12, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x44, 0x0a, 0x10, - 0x50, 0x61, 0x75, 0x73, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, - 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x49, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, - 0x75, 0x6e, 0x74, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, - 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x73, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x24, 0x2e, 0x73, 0x61, 0x2e, 0x55, 0x70, + 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, + 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, + 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x2e, + 0x73, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x18, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, + 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x0d, 0x4c, 0x65, 0x61, + 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, + 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, + 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x00, 0x12, 0x45, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, + 0x61, 0x72, 0x64, 0x12, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, + 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x44, 0x0a, 0x10, 0x50, 0x61, 0x75, 0x73, + 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, 0x10, 0x2e, 0x73, + 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, + 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x31, + 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, + 0x00, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, + 0x64, 0x65, 0x72, 0x2f, 0x73, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -3827,96 +3823,94 @@ var file_sa_proto_depIdxs = []int32{ 30, // 111: sa.StorageAuthority.RevokeCertificate:input_type -> sa.RevokeCertificateRequest 22, // 112: sa.StorageAuthority.SetOrderError:input_type -> sa.SetOrderErrorRequest 18, // 113: sa.StorageAuthority.SetOrderProcessing:input_type -> sa.OrderRequest - 56, // 114: sa.StorageAuthority.UpdateRegistration:input_type -> core.Registration - 46, // 115: sa.StorageAuthority.UpdateRegistrationContact:input_type -> sa.UpdateRegistrationContactRequest - 47, // 116: sa.StorageAuthority.UpdateRegistrationKey:input_type -> sa.UpdateRegistrationKeyRequest - 30, // 117: sa.StorageAuthority.UpdateRevokedCertificate:input_type -> sa.RevokeCertificateRequest - 40, // 118: sa.StorageAuthority.LeaseCRLShard:input_type -> sa.LeaseCRLShardRequest - 42, // 119: sa.StorageAuthority.UpdateCRLShard:input_type -> sa.UpdateCRLShardRequest - 44, // 120: sa.StorageAuthority.PauseIdentifiers:input_type -> sa.PauseRequest - 0, // 121: sa.StorageAuthority.UnpauseAccount:input_type -> sa.RegistrationID - 10, // 122: sa.StorageAuthorityReadOnly.CountCertificatesByNames:output_type -> sa.CountByNames - 7, // 123: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:output_type -> sa.Count - 7, // 124: sa.StorageAuthorityReadOnly.CountOrders:output_type -> sa.Count - 7, // 125: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:output_type -> sa.Count - 15, // 126: sa.StorageAuthorityReadOnly.FQDNSetExists:output_type -> sa.Exists - 8, // 127: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps - 53, // 128: sa.StorageAuthorityReadOnly.GetAuthorization2:output_type -> core.Authorization - 27, // 129: sa.StorageAuthorityReadOnly.GetAuthorizations2:output_type -> sa.Authorizations - 57, // 130: sa.StorageAuthorityReadOnly.GetCertificate:output_type -> core.Certificate - 57, // 131: sa.StorageAuthorityReadOnly.GetLintPrecertificate:output_type -> core.Certificate - 58, // 132: sa.StorageAuthorityReadOnly.GetCertificateStatus:output_type -> core.CertificateStatus - 49, // 133: sa.StorageAuthorityReadOnly.GetMaxExpiration:output_type -> google.protobuf.Timestamp - 59, // 134: sa.StorageAuthorityReadOnly.GetOrder:output_type -> core.Order - 59, // 135: sa.StorageAuthorityReadOnly.GetOrderForNames:output_type -> core.Order - 56, // 136: sa.StorageAuthorityReadOnly.GetRegistration:output_type -> core.Registration - 56, // 137: sa.StorageAuthorityReadOnly.GetRegistrationByKey:output_type -> core.Registration - 39, // 138: sa.StorageAuthorityReadOnly.GetRevocationStatus:output_type -> sa.RevocationStatus - 60, // 139: sa.StorageAuthorityReadOnly.GetRevokedCerts:output_type -> core.CRLEntry - 5, // 140: sa.StorageAuthorityReadOnly.GetSerialMetadata:output_type -> sa.SerialMetadata - 4, // 141: sa.StorageAuthorityReadOnly.GetSerialsByAccount:output_type -> sa.Serial - 4, // 142: sa.StorageAuthorityReadOnly.GetSerialsByKey:output_type -> sa.Serial - 27, // 143: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:output_type -> sa.Authorizations - 27, // 144: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:output_type -> sa.Authorizations - 35, // 145: sa.StorageAuthorityReadOnly.IncidentsForSerial:output_type -> sa.Incidents - 15, // 146: sa.StorageAuthorityReadOnly.KeyBlocked:output_type -> sa.Exists - 15, // 147: sa.StorageAuthorityReadOnly.ReplacementOrderExists:output_type -> sa.Exists - 37, // 148: sa.StorageAuthorityReadOnly.SerialsForIncident:output_type -> sa.IncidentSerial - 43, // 149: sa.StorageAuthorityReadOnly.CheckIdentifiersPaused:output_type -> sa.Identifiers - 43, // 150: sa.StorageAuthorityReadOnly.GetPausedIdentifiers:output_type -> sa.Identifiers - 10, // 151: sa.StorageAuthority.CountCertificatesByNames:output_type -> sa.CountByNames - 7, // 152: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count - 7, // 153: sa.StorageAuthority.CountOrders:output_type -> sa.Count - 7, // 154: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count - 15, // 155: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists - 8, // 156: sa.StorageAuthority.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps - 53, // 157: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization - 27, // 158: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations - 57, // 159: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate - 57, // 160: sa.StorageAuthority.GetLintPrecertificate:output_type -> core.Certificate - 58, // 161: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus - 49, // 162: sa.StorageAuthority.GetMaxExpiration:output_type -> google.protobuf.Timestamp - 59, // 163: sa.StorageAuthority.GetOrder:output_type -> core.Order - 59, // 164: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order - 56, // 165: sa.StorageAuthority.GetRegistration:output_type -> core.Registration - 56, // 166: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration - 39, // 167: sa.StorageAuthority.GetRevocationStatus:output_type -> sa.RevocationStatus - 60, // 168: sa.StorageAuthority.GetRevokedCerts:output_type -> core.CRLEntry - 5, // 169: sa.StorageAuthority.GetSerialMetadata:output_type -> sa.SerialMetadata - 4, // 170: sa.StorageAuthority.GetSerialsByAccount:output_type -> sa.Serial - 4, // 171: sa.StorageAuthority.GetSerialsByKey:output_type -> sa.Serial - 27, // 172: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations - 27, // 173: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations - 35, // 174: sa.StorageAuthority.IncidentsForSerial:output_type -> sa.Incidents - 15, // 175: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists - 15, // 176: sa.StorageAuthority.ReplacementOrderExists:output_type -> sa.Exists - 37, // 177: sa.StorageAuthority.SerialsForIncident:output_type -> sa.IncidentSerial - 43, // 178: sa.StorageAuthority.CheckIdentifiersPaused:output_type -> sa.Identifiers - 43, // 179: sa.StorageAuthority.GetPausedIdentifiers:output_type -> sa.Identifiers - 55, // 180: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty - 55, // 181: sa.StorageAuthority.AddCertificate:output_type -> google.protobuf.Empty - 55, // 182: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty - 55, // 183: sa.StorageAuthority.SetCertificateStatusReady:output_type -> google.protobuf.Empty - 55, // 184: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty - 55, // 185: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty - 55, // 186: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty - 55, // 187: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty - 55, // 188: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty - 59, // 189: sa.StorageAuthority.NewOrderAndAuthzs:output_type -> core.Order - 56, // 190: sa.StorageAuthority.NewRegistration:output_type -> core.Registration - 55, // 191: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty - 55, // 192: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty - 55, // 193: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty - 55, // 194: sa.StorageAuthority.UpdateRegistration:output_type -> google.protobuf.Empty - 56, // 195: sa.StorageAuthority.UpdateRegistrationContact:output_type -> core.Registration - 56, // 196: sa.StorageAuthority.UpdateRegistrationKey:output_type -> core.Registration - 55, // 197: sa.StorageAuthority.UpdateRevokedCertificate:output_type -> google.protobuf.Empty - 41, // 198: sa.StorageAuthority.LeaseCRLShard:output_type -> sa.LeaseCRLShardResponse - 55, // 199: sa.StorageAuthority.UpdateCRLShard:output_type -> google.protobuf.Empty - 45, // 200: sa.StorageAuthority.PauseIdentifiers:output_type -> sa.PauseIdentifiersResponse - 7, // 201: sa.StorageAuthority.UnpauseAccount:output_type -> sa.Count - 122, // [122:202] is the sub-list for method output_type - 42, // [42:122] is the sub-list for method input_type + 46, // 114: sa.StorageAuthority.UpdateRegistrationContact:input_type -> sa.UpdateRegistrationContactRequest + 47, // 115: sa.StorageAuthority.UpdateRegistrationKey:input_type -> sa.UpdateRegistrationKeyRequest + 30, // 116: sa.StorageAuthority.UpdateRevokedCertificate:input_type -> sa.RevokeCertificateRequest + 40, // 117: sa.StorageAuthority.LeaseCRLShard:input_type -> sa.LeaseCRLShardRequest + 42, // 118: sa.StorageAuthority.UpdateCRLShard:input_type -> sa.UpdateCRLShardRequest + 44, // 119: sa.StorageAuthority.PauseIdentifiers:input_type -> sa.PauseRequest + 0, // 120: sa.StorageAuthority.UnpauseAccount:input_type -> sa.RegistrationID + 10, // 121: sa.StorageAuthorityReadOnly.CountCertificatesByNames:output_type -> sa.CountByNames + 7, // 122: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:output_type -> sa.Count + 7, // 123: sa.StorageAuthorityReadOnly.CountOrders:output_type -> sa.Count + 7, // 124: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:output_type -> sa.Count + 15, // 125: sa.StorageAuthorityReadOnly.FQDNSetExists:output_type -> sa.Exists + 8, // 126: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps + 53, // 127: sa.StorageAuthorityReadOnly.GetAuthorization2:output_type -> core.Authorization + 27, // 128: sa.StorageAuthorityReadOnly.GetAuthorizations2:output_type -> sa.Authorizations + 57, // 129: sa.StorageAuthorityReadOnly.GetCertificate:output_type -> core.Certificate + 57, // 130: sa.StorageAuthorityReadOnly.GetLintPrecertificate:output_type -> core.Certificate + 58, // 131: sa.StorageAuthorityReadOnly.GetCertificateStatus:output_type -> core.CertificateStatus + 49, // 132: sa.StorageAuthorityReadOnly.GetMaxExpiration:output_type -> google.protobuf.Timestamp + 59, // 133: sa.StorageAuthorityReadOnly.GetOrder:output_type -> core.Order + 59, // 134: sa.StorageAuthorityReadOnly.GetOrderForNames:output_type -> core.Order + 56, // 135: sa.StorageAuthorityReadOnly.GetRegistration:output_type -> core.Registration + 56, // 136: sa.StorageAuthorityReadOnly.GetRegistrationByKey:output_type -> core.Registration + 39, // 137: sa.StorageAuthorityReadOnly.GetRevocationStatus:output_type -> sa.RevocationStatus + 60, // 138: sa.StorageAuthorityReadOnly.GetRevokedCerts:output_type -> core.CRLEntry + 5, // 139: sa.StorageAuthorityReadOnly.GetSerialMetadata:output_type -> sa.SerialMetadata + 4, // 140: sa.StorageAuthorityReadOnly.GetSerialsByAccount:output_type -> sa.Serial + 4, // 141: sa.StorageAuthorityReadOnly.GetSerialsByKey:output_type -> sa.Serial + 27, // 142: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:output_type -> sa.Authorizations + 27, // 143: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:output_type -> sa.Authorizations + 35, // 144: sa.StorageAuthorityReadOnly.IncidentsForSerial:output_type -> sa.Incidents + 15, // 145: sa.StorageAuthorityReadOnly.KeyBlocked:output_type -> sa.Exists + 15, // 146: sa.StorageAuthorityReadOnly.ReplacementOrderExists:output_type -> sa.Exists + 37, // 147: sa.StorageAuthorityReadOnly.SerialsForIncident:output_type -> sa.IncidentSerial + 43, // 148: sa.StorageAuthorityReadOnly.CheckIdentifiersPaused:output_type -> sa.Identifiers + 43, // 149: sa.StorageAuthorityReadOnly.GetPausedIdentifiers:output_type -> sa.Identifiers + 10, // 150: sa.StorageAuthority.CountCertificatesByNames:output_type -> sa.CountByNames + 7, // 151: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count + 7, // 152: sa.StorageAuthority.CountOrders:output_type -> sa.Count + 7, // 153: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count + 15, // 154: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists + 8, // 155: sa.StorageAuthority.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps + 53, // 156: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization + 27, // 157: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations + 57, // 158: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate + 57, // 159: sa.StorageAuthority.GetLintPrecertificate:output_type -> core.Certificate + 58, // 160: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus + 49, // 161: sa.StorageAuthority.GetMaxExpiration:output_type -> google.protobuf.Timestamp + 59, // 162: sa.StorageAuthority.GetOrder:output_type -> core.Order + 59, // 163: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order + 56, // 164: sa.StorageAuthority.GetRegistration:output_type -> core.Registration + 56, // 165: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration + 39, // 166: sa.StorageAuthority.GetRevocationStatus:output_type -> sa.RevocationStatus + 60, // 167: sa.StorageAuthority.GetRevokedCerts:output_type -> core.CRLEntry + 5, // 168: sa.StorageAuthority.GetSerialMetadata:output_type -> sa.SerialMetadata + 4, // 169: sa.StorageAuthority.GetSerialsByAccount:output_type -> sa.Serial + 4, // 170: sa.StorageAuthority.GetSerialsByKey:output_type -> sa.Serial + 27, // 171: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations + 27, // 172: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations + 35, // 173: sa.StorageAuthority.IncidentsForSerial:output_type -> sa.Incidents + 15, // 174: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists + 15, // 175: sa.StorageAuthority.ReplacementOrderExists:output_type -> sa.Exists + 37, // 176: sa.StorageAuthority.SerialsForIncident:output_type -> sa.IncidentSerial + 43, // 177: sa.StorageAuthority.CheckIdentifiersPaused:output_type -> sa.Identifiers + 43, // 178: sa.StorageAuthority.GetPausedIdentifiers:output_type -> sa.Identifiers + 55, // 179: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty + 55, // 180: sa.StorageAuthority.AddCertificate:output_type -> google.protobuf.Empty + 55, // 181: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty + 55, // 182: sa.StorageAuthority.SetCertificateStatusReady:output_type -> google.protobuf.Empty + 55, // 183: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty + 55, // 184: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty + 55, // 185: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty + 55, // 186: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty + 55, // 187: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty + 59, // 188: sa.StorageAuthority.NewOrderAndAuthzs:output_type -> core.Order + 56, // 189: sa.StorageAuthority.NewRegistration:output_type -> core.Registration + 55, // 190: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty + 55, // 191: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty + 55, // 192: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty + 56, // 193: sa.StorageAuthority.UpdateRegistrationContact:output_type -> core.Registration + 56, // 194: sa.StorageAuthority.UpdateRegistrationKey:output_type -> core.Registration + 55, // 195: sa.StorageAuthority.UpdateRevokedCertificate:output_type -> google.protobuf.Empty + 41, // 196: sa.StorageAuthority.LeaseCRLShard:output_type -> sa.LeaseCRLShardResponse + 55, // 197: sa.StorageAuthority.UpdateCRLShard:output_type -> google.protobuf.Empty + 45, // 198: sa.StorageAuthority.PauseIdentifiers:output_type -> sa.PauseIdentifiersResponse + 7, // 199: sa.StorageAuthority.UnpauseAccount:output_type -> sa.Count + 121, // [121:200] is the sub-list for method output_type + 42, // [42:121] is the sub-list for method input_type 42, // [42:42] is the sub-list for extension type_name 42, // [42:42] is the sub-list for extension extendee 0, // [0:42] is the sub-list for field type_name diff --git a/sa/proto/sa.proto b/sa/proto/sa.proto index a44c97b657e..6ec1f0e9dc7 100644 --- a/sa/proto/sa.proto +++ b/sa/proto/sa.proto @@ -88,7 +88,6 @@ service StorageAuthority { rpc RevokeCertificate(RevokeCertificateRequest) returns (google.protobuf.Empty) {} rpc SetOrderError(SetOrderErrorRequest) returns (google.protobuf.Empty) {} rpc SetOrderProcessing(OrderRequest) returns (google.protobuf.Empty) {} - rpc UpdateRegistration(core.Registration) returns (google.protobuf.Empty) {} rpc UpdateRegistrationContact(UpdateRegistrationContactRequest) returns (core.Registration) {} rpc UpdateRegistrationKey(UpdateRegistrationKeyRequest) returns (core.Registration) {} rpc UpdateRevokedCertificate(RevokeCertificateRequest) returns (google.protobuf.Empty) {} diff --git a/sa/proto/sa_grpc.pb.go b/sa/proto/sa_grpc.pb.go index 0094aa2d791..126ca987388 100644 --- a/sa/proto/sa_grpc.pb.go +++ b/sa/proto/sa_grpc.pb.go @@ -1234,7 +1234,6 @@ const ( StorageAuthority_RevokeCertificate_FullMethodName = "/sa.StorageAuthority/RevokeCertificate" StorageAuthority_SetOrderError_FullMethodName = "/sa.StorageAuthority/SetOrderError" StorageAuthority_SetOrderProcessing_FullMethodName = "/sa.StorageAuthority/SetOrderProcessing" - StorageAuthority_UpdateRegistration_FullMethodName = "/sa.StorageAuthority/UpdateRegistration" StorageAuthority_UpdateRegistrationContact_FullMethodName = "/sa.StorageAuthority/UpdateRegistrationContact" StorageAuthority_UpdateRegistrationKey_FullMethodName = "/sa.StorageAuthority/UpdateRegistrationKey" StorageAuthority_UpdateRevokedCertificate_FullMethodName = "/sa.StorageAuthority/UpdateRevokedCertificate" @@ -1293,7 +1292,6 @@ type StorageAuthorityClient interface { RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) SetOrderError(ctx context.Context, in *SetOrderErrorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) SetOrderProcessing(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) - UpdateRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*emptypb.Empty, error) UpdateRegistrationContact(ctx context.Context, in *UpdateRegistrationContactRequest, opts ...grpc.CallOption) (*proto.Registration, error) UpdateRegistrationKey(ctx context.Context, in *UpdateRegistrationKeyRequest, opts ...grpc.CallOption) (*proto.Registration, error) UpdateRevokedCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) @@ -1777,16 +1775,6 @@ func (c *storageAuthorityClient) SetOrderProcessing(ctx context.Context, in *Ord return out, nil } -func (c *storageAuthorityClient) UpdateRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*emptypb.Empty, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - out := new(emptypb.Empty) - err := c.cc.Invoke(ctx, StorageAuthority_UpdateRegistration_FullMethodName, in, out, cOpts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *storageAuthorityClient) UpdateRegistrationContact(ctx context.Context, in *UpdateRegistrationContactRequest, opts ...grpc.CallOption) (*proto.Registration, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(proto.Registration) @@ -1906,7 +1894,6 @@ type StorageAuthorityServer interface { RevokeCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error) SetOrderError(context.Context, *SetOrderErrorRequest) (*emptypb.Empty, error) SetOrderProcessing(context.Context, *OrderRequest) (*emptypb.Empty, error) - UpdateRegistration(context.Context, *proto.Registration) (*emptypb.Empty, error) UpdateRegistrationContact(context.Context, *UpdateRegistrationContactRequest) (*proto.Registration, error) UpdateRegistrationKey(context.Context, *UpdateRegistrationKeyRequest) (*proto.Registration, error) UpdateRevokedCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error) @@ -2050,9 +2037,6 @@ func (UnimplementedStorageAuthorityServer) SetOrderError(context.Context, *SetOr func (UnimplementedStorageAuthorityServer) SetOrderProcessing(context.Context, *OrderRequest) (*emptypb.Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method SetOrderProcessing not implemented") } -func (UnimplementedStorageAuthorityServer) UpdateRegistration(context.Context, *proto.Registration) (*emptypb.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdateRegistration not implemented") -} func (UnimplementedStorageAuthorityServer) UpdateRegistrationContact(context.Context, *UpdateRegistrationContactRequest) (*proto.Registration, error) { return nil, status.Errorf(codes.Unimplemented, "method UpdateRegistrationContact not implemented") } @@ -2833,24 +2817,6 @@ func _StorageAuthority_SetOrderProcessing_Handler(srv interface{}, ctx context.C return interceptor(ctx, in, info, handler) } -func _StorageAuthority_UpdateRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(proto.Registration) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(StorageAuthorityServer).UpdateRegistration(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: StorageAuthority_UpdateRegistration_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(StorageAuthorityServer).UpdateRegistration(ctx, req.(*proto.Registration)) - } - return interceptor(ctx, in, info, handler) -} - func _StorageAuthority_UpdateRegistrationContact_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(UpdateRegistrationContactRequest) if err := dec(in); err != nil { @@ -3140,10 +3106,6 @@ var StorageAuthority_ServiceDesc = grpc.ServiceDesc{ MethodName: "SetOrderProcessing", Handler: _StorageAuthority_SetOrderProcessing_Handler, }, - { - MethodName: "UpdateRegistration", - Handler: _StorageAuthority_UpdateRegistration_Handler, - }, { MethodName: "UpdateRegistrationContact", Handler: _StorageAuthority_UpdateRegistrationContact_Handler, diff --git a/sa/sa.go b/sa/sa.go index c7be24ae5ef..afaac89f221 100644 --- a/sa/sa.go +++ b/sa/sa.go @@ -125,46 +125,6 @@ func (ssa *SQLStorageAuthority) NewRegistration(ctx context.Context, req *corepb return registrationModelToPb(reg) } -// UpdateRegistration stores an updated Registration -// -// Deprecated: Use UpdateRegistrationContact or UpdateRegistrationKey instead. -func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, req *corepb.Registration) (*emptypb.Empty, error) { - if req == nil || req.Id == 0 || len(req.Key) == 0 { - return nil, errIncompleteRequest - } - - curr, err := selectRegistration(ctx, ssa.dbMap, "id", req.Id) - if err != nil { - if db.IsNoRows(err) { - return nil, berrors.NotFoundError("registration with ID '%d' not found", req.Id) - } - return nil, err - } - - update, err := registrationPbToModel(req) - if err != nil { - return nil, err - } - - // Copy the existing registration model's LockCol to the new updated - // registration model's LockCol - update.LockCol = curr.LockCol - n, err := ssa.dbMap.Update(ctx, update) - if err != nil { - if db.IsDuplicate(err) { - // duplicate entry error can only happen when jwk_sha256 collides, indicate - // to caller that the provided key is already in use - return nil, berrors.DuplicateError("key is already in use for a different account") - } - return nil, err - } - if n == 0 { - return nil, berrors.NotFoundError("registration with ID '%d' not found", req.Id) - } - - return &emptypb.Empty{}, nil -} - // UpdateRegistrationContact stores an updated contact in a Registration. // The updated contacts field may be empty. func (ssa *SQLStorageAuthority) UpdateRegistrationContact(ctx context.Context, req *sapb.UpdateRegistrationContactRequest) (*corepb.Registration, error) { diff --git a/sa/sa_test.go b/sa/sa_test.go index e358082ac68..5426e3998a6 100644 --- a/sa/sa_test.go +++ b/sa/sa_test.go @@ -202,19 +202,15 @@ func TestAddRegistration(t *testing.T) { test.AssertByteEquals(t, dbReg.Key, jwkJSON) test.AssertDeepEquals(t, dbReg.CreatedAt.AsTime(), createdAt) - newReg := &corepb.Registration{ - Id: reg.Id, - Key: jwkJSON, - Contact: []string{"test.com"}, - Agreement: "yes", + newReg := &sapb.UpdateRegistrationContactRequest{ + RegistrationID: reg.Id, + Contacts: []string{"test.com"}, } - _, err = sa.UpdateRegistration(ctx, newReg) - test.AssertNotError(t, err, fmt.Sprintf("Couldn't get registration with ID %v", reg.Id)) - dbReg, err = sa.GetRegistrationByKey(ctx, &sapb.JSONWebKey{Jwk: jwkJSON}) - test.AssertNotError(t, err, "Couldn't get registration by key") + _, err = sa.UpdateRegistrationContact(ctx, newReg) + test.AssertNotError(t, err, fmt.Sprintf("Couldn't update registration with ID %v", reg.Id)) - test.AssertEquals(t, dbReg.Id, newReg.Id) - test.AssertEquals(t, dbReg.Agreement, newReg.Agreement) + _, err = sa.GetRegistrationByKey(ctx, &sapb.JSONWebKey{Jwk: jwkJSON}) + test.AssertNotError(t, err, "Couldn't get registration by key") anotherKey := `{ "kty":"RSA", @@ -239,7 +235,7 @@ func TestNoSuchRegistrationErrors(t *testing.T) { _, err = sa.GetRegistrationByKey(ctx, &sapb.JSONWebKey{Jwk: jwkJSON}) test.AssertErrorIs(t, err, berrors.NotFound) - _, err = sa.UpdateRegistration(ctx, &corepb.Registration{Id: 100, Key: jwkJSON}) + _, err = sa.UpdateRegistrationKey(ctx, &sapb.UpdateRegistrationKeyRequest{RegistrationID: 100, Jwk: jwkJSON}) test.AssertErrorIs(t, err, berrors.NotFound) } From a7ee3692fecbdf7f3f32b7e072ccdb825983cb17 Mon Sep 17 00:00:00 2001 From: James Renken Date: Fri, 3 Jan 2025 17:41:53 -0800 Subject: [PATCH 02/14] Fix expected error --- sa/sa_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sa/sa_test.go b/sa/sa_test.go index 5426e3998a6..63b28d047c4 100644 --- a/sa/sa_test.go +++ b/sa/sa_test.go @@ -236,7 +236,7 @@ func TestNoSuchRegistrationErrors(t *testing.T) { test.AssertErrorIs(t, err, berrors.NotFound) _, err = sa.UpdateRegistrationKey(ctx, &sapb.UpdateRegistrationKeyRequest{RegistrationID: 100, Jwk: jwkJSON}) - test.AssertErrorIs(t, err, berrors.NotFound) + test.AssertErrorIs(t, err, berrors.InternalServer) } func TestSelectRegistration(t *testing.T) { From 4b94ef301e4b6af4a9fb28eb4f288530418283cb Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 7 Jan 2025 13:27:28 -0800 Subject: [PATCH 03/14] ci: build packages without fpm (#7915) For now, run alongside the `fpm` build and create `boulder-newpkg-*` packages. If these packages work, we'll eliminate the `fpm` build. --- tools/make-assets.sh | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/tools/make-assets.sh b/tools/make-assets.sh index a284a4b002e..67c0c03b378 100755 --- a/tools/make-assets.sh +++ b/tools/make-assets.sh @@ -43,5 +43,47 @@ export ARCHIVEDIR="${PWD}" # Set $VERSION to be a simulacrum of what is set in other build environments. export VERSION="${GO_VERSION}.$(date +%s)" -# Build Boulder and produce a .deb and a tar.gz file in $PWD. +# Build Boulder. +make + +# Produce a .deb and a tar.gz file in $PWD. make deb tar + +# Produce a .deb and .tar.gz in $PWD without using `make` or `fpm`. The +# resulting files will be named `boulder-newpkg-*`. Eventually this code +# will be used to produce the regular `boulder-*` packages. +BOULDER="${PWD}" +BUILD="$(mktemp -d)" +TARGET="${BUILD}/opt/boulder" + +COMMIT_ID="$(git rev-parse --short=8 HEAD)" + +mkdir -p "${TARGET}/bin" +for NAME in admin boulder ceremony ct-test-srv ; do + cp -a "bin/${NAME}" "${TARGET}/bin/" +done + +mkdir -p "${TARGET}/test" +cp -a "${BOULDER}/test/config/" "${TARGET}/test/config/" + +mkdir -p "${TARGET}/sa" +cp -a "${BOULDER}/sa/db/" "${TARGET}/sa/db/" + +cp -a "${BOULDER}/data/" "${TARGET}/data/" + +mkdir "${BUILD}/DEBIAN" +cat > "${BUILD}/DEBIAN/control" <<-EOF +Package: boulder +Version: 1:${VERSION} +License: Mozilla Public License v2.0 +Vendor: ISRG +Architecture: arm64 +Maintainer: Community +Section: default +Priority: extra +Homepage: https://github.com/letsencrypt/boulder +Description: Boulder is an ACME-compatible X.509 Certificate Authority +EOF + +dpkg-deb -Zgzip -b "${BUILD}" "${ARCHIVEDIR}/boulder-newpkg-${VERSION}-${COMMIT_ID}.x86_64.deb" +tar -C "${TARGET}" -cpzf "${ARCHIVEDIR}/boulder-newpkg-${VERSION}-${COMMIT_ID}.amd64.tar.gz" . From 84172ca7a91d868a7cd504a4424c298c92438a07 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 7 Jan 2025 13:28:36 -0800 Subject: [PATCH 04/14] doc: add detail on ShutdownStopTimeout (#7921) Also move the ShutdownStopTimeout stanza next to timeout, and make the comment the same across the multiple components. In the future we may want to factor out some of the common config fields into a struct that can be embedded. --- cmd/boulder-wfe2/main.go | 9 ++++++--- cmd/ocsp-responder/main.go | 11 +++++++---- cmd/sfe/main.go | 7 ++++--- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/cmd/boulder-wfe2/main.go b/cmd/boulder-wfe2/main.go index 2ad988180fc..625026cfecb 100644 --- a/cmd/boulder-wfe2/main.go +++ b/cmd/boulder-wfe2/main.go @@ -42,16 +42,19 @@ type Config struct { TLSListenAddress string `validate:"omitempty,hostname_port"` // Timeout is the per-request overall timeout. This should be slightly - // lower than the upstream's timeout when making requests to the WFE. + // lower than the upstream's timeout when making requests to this service. Timeout config.Duration `validate:"-"` + // ShutdownStopTimeout determines the maximum amount of time to wait + // for extant request handlers to complete before exiting. It should be + // greater than Timeout. + ShutdownStopTimeout config.Duration + ServerCertificatePath string `validate:"required_with=TLSListenAddress"` ServerKeyPath string `validate:"required_with=TLSListenAddress"` AllowOrigins []string - ShutdownStopTimeout config.Duration - SubscriberAgreementURL string TLS cmd.TLSConfig diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go index 4c14ead1e39..ec03eb05fc9 100644 --- a/cmd/ocsp-responder/main.go +++ b/cmd/ocsp-responder/main.go @@ -51,10 +51,15 @@ type Config struct { // OCSP requests. This has a default value of ":80". ListenAddress string `validate:"omitempty,hostname_port"` - // When to timeout a request. This should be slightly lower than the - // upstream's timeout when making request to ocsp-responder. + // Timeout is the per-request overall timeout. This should be slightly + // lower than the upstream's timeout when making requests to this service. Timeout config.Duration `validate:"-"` + // ShutdownStopTimeout determines the maximum amount of time to wait + // for extant request handlers to complete before exiting. It should be + // greater than Timeout. + ShutdownStopTimeout config.Duration + // How often a response should be signed when using Redis/live-signing // path. This has a default value of 60h. LiveSigningPeriod config.Duration `validate:"-"` @@ -80,8 +85,6 @@ type Config struct { // 40 * 5 / 0.02 = 10,000 requests before the oldest request times out. MaxSigningWaiters int `validate:"min=0"` - ShutdownStopTimeout config.Duration - RequiredSerialPrefixes []string `validate:"omitempty,dive,hexadecimal"` Features features.Config diff --git a/cmd/sfe/main.go b/cmd/sfe/main.go index ebd06cac061..aeb8e8b9d22 100644 --- a/cmd/sfe/main.go +++ b/cmd/sfe/main.go @@ -25,11 +25,12 @@ type Config struct { ListenAddress string `validate:"omitempty,hostname_port"` // Timeout is the per-request overall timeout. This should be slightly - // lower than the upstream's timeout when making requests to the SFE. + // lower than the upstream's timeout when making requests to this service. Timeout config.Duration `validate:"-"` - // ShutdownStopTimeout is the duration that the SFE will wait before - // shutting down any listening servers. + // ShutdownStopTimeout determines the maximum amount of time to wait + // for extant request handlers to complete before exiting. It should be + // greater than Timeout. ShutdownStopTimeout config.Duration TLS cmd.TLSConfig From 43f65853906cd66613ded2bda91b6c227bd2ae9e Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 7 Jan 2025 13:28:47 -0800 Subject: [PATCH 05/14] sa: clean up config gates in tests (#7923) Remove the gates for the paused and revokedCertificates tables, which are now live and in `config`. Refine the documentation for the orderModelv2 migration. --- sa/sa_test.go | 52 +++------------------------------------------------ 1 file changed, 3 insertions(+), 49 deletions(-) diff --git a/sa/sa_test.go b/sa/sa_test.go index ad5082d195b..bd90db7de20 100644 --- a/sa/sa_test.go +++ b/sa/sa_test.go @@ -1350,9 +1350,8 @@ func TestOrderWithOrderModelv1(t *testing.T) { } func TestOrderWithOrderModelv2(t *testing.T) { - // This test requires the config-next db schema to run. if !strings.Contains(os.Getenv("BOULDER_CONFIG_DIR"), "test/config-next") { - t.Skip() + t.Skip("Test requires 20240304000000_CertificateProfiles.sql migration to have run") } sa, fc, cleanup := initSA(t) @@ -1467,9 +1466,8 @@ func TestOrderWithOrderModelv2(t *testing.T) { } func TestOrderModelMigration(t *testing.T) { - // This test requires the config-next db schema to run. if !strings.Contains(os.Getenv("BOULDER_CONFIG_DIR"), "test/config-next") { - t.Skip() + t.Skip("Test requires 20240304000000_CertificateProfiles.sql migration to have run") } sa, fc, cleanup := initSA(t) @@ -1504,9 +1502,8 @@ func TestOrderModelMigration(t *testing.T) { } func TestOrderModelMigrationRollback(t *testing.T) { - // This test requires the config-next db schema to run. if !strings.Contains(os.Getenv("BOULDER_CONFIG_DIR"), "test/config-next") { - t.Skip() + t.Skip("Test requires 20240304000000_CertificateProfiles.sql migration to have run") } sa, fc, cleanup := initSA(t) @@ -2072,10 +2069,6 @@ func TestRevokeCertificate(t *testing.T) { } func TestRevokeCertificateWithShard(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires revokedCertificates database table") - } - sa, fc, cleanUp := initSA(t) defer cleanUp() @@ -2237,10 +2230,6 @@ func TestUpdateRevokedCertificate(t *testing.T) { } func TestUpdateRevokedCertificateWithShard(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires revokedCertificates database table") - } - sa, fc, cleanUp := initSA(t) defer cleanUp() @@ -2298,10 +2287,6 @@ func TestUpdateRevokedCertificateWithShard(t *testing.T) { } func TestUpdateRevokedCertificateWithShardInterim(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires revokedCertificates database table") - } - sa, fc, cleanUp := initSA(t) defer cleanUp() @@ -3368,10 +3353,6 @@ func TestGetRevokedCerts(t *testing.T) { } func TestGetRevokedCertsByShard(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires revokedCertificates database table") - } - sa, _, cleanUp := initSA(t) defer cleanUp() @@ -3889,10 +3870,6 @@ func TestUpdateCRLShard(t *testing.T) { } func TestReplacementOrderExists(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires replacementOrders database table") - } - sa, fc, cleanUp := initSA(t) defer cleanUp() @@ -4116,9 +4093,6 @@ func TestGetSerialsByAccount(t *testing.T) { } func TestUnpauseAccount(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires paused database table") - } sa, _, cleanUp := initSA(t) defer cleanUp() @@ -4245,10 +4219,6 @@ func bulkInsertPausedIdentifiers(ctx context.Context, sa *SQLStorageAuthority, c } func TestUnpauseAccountWithTwoLoops(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires paused database table") - } - sa, _, cleanUp := initSA(t) defer cleanUp() @@ -4261,10 +4231,6 @@ func TestUnpauseAccountWithTwoLoops(t *testing.T) { } func TestUnpauseAccountWithMaxLoops(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires paused database table") - } - sa, _, cleanUp := initSA(t) defer cleanUp() @@ -4277,9 +4243,6 @@ func TestUnpauseAccountWithMaxLoops(t *testing.T) { } func TestPauseIdentifiers(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires paused database table") - } sa, _, cleanUp := initSA(t) defer cleanUp() @@ -4461,9 +4424,6 @@ func TestPauseIdentifiers(t *testing.T) { } func TestCheckIdentifiersPaused(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires paused database table") - } sa, _, cleanUp := initSA(t) defer cleanUp() @@ -4605,9 +4565,6 @@ func TestCheckIdentifiersPaused(t *testing.T) { } func TestGetPausedIdentifiers(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires paused database table") - } sa, _, cleanUp := initSA(t) defer cleanUp() @@ -4717,9 +4674,6 @@ func TestGetPausedIdentifiers(t *testing.T) { } func TestGetPausedIdentifiersOnlyUnpausesOneAccount(t *testing.T) { - if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" { - t.Skip("Test requires paused database table") - } sa, _, cleanUp := initSA(t) defer cleanUp() From ec5821f5cb03974f510fbead19b9e17708fa02bd Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 7 Jan 2025 14:28:47 -0800 Subject: [PATCH 06/14] sa: streamline use of dates in test (#7924) Add mustTime and mustTimestamp, each of which parses a time in a simple format and panics if it cannot be parsed. Also, make the intent of each check in the GetRevokedCerts tests a little clearer by starting with a basicRequest, and then defining variations in terms of that request. Fix the "different issuer" case in `TestGetRevokedCerts`, which was not actually setting a different issuer. --- sa/sa_test.go | 142 ++++++++++++++++++++++---------------------------- 1 file changed, 63 insertions(+), 79 deletions(-) diff --git a/sa/sa_test.go b/sa/sa_test.go index bd90db7de20..2ac2d6ad69a 100644 --- a/sa/sa_test.go +++ b/sa/sa_test.go @@ -64,6 +64,18 @@ var ( }` ) +func mustTime(s string) time.Time { + t, err := time.Parse("2006-01-02 15:04", s) + if err != nil { + panic(fmt.Sprintf("parsing %q: %s", s, err)) + } + return t.UTC() +} + +func mustTimestamp(s string) *timestamppb.Timestamp { + return timestamppb.New(mustTime(s)) +} + type fakeServerStream[T any] struct { grpc.ServerStream output chan<- *T @@ -95,7 +107,7 @@ func initSA(t testing.TB) (*SQLStorageAuthority, clock.FakeClock, func()) { } fc := clock.NewFake() - fc.Set(time.Date(2015, 3, 4, 5, 0, 0, 0, time.UTC)) + fc.Set(mustTime("2015-03-04 05:00")) saro, err := NewSQLStorageAuthorityRO(dbMap, dbIncidentsMap, metrics.NoopRegisterer, 1, 0, fc, log) if err != nil { @@ -116,7 +128,7 @@ func createWorkingRegistration(t testing.TB, sa *SQLStorageAuthority) *corepb.Re reg, err := sa.NewRegistration(context.Background(), &corepb.Registration{ Key: []byte(theKey), Contact: []string{"mailto:foo@example.com"}, - CreatedAt: timestamppb.New(time.Date(2003, 5, 10, 0, 0, 0, 0, time.UTC)), + CreatedAt: mustTimestamp("2003-05-10 00:00"), Status: string(core.StatusValid), }) if err != nil { @@ -404,11 +416,11 @@ func TestAddPrecertificate(t *testing.T) { // Add the cert as a precertificate regID := reg.Id - issuedTime := time.Date(2018, 4, 1, 7, 0, 0, 0, time.UTC) + issuedTime := mustTimestamp("2018-04-01 07:00") _, err := sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ Der: testCert.Raw, RegID: regID, - Issued: timestamppb.New(issuedTime), + Issued: issuedTime, IssuerNameID: 1, }) test.AssertNotError(t, err, "Couldn't add test cert") @@ -431,7 +443,7 @@ func TestAddPrecertificate(t *testing.T) { _, err = sa.AddCertificate(ctx, &sapb.AddCertificateRequest{ Der: testCert.Raw, RegID: regID, - Issued: timestamppb.New(issuedTime), + Issued: issuedTime, }) test.AssertNotError(t, err, "unexpected err adding final cert after precert") } @@ -444,11 +456,11 @@ func TestAddPrecertificateNoOCSP(t *testing.T) { _, testCert := test.ThrowAwayCert(t, clk) regID := reg.Id - issuedTime := time.Date(2018, 4, 1, 7, 0, 0, 0, time.UTC) + issuedTime := mustTimestamp("2018-04-01 07:00") _, err := sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ Der: testCert.Raw, RegID: regID, - Issued: timestamppb.New(issuedTime), + Issued: issuedTime, IssuerNameID: 1, }) test.AssertNotError(t, err, "Couldn't add test cert") @@ -492,11 +504,10 @@ func TestAddPrecertificateIncomplete(t *testing.T) { // Add the cert as a precertificate regID := reg.Id - issuedTime := time.Date(2018, 4, 1, 7, 0, 0, 0, time.UTC) _, err := sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ Der: testCert.Raw, RegID: regID, - Issued: timestamppb.New(issuedTime), + Issued: mustTimestamp("2018-04-01 07:00"), // Leaving out IssuerNameID }) @@ -854,7 +865,7 @@ func (e *queryRecorder) QueryContext(ctx context.Context, query string, args ... func TestAddIssuedNames(t *testing.T) { serial := big.NewInt(1) expectedSerial := "000000000000000000000000000000000001" - notBefore := time.Date(2018, 2, 14, 12, 0, 0, 0, time.UTC) + notBefore := mustTime("2018-02-14 12:00") expectedNotBefore := notBefore.Truncate(24 * time.Hour) placeholdersPerName := "(?,?,?,?)" baseQuery := "INSERT INTO issuedNames (reversedName,serial,notBefore,renewal) VALUES" @@ -2524,7 +2535,7 @@ func TestFinalizeAuthorization2(t *testing.T) { sa, fc, cleanUp := initSA(t) defer cleanUp() - fc.Set(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC)) + fc.Set(mustTime("2021-01-01 00:00")) authzID := createPendingAuthorization(t, sa, "aaa", fc.Now().Add(time.Hour)) expires := fc.Now().Add(time.Hour * 2).UTC() @@ -2596,7 +2607,7 @@ func TestRehydrateHostPort(t *testing.T) { sa, fc, cleanUp := initSA(t) defer cleanUp() - fc.Set(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC)) + fc.Set(mustTime("2021-01-01 00:00")) expires := fc.Now().Add(time.Hour * 2).UTC() attemptedAt := fc.Now() @@ -3280,73 +3291,59 @@ func TestGetRevokedCerts(t *testing.T) { return entriesReceived, err } - // Asking for revoked certs now should return no results. - expiresAfter := time.Date(2023, time.March, 1, 0, 0, 0, 0, time.UTC) - expiresBefore := time.Date(2023, time.April, 1, 0, 0, 0, 0, time.UTC) - revokedBefore := time.Date(2023, time.April, 1, 0, 0, 0, 0, time.UTC) - count, err := countRevokedCerts(&sapb.GetRevokedCertsRequest{ + // The basic request covers a time range that should include this certificate. + basicRequest := &sapb.GetRevokedCertsRequest{ IssuerNameID: 1, - ExpiresAfter: timestamppb.New(expiresAfter), - ExpiresBefore: timestamppb.New(expiresBefore), - RevokedBefore: timestamppb.New(revokedBefore), - }) + ExpiresAfter: mustTimestamp("2023-03-01 00:00"), + ExpiresBefore: mustTimestamp("2023-04-01 00:00"), + RevokedBefore: mustTimestamp("2023-04-01 00:00"), + } + count, err := countRevokedCerts(basicRequest) test.AssertNotError(t, err, "zero rows shouldn't result in error") test.AssertEquals(t, count, 0) // Revoke the certificate. - date := time.Date(2023, time.January, 1, 0, 0, 0, 0, time.UTC) _, err = sa.RevokeCertificate(context.Background(), &sapb.RevokeCertificateRequest{ IssuerID: 1, Serial: core.SerialToString(eeCert.SerialNumber), - Date: timestamppb.New(date), + Date: mustTimestamp("2023-01-01 00:00"), Reason: 1, Response: []byte{1, 2, 3}, }) test.AssertNotError(t, err, "failed to revoke test cert") // Asking for revoked certs now should return one result. - count, err = countRevokedCerts(&sapb.GetRevokedCertsRequest{ - IssuerNameID: 1, - ExpiresAfter: timestamppb.New(expiresAfter), - ExpiresBefore: timestamppb.New(expiresBefore), - RevokedBefore: timestamppb.New(revokedBefore), - }) + count, err = countRevokedCerts(basicRequest) test.AssertNotError(t, err, "normal usage shouldn't result in error") test.AssertEquals(t, count, 1) // Asking for revoked certs with an old RevokedBefore should return no results. - expiresAfter = time.Date(2023, time.March, 1, 0, 0, 0, 0, time.UTC) - expiresBefore = time.Date(2023, time.April, 1, 0, 0, 0, 0, time.UTC) - revokedBefore = time.Date(2020, time.March, 1, 0, 0, 0, 0, time.UTC) count, err = countRevokedCerts(&sapb.GetRevokedCertsRequest{ IssuerNameID: 1, - ExpiresAfter: timestamppb.New(expiresAfter), - ExpiresBefore: timestamppb.New(expiresBefore), - RevokedBefore: timestamppb.New(revokedBefore), + ExpiresAfter: basicRequest.ExpiresAfter, + ExpiresBefore: basicRequest.ExpiresBefore, + RevokedBefore: mustTimestamp("2020-03-01 00:00"), }) test.AssertNotError(t, err, "zero rows shouldn't result in error") test.AssertEquals(t, count, 0) // Asking for revoked certs in a time period that does not cover this cert's // notAfter timestamp should return zero results. - expiresAfter = time.Date(2022, time.March, 1, 0, 0, 0, 0, time.UTC) - expiresBefore = time.Date(2022, time.April, 1, 0, 0, 0, 0, time.UTC) - revokedBefore = time.Date(2023, time.April, 1, 0, 0, 0, 0, time.UTC) count, err = countRevokedCerts(&sapb.GetRevokedCertsRequest{ IssuerNameID: 1, - ExpiresAfter: timestamppb.New(expiresAfter), - ExpiresBefore: timestamppb.New(expiresBefore), - RevokedBefore: timestamppb.New(revokedBefore), + ExpiresAfter: mustTimestamp("2022-03-01 00:00"), + ExpiresBefore: mustTimestamp("2022-04-01 00:00"), + RevokedBefore: mustTimestamp("2023-04-01 00:00"), }) test.AssertNotError(t, err, "zero rows shouldn't result in error") test.AssertEquals(t, count, 0) // Asking for revoked certs from a different issuer should return zero results. count, err = countRevokedCerts(&sapb.GetRevokedCertsRequest{ - IssuerNameID: 1, - ExpiresAfter: timestamppb.New(time.Date(2022, time.March, 1, 0, 0, 0, 0, time.UTC)), - ExpiresBefore: timestamppb.New(time.Date(2022, time.April, 1, 0, 0, 0, 0, time.UTC)), - RevokedBefore: timestamppb.New(time.Date(2023, time.April, 1, 0, 0, 0, 0, time.UTC)), + IssuerNameID: 5678, + ExpiresAfter: basicRequest.ExpiresAfter, + ExpiresBefore: basicRequest.ExpiresBefore, + RevokedBefore: basicRequest.RevokedBefore, }) test.AssertNotError(t, err, "zero rows shouldn't result in error") test.AssertEquals(t, count, 0) @@ -3400,25 +3397,25 @@ func TestGetRevokedCertsByShard(t *testing.T) { return entriesReceived, err } - // Asking for revoked certs now should return no results. - expiresAfter := time.Date(2023, time.March, 1, 0, 0, 0, 0, time.UTC) - revokedBefore := time.Date(2023, time.April, 1, 0, 0, 0, 0, time.UTC) - count, err := countRevokedCerts(&sapb.GetRevokedCertsRequest{ + // The basic request covers a time range and shard that should include this certificate. + basicRequest := &sapb.GetRevokedCertsRequest{ IssuerNameID: 1, ShardIdx: 9, - ExpiresAfter: timestamppb.New(expiresAfter), - RevokedBefore: timestamppb.New(revokedBefore), - }) + ExpiresAfter: mustTimestamp("2023-03-01 00:00"), + RevokedBefore: mustTimestamp("2023-04-01 00:00"), + } + + // Nothing's been revoked yet. Count should be zero. + count, err := countRevokedCerts(basicRequest) test.AssertNotError(t, err, "zero rows shouldn't result in error") test.AssertEquals(t, count, 0) // Revoke the certificate, providing the ShardIdx so it gets written into // both the certificateStatus and revokedCertificates tables. - date := time.Date(2023, time.January, 1, 0, 0, 0, 0, time.UTC) _, err = sa.RevokeCertificate(context.Background(), &sapb.RevokeCertificateRequest{ IssuerID: 1, Serial: core.SerialToString(eeCert.SerialNumber), - Date: timestamppb.New(date), + Date: mustTimestamp("2023-01-01 00:00"), Reason: 1, Response: []byte{1, 2, 3}, ShardIdx: 9, @@ -3433,49 +3430,36 @@ func TestGetRevokedCertsByShard(t *testing.T) { test.AssertEquals(t, c.Int64, int64(1)) // Asking for revoked certs now should return one result. - expiresAfter = time.Date(2023, time.March, 1, 0, 0, 0, 0, time.UTC) - revokedBefore = time.Date(2023, time.April, 1, 0, 0, 0, 0, time.UTC) - count, err = countRevokedCerts(&sapb.GetRevokedCertsRequest{ - IssuerNameID: 1, - ShardIdx: 9, - ExpiresAfter: timestamppb.New(expiresAfter), - RevokedBefore: timestamppb.New(revokedBefore), - }) + count, err = countRevokedCerts(basicRequest) test.AssertNotError(t, err, "normal usage shouldn't result in error") test.AssertEquals(t, count, 1) // Asking for revoked certs from a different issuer should return zero results. - expiresAfter = time.Date(2023, time.March, 1, 0, 0, 0, 0, time.UTC) - revokedBefore = time.Date(2023, time.April, 1, 0, 0, 0, 0, time.UTC) count, err = countRevokedCerts(&sapb.GetRevokedCertsRequest{ - IssuerNameID: 2, - ShardIdx: 9, - ExpiresAfter: timestamppb.New(expiresAfter), - RevokedBefore: timestamppb.New(revokedBefore), + IssuerNameID: 5678, + ShardIdx: basicRequest.ShardIdx, + ExpiresAfter: basicRequest.ExpiresAfter, + RevokedBefore: basicRequest.RevokedBefore, }) test.AssertNotError(t, err, "zero rows shouldn't result in error") test.AssertEquals(t, count, 0) // Asking for revoked certs from a different shard should return zero results. - expiresAfter = time.Date(2023, time.March, 1, 0, 0, 0, 0, time.UTC) - revokedBefore = time.Date(2023, time.April, 1, 0, 0, 0, 0, time.UTC) count, err = countRevokedCerts(&sapb.GetRevokedCertsRequest{ - IssuerNameID: 1, + IssuerNameID: basicRequest.IssuerNameID, ShardIdx: 8, - ExpiresAfter: timestamppb.New(expiresAfter), - RevokedBefore: timestamppb.New(revokedBefore), + ExpiresAfter: basicRequest.ExpiresAfter, + RevokedBefore: basicRequest.RevokedBefore, }) test.AssertNotError(t, err, "zero rows shouldn't result in error") test.AssertEquals(t, count, 0) // Asking for revoked certs with an old RevokedBefore should return no results. - expiresAfter = time.Date(2023, time.March, 1, 0, 0, 0, 0, time.UTC) - revokedBefore = time.Date(2020, time.March, 1, 0, 0, 0, 0, time.UTC) count, err = countRevokedCerts(&sapb.GetRevokedCertsRequest{ - IssuerNameID: 1, - ShardIdx: 9, - ExpiresAfter: timestamppb.New(expiresAfter), - RevokedBefore: timestamppb.New(revokedBefore), + IssuerNameID: basicRequest.IssuerNameID, + ShardIdx: basicRequest.ShardIdx, + ExpiresAfter: basicRequest.ExpiresAfter, + RevokedBefore: mustTimestamp("2020-03-01 00:00"), }) test.AssertNotError(t, err, "zero rows shouldn't result in error") test.AssertEquals(t, count, 0) From 2e8237eba445b15b96986f2fc5f527e24d8c4f50 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 7 Jan 2025 15:48:47 -0800 Subject: [PATCH 07/14] use core.IsAnyNilOrZero more places (#7925) There were a bunch of places that had `TODO(#7153)`; that issue is now closed, so let's tidy up. --- ra/ra.go | 6 ++---- sa/sa.go | 18 ++++++------------ sa/saro.go | 9 +++------ wfe2/wfe.go | 21 +++++++-------------- 4 files changed, 18 insertions(+), 36 deletions(-) diff --git a/ra/ra.go b/ra/ra.go index 99619e248b5..2173d68af24 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -1761,8 +1761,7 @@ func (ra *RegistrationAuthorityImpl) PerformValidation( // Clock for start of PerformValidation. vStart := ra.clk.Now() - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if req.Authz == nil || req.Authz.Id == "" || req.Authz.DnsName == "" || req.Authz.Status == "" || core.IsAnyNilOrZero(req.Authz.Expires) { + if core.IsAnyNilOrZero(req.Authz, req.Authz.Id, req.Authz.DnsName, req.Authz.Status, req.Authz.Expires) { return nil, errIncompleteGRPCRequest } @@ -2459,8 +2458,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New // Error if an incomplete order is returned. if existingOrder != nil { // Check to see if the expected fields of the existing order are set. - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if existingOrder.Id == 0 || existingOrder.Status == "" || existingOrder.RegistrationID == 0 || len(existingOrder.DnsNames) == 0 || core.IsAnyNilOrZero(existingOrder.Created, existingOrder.Expires) { + if core.IsAnyNilOrZero(existingOrder.Id, existingOrder.Status, existingOrder.RegistrationID, existingOrder.DnsNames, existingOrder.Created, existingOrder.Expires) { return nil, errIncompleteGRPCResponse } diff --git a/sa/sa.go b/sa/sa.go index aa82a7d7a2c..e24120d7e4e 100644 --- a/sa/sa.go +++ b/sa/sa.go @@ -241,8 +241,7 @@ func (ssa *SQLStorageAuthority) UpdateRegistrationKey(ctx context.Context, req * // AddSerial writes a record of a serial number generation to the DB. func (ssa *SQLStorageAuthority) AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*emptypb.Empty, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if req.Serial == "" || req.RegID == 0 || core.IsAnyNilOrZero(req.Created, req.Expires) { + if core.IsAnyNilOrZero(req.Serial, req.RegID, req.Created, req.Expires) { return nil, errIncompleteRequest } err := ssa.dbMap.Insert(ctx, &recordedSerialModel{ @@ -292,8 +291,7 @@ func (ssa *SQLStorageAuthority) SetCertificateStatusReady(ctx context.Context, r // certificate multiple times. Calling code needs to first insert the cert's // serial into the Serials table to ensure uniqueness. func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if len(req.Der) == 0 || req.RegID == 0 || req.IssuerNameID == 0 || core.IsAnyNilOrZero(req.Issued) { + if core.IsAnyNilOrZero(req.Der, req.RegID, req.IssuerNameID, req.Issued) { return nil, errIncompleteRequest } parsed, err := x509.ParseCertificate(req.Der) @@ -384,8 +382,7 @@ func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb // AddCertificate stores an issued certificate, returning an error if it is a // duplicate or if any other failure occurs. func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if len(req.Der) == 0 || req.RegID == 0 || core.IsAnyNilOrZero(req.Issued) { + if core.IsAnyNilOrZero(req.Der, req.RegID, req.Issued) { return nil, errIncompleteRequest } parsedCertificate, err := x509.ParseCertificate(req.Der) @@ -839,8 +836,7 @@ func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *sapb.Fin // the authorization is being moved to invalid the validationError field must be set. If the // authorization is being moved to valid the validationRecord and expires fields must be set. func (ssa *SQLStorageAuthority) FinalizeAuthorization2(ctx context.Context, req *sapb.FinalizeAuthorizationRequest) (*emptypb.Empty, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if req.Status == "" || req.Attempted == "" || req.Id == 0 || core.IsAnyNilOrZero(req.Expires) { + if core.IsAnyNilOrZero(req.Status, req.Attempted, req.Id, req.Expires) { return nil, errIncompleteRequest } @@ -962,8 +958,7 @@ func addRevokedCertificate(ctx context.Context, tx db.Executor, req *sapb.Revoke // RevokeCertificate stores revocation information about a certificate. It will only store this // information if the certificate is not already marked as revoked. func (ssa *SQLStorageAuthority) RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if req.Serial == "" || req.IssuerID == 0 || core.IsAnyNilOrZero(req.Date) { + if core.IsAnyNilOrZero(req.Serial, req.IssuerID, req.Date) { return nil, errIncompleteRequest } @@ -1016,8 +1011,7 @@ func (ssa *SQLStorageAuthority) RevokeCertificate(ctx context.Context, req *sapb // cert is already revoked, if the new revocation reason is `KeyCompromise`, // and if the revokedDate is identical to the current revokedDate. func (ssa *SQLStorageAuthority) UpdateRevokedCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if req.Serial == "" || req.IssuerID == 0 || core.IsAnyNilOrZero(req.Date, req.Backdate) { + if core.IsAnyNilOrZero(req.Serial, req.IssuerID, req.Date, req.Backdate) { return nil, errIncompleteRequest } if req.Reason != ocsp.KeyCompromise { diff --git a/sa/saro.go b/sa/saro.go index 129b07daacc..6860cb9657a 100644 --- a/sa/saro.go +++ b/sa/saro.go @@ -220,8 +220,7 @@ func ipRange(ip net.IP) (net.IP, net.IP) { // issued for any of the domains during the provided range of time. Queries will // be run in parallel. If any of them error, only one error will be returned. func (ssa *SQLStorageAuthorityRO) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if len(req.DnsNames) == 0 || core.IsAnyNilOrZero(req.Range.Earliest, req.Range.Latest) { + if core.IsAnyNilOrZero(req.DnsNames, req.Range.Earliest, req.Range.Latest) { return nil, errIncompleteRequest } @@ -424,8 +423,7 @@ func (ssa *SQLStorageAuthorityRO) GetRevocationStatus(ctx context.Context, req * } func (ssa *SQLStorageAuthorityRO) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if req.AccountID == 0 || core.IsAnyNilOrZero(req.Range.Earliest, req.Range.Latest) { + if core.IsAnyNilOrZero(req.AccountID, req.Range.Earliest, req.Range.Latest) { return nil, errIncompleteRequest } @@ -854,8 +852,7 @@ func (ssa *SQLStorageAuthorityRO) GetValidOrderAuthorizations2(ctx context.Conte // CountInvalidAuthorizations2 counts invalid authorizations for a user expiring // in a given time range. This method only supports DNS identifier types. func (ssa *SQLStorageAuthorityRO) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if req.RegistrationID == 0 || req.DnsName == "" || core.IsAnyNilOrZero(req.Range.Earliest, req.Range.Latest) { + if core.IsAnyNilOrZero(req.RegistrationID, req.DnsName, req.Range.Earliest, req.Range.Latest) { return nil, errIncompleteRequest } diff --git a/wfe2/wfe.go b/wfe2/wfe.go index a41472e54ce..7c6a3e4d475 100644 --- a/wfe2/wfe.go +++ b/wfe2/wfe.go @@ -1119,8 +1119,7 @@ func (wfe *WebFrontEndImpl) Challenge( } // Ensure gRPC response is complete. - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if authzPB.Id == "" || authzPB.DnsName == "" || authzPB.Status == "" || core.IsAnyNilOrZero(authzPB.Expires) { + if core.IsAnyNilOrZero(authzPB.Id, authzPB.DnsName, authzPB.Status, authzPB.Expires) { wfe.sendError(response, logEvent, probs.ServerInternal("Problem getting authorization"), errIncompleteGRPCResponse) return } @@ -1322,8 +1321,7 @@ func (wfe *WebFrontEndImpl) postChallenge( Authz: authzPB, ChallengeIndex: int64(challengeIndex), }) - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if err != nil || authzPB == nil || authzPB.Id == "" || authzPB.DnsName == "" || authzPB.Status == "" || core.IsAnyNilOrZero(authzPB.Expires) { + if err != nil || core.IsAnyNilOrZero(authzPB, authzPB.Id, authzPB.DnsName, authzPB.Status, authzPB.Expires) { wfe.sendError(response, logEvent, web.ProblemDetailsForError(err, "Unable to update challenge"), err) return } @@ -1565,8 +1563,7 @@ func (wfe *WebFrontEndImpl) Authorization( } // Ensure gRPC response is complete. - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if authzPB.Id == "" || authzPB.DnsName == "" || authzPB.Status == "" || core.IsAnyNilOrZero(authzPB.Expires) { + if core.IsAnyNilOrZero(authzPB.Id, authzPB.DnsName, authzPB.Status, authzPB.Expires) { wfe.sendError(response, logEvent, probs.ServerInternal("Problem getting authorization"), errIncompleteGRPCResponse) return } @@ -2403,8 +2400,7 @@ func (wfe *WebFrontEndImpl) NewOrder( IsARIRenewal: isARIRenewal, IsRenewal: isRenewal, }) - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if err != nil || order == nil || order.Id == 0 || order.RegistrationID == 0 || len(order.DnsNames) == 0 || core.IsAnyNilOrZero(order.Created, order.Expires) { + if err != nil || core.IsAnyNilOrZero(order, order.Id, order.RegistrationID, order.DnsNames, order.Created, order.Expires) { wfe.sendError(response, logEvent, web.ProblemDetailsForError(err, "Error creating new order"), err) if errors.Is(err, berrors.RateLimit) { // Request was denied by a legacy rate limit. In this error case we @@ -2474,8 +2470,7 @@ func (wfe *WebFrontEndImpl) GetOrder(ctx context.Context, logEvent *web.RequestE return } - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if order.Id == 0 || order.Status == "" || order.RegistrationID == 0 || len(order.DnsNames) == 0 || core.IsAnyNilOrZero(order.Created, order.Expires) { + if core.IsAnyNilOrZero(order.Id, order.Status, order.RegistrationID, order.DnsNames, order.Created, order.Expires) { wfe.sendError(response, logEvent, probs.ServerInternal(fmt.Sprintf("Failed to retrieve order for ID %d", orderID)), errIncompleteGRPCResponse) return } @@ -2555,8 +2550,7 @@ func (wfe *WebFrontEndImpl) FinalizeOrder(ctx context.Context, logEvent *web.Req return } - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if order.Id == 0 || order.Status == "" || order.RegistrationID == 0 || len(order.DnsNames) == 0 || core.IsAnyNilOrZero(order.Created, order.Expires) { + if core.IsAnyNilOrZero(order.Id, order.Status, order.RegistrationID, order.DnsNames, order.Created, order.Expires) { wfe.sendError(response, logEvent, probs.ServerInternal(fmt.Sprintf("Failed to retrieve order for ID %d", orderID)), errIncompleteGRPCResponse) return } @@ -2613,8 +2607,7 @@ func (wfe *WebFrontEndImpl) FinalizeOrder(ctx context.Context, logEvent *web.Req wfe.sendError(response, logEvent, web.ProblemDetailsForError(err, "Error finalizing order"), err) return } - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if updatedOrder == nil || order.Id == 0 || order.RegistrationID == 0 || len(order.DnsNames) == 0 || core.IsAnyNilOrZero(order.Created, order.Expires) { + if core.IsAnyNilOrZero(order.Id, order.RegistrationID, order.DnsNames, order.Created, order.Expires) { wfe.sendError(response, logEvent, web.ProblemDetailsForError(err, "Error validating order"), errIncompleteGRPCResponse) return } From 546625041a8a6cea0799d30936da2a41f6dbaaf6 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 9 Jan 2025 11:03:51 -0800 Subject: [PATCH 08/14] tools: use simpler packaging by default (#7928) Feedback from SRE was to just go straight to the new packaging. Also, fix the Architecture field of the .deb to be amd64 (Debian requires this specific value), and check that we are building on x86_64 OR amd64. --- tools/make-assets.sh | 44 +++++++++++++------------------------------- 1 file changed, 13 insertions(+), 31 deletions(-) diff --git a/tools/make-assets.sh b/tools/make-assets.sh index 67c0c03b378..ff1c4e10439 100755 --- a/tools/make-assets.sh +++ b/tools/make-assets.sh @@ -1,22 +1,19 @@ #!/usr/bin/env bash # -# This script expects to run on Ubuntu. It installs the dependencies necessary -# to build Boulder and produce a Debian Package. The actual build and packaging -# is handled by a call to Make. +# Build Boulder and produce a .deb and a .tar.gz. +# +# This script expects to run on Ubuntu, as configured on GitHub Actions runners +# (with curl, make, and git installed). # - # -e Stops execution in the instance of a command or pipeline error. # -u Treat unset variables as an error and exit immediately. set -eu -# -# Setup Dependencies -# - -sudo apt-get install -y --no-install-recommends \ - ruby \ - ruby-dev \ - gcc +ARCH="$(uname -m)" +if [ "${ARCH}" != "x86_64" && "${ARCH}" != "amd64" ]; then + echo "Expected ARCH=x86_64 or amd64, got ${ARCH}" + exit 1 +fi # Download and unpack our production go version. Ensure that $GO_VERSION is # already set in the environment (e.g. by the github actions release workflow). @@ -24,31 +21,16 @@ $(dirname -- "${0}")/fetch-and-verify-go.sh "${GO_VERSION}" sudo tar -C /usr/local -xzf go.tar.gz export PATH=/usr/local/go/bin:$PATH -# Install fpm. This is used in our Makefile to package Boulder as a deb. -# We install specific versions of some dependencies because these are the last versions -# supported by the Ruby / RubyGems that ships on ubuntu-20.04, which this script runs on in CI. -sudo gem install --no-document -v 1.8.0 rchardet -sudo gem install --no-document -v 5.1.1 public_suffix -sudo gem install --no-document -v 2.8.1 dotenv -sudo gem install --no-document -v 1.14.0 fpm - # # Build # -# Set $ARCHIVEDIR to our current directory. If left unset our Makefile will set -# it to /tmp. -export ARCHIVEDIR="${PWD}" - # Set $VERSION to be a simulacrum of what is set in other build environments. -export VERSION="${GO_VERSION}.$(date +%s)" +VERSION="${GO_VERSION}.$(date +%s)" # Build Boulder. make -# Produce a .deb and a tar.gz file in $PWD. -make deb tar - # Produce a .deb and .tar.gz in $PWD without using `make` or `fpm`. The # resulting files will be named `boulder-newpkg-*`. Eventually this code # will be used to produce the regular `boulder-*` packages. @@ -77,7 +59,7 @@ Package: boulder Version: 1:${VERSION} License: Mozilla Public License v2.0 Vendor: ISRG -Architecture: arm64 +Architecture: amd64 Maintainer: Community Section: default Priority: extra @@ -85,5 +67,5 @@ Homepage: https://github.com/letsencrypt/boulder Description: Boulder is an ACME-compatible X.509 Certificate Authority EOF -dpkg-deb -Zgzip -b "${BUILD}" "${ARCHIVEDIR}/boulder-newpkg-${VERSION}-${COMMIT_ID}.x86_64.deb" -tar -C "${TARGET}" -cpzf "${ARCHIVEDIR}/boulder-newpkg-${VERSION}-${COMMIT_ID}.amd64.tar.gz" . +dpkg-deb -Zgzip -b "${BUILD}" "./boulder-${VERSION}-${COMMIT_ID}.x86_64.deb" +tar -C "${TARGET}" -cpzf "./boulder-${VERSION}-${COMMIT_ID}.amd64.tar.gz" . From 5e5c9968518ab33649fc35a9f125820b1ab8a47b Mon Sep 17 00:00:00 2001 From: James Renken Date: Thu, 9 Jan 2025 22:19:25 -0800 Subject: [PATCH 09/14] Clean up var names & restore test case --- sa/sa_test.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sa/sa_test.go b/sa/sa_test.go index 2ac2d6ad69a..8b16ea8a9bb 100644 --- a/sa/sa_test.go +++ b/sa/sa_test.go @@ -214,13 +214,16 @@ func TestAddRegistration(t *testing.T) { test.AssertByteEquals(t, dbReg.Key, jwkJSON) test.AssertDeepEquals(t, dbReg.CreatedAt.AsTime(), createdAt) - newReg := &sapb.UpdateRegistrationContactRequest{ + regUpdate := &sapb.UpdateRegistrationContactRequest{ RegistrationID: reg.Id, Contacts: []string{"test.com"}, } - _, err = sa.UpdateRegistrationContact(ctx, newReg) + newReg, err := sa.UpdateRegistrationContact(ctx, regUpdate) test.AssertNotError(t, err, fmt.Sprintf("Couldn't update registration with ID %v", reg.Id)) + test.AssertEquals(t, dbReg.Id, newReg.Id) + test.AssertEquals(t, dbReg.Agreement, newReg.Agreement) + _, err = sa.GetRegistrationByKey(ctx, &sapb.JSONWebKey{Jwk: jwkJSON}) test.AssertNotError(t, err, "Couldn't get registration by key") From 03742ae006e279e9ba5e825e4b950f05e6a20971 Mon Sep 17 00:00:00 2001 From: James Renken Date: Fri, 10 Jan 2025 21:24:55 -0800 Subject: [PATCH 10/14] ra: Don't expect or validate contactsPresent --- ra/ra.go | 27 +++----------------- ra/ra_test.go | 68 --------------------------------------------------- 2 files changed, 4 insertions(+), 91 deletions(-) diff --git a/ra/ra.go b/ra/ra.go index 050e95f0272..cd064bda0f9 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -381,10 +381,6 @@ func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, reques } // Check that contacts conform to our expectations. - err = validateContactsPresent(request.Contact, request.ContactsPresent) - if err != nil { - return nil, err - } err = ra.validateContacts(request.Contact) if err != nil { return nil, err @@ -392,11 +388,10 @@ func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, reques // Don't populate ID or CreatedAt because those will be set by the SA. req := &corepb.Registration{ - Key: request.Key, - Contact: request.Contact, - ContactsPresent: request.ContactsPresent, - Agreement: request.Agreement, - Status: string(core.StatusValid), + Key: request.Key, + Contact: request.Contact, + Agreement: request.Agreement, + Status: string(core.StatusValid), } // Store the registration object, then return the version that got stored. @@ -2314,20 +2309,6 @@ func wildcardOverlap(dnsNames []string) error { return nil } -// validateContactsPresent will return an error if the contacts []string -// len is greater than zero and the contactsPresent bool is false. We -// don't care about any other cases. If the length of the contacts is zero -// and contactsPresent is true, it seems like a mismatch but we have to -// assume that the client is requesting to update the contacts field with -// by removing the existing contacts value so we don't want to return an -// error here. -func validateContactsPresent(contacts []string, contactsPresent bool) error { - if len(contacts) > 0 && !contactsPresent { - return berrors.InternalServerError("account contacts present but contactsPresent false") - } - return nil -} - // UnpauseAccount receives a validated account unpause request from the SFE and // instructs the SA to unpause that account. If the account cannot be unpaused, // an error is returned. diff --git a/ra/ra_test.go b/ra/ra_test.go index 66aa603a56e..98832a05648 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -258,14 +258,6 @@ var ( var ctx = context.Background() -func newAcctKey(t *testing.T) []byte { - key, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - jwk := &jose.JSONWebKey{Key: key.Public()} - acctKey, err := jwk.MarshalJSON() - test.AssertNotError(t, err, "failed to marshal account key") - return acctKey -} - func initAuthorities(t *testing.T) (*DummyValidationAuthority, sapb.StorageAuthorityClient, *RegistrationAuthorityImpl, ratelimits.Source, clock.FakeClock, func()) { err := json.Unmarshal(AccountKeyJSONA, &AccountKeyA) test.AssertNotError(t, err, "Failed to unmarshal public JWK") @@ -464,66 +456,6 @@ func TestNewRegistration(t *testing.T) { test.AssertByteEquals(t, reg.Key, acctKeyB) } -func TestNewRegistrationContactsPresent(t *testing.T) { - _, _, ra, _, _, cleanUp := initAuthorities(t) - defer cleanUp() - testCases := []struct { - Name string - Reg *corepb.Registration - ExpectedErr error - }{ - { - Name: "No contacts provided by client ContactsPresent false", - Reg: &corepb.Registration{ - Key: newAcctKey(t), - }, - ExpectedErr: nil, - }, - { - Name: "Empty contact provided by client ContactsPresent true", - Reg: &corepb.Registration{ - Contact: []string{}, - ContactsPresent: true, - Key: newAcctKey(t), - }, - ExpectedErr: nil, - }, - { - Name: "Valid contact provided by client ContactsPresent true", - Reg: &corepb.Registration{ - Contact: []string{"mailto:foo@letsencrypt.org"}, - ContactsPresent: true, - Key: newAcctKey(t), - }, - ExpectedErr: nil, - }, - { - Name: "Valid contact provided by client ContactsPresent false", - Reg: &corepb.Registration{ - Contact: []string{"mailto:foo@letsencrypt.org"}, - ContactsPresent: false, - Key: newAcctKey(t), - }, - ExpectedErr: fmt.Errorf("account contacts present but contactsPresent false"), - }, - } - // For each test case we check that the NewRegistration works as - // intended with variations of Contact and ContactsPresent fields - for _, tc := range testCases { - t.Run(tc.Name, func(t *testing.T) { - // Create new registration - _, err := ra.NewRegistration(ctx, tc.Reg) - // Check error output - if tc.ExpectedErr == nil { - test.AssertNotError(t, err, "expected no error for NewRegistration") - } else { - test.AssertError(t, err, "expected error for NewRegistration") - test.AssertEquals(t, err.Error(), tc.ExpectedErr.Error()) - } - }) - } -} - type mockSAFailsNewRegistration struct { sapb.StorageAuthorityClient } From c67006e5857e269ccf060732bbb636858dcf26ff Mon Sep 17 00:00:00 2001 From: James Renken Date: Fri, 10 Jan 2025 21:44:06 -0800 Subject: [PATCH 11/14] Remove contactsPresent dependency in PbToRegistration --- grpc/pb-marshalling.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/grpc/pb-marshalling.go b/grpc/pb-marshalling.go index c62a5e1417d..10baedc6fa2 100644 --- a/grpc/pb-marshalling.go +++ b/grpc/pb-marshalling.go @@ -8,6 +8,7 @@ package grpc import ( "fmt" "net" + "reflect" "time" "github.com/go-jose/go-jose/v4" @@ -263,15 +264,13 @@ func PbToRegistration(pb *corepb.Registration) (core.Registration, error) { createdAt = &c } var contacts *[]string - if pb.ContactsPresent { + if !reflect.DeepEqual(pb.Contact, []string{}) { if len(pb.Contact) != 0 { contacts = &pb.Contact } else { // When gRPC creates an empty slice it is actually a nil slice. Since // certain things boulder uses, like encoding/json, differentiate between - // these we need to de-nil these slices. Without this we are unable to - // properly do registration updates as contacts would always be removed - // as we use the difference between a nil and empty slice in ra.mergeUpdate. + // these we need to de-nil these slices. empty := []string{} contacts = &empty } From 975873af2a14c319d10229baaa99f6e42138fdf8 Mon Sep 17 00:00:00 2001 From: James Renken Date: Mon, 13 Jan 2025 10:31:32 -0800 Subject: [PATCH 12/14] Remove contactsPresent conditional entirely --- grpc/pb-marshalling.go | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/grpc/pb-marshalling.go b/grpc/pb-marshalling.go index 10baedc6fa2..f9b72348162 100644 --- a/grpc/pb-marshalling.go +++ b/grpc/pb-marshalling.go @@ -8,7 +8,6 @@ package grpc import ( "fmt" "net" - "reflect" "time" "github.com/go-jose/go-jose/v4" @@ -263,22 +262,10 @@ func PbToRegistration(pb *corepb.Registration) (core.Registration, error) { c := pb.CreatedAt.AsTime() createdAt = &c } - var contacts *[]string - if !reflect.DeepEqual(pb.Contact, []string{}) { - if len(pb.Contact) != 0 { - contacts = &pb.Contact - } else { - // When gRPC creates an empty slice it is actually a nil slice. Since - // certain things boulder uses, like encoding/json, differentiate between - // these we need to de-nil these slices. - empty := []string{} - contacts = &empty - } - } return core.Registration{ ID: pb.Id, Key: &key, - Contact: contacts, + Contact: &pb.Contact, Agreement: pb.Agreement, CreatedAt: createdAt, Status: core.AcmeStatus(pb.Status), From 8ae19f112d806d863aefe73c53cddefe26424806 Mon Sep 17 00:00:00 2001 From: James Renken Date: Mon, 13 Jan 2025 10:46:42 -0800 Subject: [PATCH 13/14] Empty contacts should now always be nil --- grpc/pb-marshalling.go | 6 +++++- grpc/pb-marshalling_test.go | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/grpc/pb-marshalling.go b/grpc/pb-marshalling.go index f9b72348162..c1bedd42357 100644 --- a/grpc/pb-marshalling.go +++ b/grpc/pb-marshalling.go @@ -262,10 +262,14 @@ func PbToRegistration(pb *corepb.Registration) (core.Registration, error) { c := pb.CreatedAt.AsTime() createdAt = &c } + var contacts *[]string + if len(pb.Contact) != 0 { + contacts = &pb.Contact + } return core.Registration{ ID: pb.Id, Key: &key, - Contact: &pb.Contact, + Contact: contacts, Agreement: pb.Agreement, CreatedAt: createdAt, Status: core.AcmeStatus(pb.Status), diff --git a/grpc/pb-marshalling_test.go b/grpc/pb-marshalling_test.go index 73ceff2b331..3273eeab33d 100644 --- a/grpc/pb-marshalling_test.go +++ b/grpc/pb-marshalling_test.go @@ -206,7 +206,9 @@ func TestRegistration(t *testing.T) { test.AssertNotError(t, err, "registrationToPB failed") outReg, err = PbToRegistration(pbReg) test.AssertNotError(t, err, "PbToRegistration failed") - test.Assert(t, *outReg.Contact != nil, "Empty slice was converted to a nil slice") + if outReg.Contact != nil { + t.Errorf("Empty contacts should be a nil slice") + } inRegNilCreatedAt := core.Registration{ ID: 1, From d139916396a5f761df675af13aac93826287f0b7 Mon Sep 17 00:00:00 2001 From: James Renken Date: Tue, 14 Jan 2025 14:16:56 -0800 Subject: [PATCH 14/14] Oops, another merge oops --- sa/sa_test.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/sa/sa_test.go b/sa/sa_test.go index d94737ba1df..27015e27a0f 100644 --- a/sa/sa_test.go +++ b/sa/sa_test.go @@ -227,9 +227,6 @@ func TestAddRegistration(t *testing.T) { test.AssertEquals(t, dbReg.Id, newReg.Id) test.AssertEquals(t, dbReg.Agreement, newReg.Agreement) - _, err = sa.GetRegistrationByKey(ctx, &sapb.JSONWebKey{Jwk: jwkJSON}) - test.AssertNotError(t, err, "Couldn't get registration by key") - anotherKey := `{ "kty":"RSA", "n": "vd7rZIoTLEe-z1_8G1FcXSw9CQFEJgV4g9V277sER7yx5Qjz_Pkf2YVth6wwwFJEmzc0hoKY-MMYFNwBE4hQHw",