diff --git a/fulcio.proto b/fulcio.proto index 029f5cc71..cbe02e314 100644 --- a/fulcio.proto +++ b/fulcio.proto @@ -49,24 +49,21 @@ message CreateSigningCertificateRequest { * Identity information about who possesses the private / public key pair presented */ Credentials credentials = 1 [(google.api.field_behavior) = REQUIRED]; - /* - * The public key to be stored in the requested certificate - */ - PublicKey public_key = 2 [(google.api.field_behavior) = OPTIONAL]; - /* - * Proof that the client possesses the private key; must be verifiable by provided public key - * - * This is a currently a signature over the `sub` claim from the OIDC identity token - */ - bytes proof_of_possession = 3 [(google.api.field_behavior) = OPTIONAL]; - /* - * PKCS#10 encoded certificate signing request - * - * Contains the public key to be stored in the requested certificate. All other CSR fields - * are ignored. Since the CSR is self-signed, it also acts as a proof of posession of - * the private key. - */ - bytes certificate_signing_request = 4 [(google.api.field_behavior) = OPTIONAL]; + oneof key { + /* + * The public key to be stored in the requested certificate along with a signed + * challenge as proof of possession of the private key. + */ + PublicKeyRequest public_key_request = 2 [(google.api.field_behavior) = REQUIRED]; + /* + * PKCS#10 encoded certificate signing request + * + * Contains the public key to be stored in the requested certificate. All other CSR fields + * are ignored. Since the CSR is self-signed, it also acts as a proof of posession of + * the private key. + */ + bytes certificate_signing_request = 3 [(google.api.field_behavior) = REQUIRED]; + } } message Credentials { @@ -78,6 +75,19 @@ message Credentials { } } +message PublicKeyRequest { + /* + * The public key to be stored in the requested certificate + */ + PublicKey public_key = 1 [(google.api.field_behavior) = REQUIRED]; + /* + * Proof that the client possesses the private key; must be verifiable by provided public key + * + * This is a currently a signature over the `sub` claim from the OIDC identity token + */ + bytes proof_of_possession = 2 [(google.api.field_behavior) = REQUIRED]; +} + message PublicKey { /* * The cryptographic algorithm to use with the key material diff --git a/pkg/api/grpc_server.go b/pkg/api/grpc_server.go index 968ab6a09..af6b6f410 100644 --- a/pkg/api/grpc_server.go +++ b/pkg/api/grpc_server.go @@ -20,7 +20,6 @@ import ( "crypto/x509" "encoding/base64" "encoding/json" - "errors" "fmt" "strings" @@ -76,14 +75,10 @@ func (g *grpcCAServer) CreateSigningCertificate(ctx context.Context, request *fu return nil, handleFulcioGRPCError(ctx, codes.Unauthenticated, err, invalidCredentials) } - if request.PublicKey == nil && len(request.CertificateSigningRequest) == 0 { - return nil, handleFulcioGRPCError(ctx, codes.InvalidArgument, errors.New("public key not provided"), invalidPublicKey) - } - // optionally parse CSR var csr *x509.CertificateRequest - if len(request.CertificateSigningRequest) > 0 { - csr, err = challenges.ParseCSR(request.CertificateSigningRequest) + if len(request.GetCertificateSigningRequest()) > 0 { + csr, err = challenges.ParseCSR(request.GetCertificateSigningRequest()) if err != nil { return nil, handleFulcioGRPCError(ctx, codes.InvalidArgument, err, invalidCSR) } @@ -91,8 +86,12 @@ func (g *grpcCAServer) CreateSigningCertificate(ctx context.Context, request *fu // fetch public key from request or CSR var pubKeyContent string - if request.PublicKey != nil { - pubKeyContent = request.PublicKey.Content + var proofOfPossession []byte + if request.GetPublicKeyRequest() != nil { + if request.GetPublicKeyRequest().PublicKey != nil { + pubKeyContent = request.GetPublicKeyRequest().PublicKey.Content + } + proofOfPossession = request.GetPublicKeyRequest().ProofOfPossession } publicKey, err := challenges.ParsePublicKey(pubKeyContent, csr) if err != nil { @@ -105,7 +104,7 @@ func (g *grpcCAServer) CreateSigningCertificate(ctx context.Context, request *fu } // verify challenge - subject, err := challenges.ExtractSubject(ctx, principal, publicKey, csr, request.ProofOfPossession) + subject, err := challenges.ExtractSubject(ctx, principal, publicKey, csr, proofOfPossession) if err != nil { return nil, handleFulcioGRPCError(ctx, codes.InvalidArgument, err, invalidSignature) } diff --git a/pkg/api/grpc_server_test.go b/pkg/api/grpc_server_test.go index 310b8402e..4686abe5a 100644 --- a/pkg/api/grpc_server_test.go +++ b/pkg/api/grpc_server_test.go @@ -256,10 +256,14 @@ func TestAPIWithEmail(t *testing.T) { OidcIdentityToken: tok, }, }, - PublicKey: &protobuf.PublicKey{ - Content: pubBytes, + Key: &protobuf.CreateSigningCertificateRequest_PublicKeyRequest{ + PublicKeyRequest: &protobuf.PublicKeyRequest{ + PublicKey: &protobuf.PublicKey{ + Content: pubBytes, + }, + ProofOfPossession: proof, + }, }, - ProofOfPossession: proof, }) if err != nil { t.Fatalf("SigningCert() = %v", err) @@ -345,10 +349,14 @@ func TestAPIWithUriSubject(t *testing.T) { OidcIdentityToken: tok, }, }, - PublicKey: &protobuf.PublicKey{ - Content: pubBytes, + Key: &protobuf.CreateSigningCertificateRequest_PublicKeyRequest{ + PublicKeyRequest: &protobuf.PublicKeyRequest{ + PublicKey: &protobuf.PublicKey{ + Content: pubBytes, + }, + ProofOfPossession: proof, + }, }, - ProofOfPossession: proof, }) if err != nil { t.Fatalf("SigningCert() = %v", err) @@ -435,10 +443,14 @@ func TestAPIWithKubernetes(t *testing.T) { OidcIdentityToken: tok, }, }, - PublicKey: &protobuf.PublicKey{ - Content: pubBytes, + Key: &protobuf.CreateSigningCertificateRequest_PublicKeyRequest{ + PublicKeyRequest: &protobuf.PublicKeyRequest{ + PublicKey: &protobuf.PublicKey{ + Content: pubBytes, + }, + ProofOfPossession: proof, + }, }, - ProofOfPossession: proof, }) if err != nil { t.Fatalf("SigningCert() = %v", err) @@ -528,10 +540,14 @@ func TestAPIWithGitHub(t *testing.T) { OidcIdentityToken: tok, }, }, - PublicKey: &protobuf.PublicKey{ - Content: pubBytes, + Key: &protobuf.CreateSigningCertificateRequest_PublicKeyRequest{ + PublicKeyRequest: &protobuf.PublicKeyRequest{ + PublicKey: &protobuf.PublicKey{ + Content: pubBytes, + }, + ProofOfPossession: proof, + }, }, - ProofOfPossession: proof, }) if err != nil { t.Fatalf("SigningCert() = %v", err) @@ -651,7 +667,9 @@ func TestAPIWithCSRChallenge(t *testing.T) { OidcIdentityToken: tok, }, }, - CertificateSigningRequest: pemCSR, + Key: &protobuf.CreateSigningCertificateRequest_CertificateSigningRequest{ + CertificateSigningRequest: pemCSR, + }, }) if err != nil { t.Fatalf("SigningCert() = %v", err) @@ -726,10 +744,14 @@ func TestAPIWithInsecurePublicKey(t *testing.T) { OidcIdentityToken: tok, }, }, - PublicKey: &protobuf.PublicKey{ - Content: string(cryptoutils.PEMEncode(cryptoutils.CertificatePEMType, pubBytes)), + Key: &protobuf.CreateSigningCertificateRequest_PublicKeyRequest{ + PublicKeyRequest: &protobuf.PublicKeyRequest{ + PublicKey: &protobuf.PublicKey{ + Content: string(cryptoutils.PEMEncode(cryptoutils.CertificatePEMType, pubBytes)), + }, + ProofOfPossession: []byte{}, + }, }, - ProofOfPossession: []byte{}, }) if err == nil || !strings.Contains(err.Error(), "The public key supplied in the request is insecure") { t.Fatalf("expected insecure public key error, got %v", err) @@ -781,12 +803,31 @@ func TestAPIWithoutPublicKey(t *testing.T) { client := protobuf.NewCAClient(conn) + // Test with no key proto specified + _, err = client.CreateSigningCertificate(ctx, &protobuf.CreateSigningCertificateRequest{ + Credentials: &protobuf.Credentials{ + Credentials: &protobuf.Credentials_OidcIdentityToken{ + OidcIdentityToken: tok, + }, + }, + }) + if err == nil || !strings.Contains(err.Error(), "The public key supplied in the request could not be parsed") { + t.Fatalf("expected parsing public key error, got %v", err) + } + if status.Code(err) != codes.InvalidArgument { + t.Fatalf("expected invalid argument, got %v", status.Code(err)) + } + + // Test with no public key specified _, err = client.CreateSigningCertificate(ctx, &protobuf.CreateSigningCertificateRequest{ Credentials: &protobuf.Credentials{ Credentials: &protobuf.Credentials_OidcIdentityToken{ OidcIdentityToken: tok, }, }, + Key: &protobuf.CreateSigningCertificateRequest_PublicKeyRequest{ + PublicKeyRequest: &protobuf.PublicKeyRequest{}, + }, }) if err == nil || !strings.Contains(err.Error(), "The public key supplied in the request could not be parsed") { t.Fatalf("expected parsing public key error, got %v", err) @@ -847,10 +888,14 @@ func TestAPIWithInvalidChallenge(t *testing.T) { OidcIdentityToken: tok, }, }, - PublicKey: &protobuf.PublicKey{ - Content: pubBytes, + Key: &protobuf.CreateSigningCertificateRequest_PublicKeyRequest{ + PublicKeyRequest: &protobuf.PublicKeyRequest{ + PublicKey: &protobuf.PublicKey{ + Content: pubBytes, + }, + ProofOfPossession: invalidProof, + }, }, - ProofOfPossession: invalidProof, }) if err == nil || !strings.Contains(err.Error(), "The signature supplied in the request could not be verified") { t.Fatalf("expected invalid signature error, got %v", err) @@ -860,6 +905,67 @@ func TestAPIWithInvalidChallenge(t *testing.T) { } } +// Tests API with an invalid CSR. +func TestAPIWithInvalidCSR(t *testing.T) { + emailSigner, emailIssuer := newOIDCIssuer(t) + + // Create a FulcioConfig that supports this issuer. + cfg, err := config.Read([]byte(fmt.Sprintf(`{ + "OIDCIssuers": { + %q: { + "IssuerURL": %q, + "ClientID": "sigstore", + "Type": "email" + } + } + }`, emailIssuer, emailIssuer))) + if err != nil { + t.Fatalf("config.Read() = %v", err) + } + + emailSubject := "foo@example.com" + + // Create an OIDC token using this issuer's signer. + tok, err := jwt.Signed(emailSigner).Claims(jwt.Claims{ + Issuer: emailIssuer, + IssuedAt: jwt.NewNumericDate(time.Now()), + Expiry: jwt.NewNumericDate(time.Now().Add(30 * time.Minute)), + Subject: emailSubject, + Audience: jwt.Audience{"sigstore"}, + }).Claims(customClaims{Email: emailSubject, EmailVerified: true}).CompactSerialize() + if err != nil { + t.Fatalf("CompactSerialize() = %v", err) + } + + ctClient, eca := createCA(cfg, t) + ctx := context.Background() + server, conn := setupGRPCForTest(ctx, t, cfg, ctClient, eca) + defer func() { + server.Stop() + conn.Close() + }() + + client := protobuf.NewCAClient(conn) + + _, err = client.CreateSigningCertificate(ctx, &protobuf.CreateSigningCertificateRequest{ + Credentials: &protobuf.Credentials{ + Credentials: &protobuf.Credentials_OidcIdentityToken{ + OidcIdentityToken: tok, + }, + }, + Key: &protobuf.CreateSigningCertificateRequest_CertificateSigningRequest{ + CertificateSigningRequest: []byte("invalid"), + }, + }) + + if err == nil || !strings.Contains(err.Error(), "The certificate signing request could not be parsed") { + t.Fatalf("expected invalid signature error, got %v", err) + } + if status.Code(err) != codes.InvalidArgument { + t.Fatalf("expected invalid argument, got %v", status.Code(err)) + } +} + // Tests API with unsigned CSR, which will fail signature verification. func TestAPIWithInvalidCSRSignature(t *testing.T) { emailSigner, emailIssuer := newOIDCIssuer(t) @@ -925,7 +1031,9 @@ func TestAPIWithInvalidCSRSignature(t *testing.T) { OidcIdentityToken: tok, }, }, - CertificateSigningRequest: pemCSR, + Key: &protobuf.CreateSigningCertificateRequest_CertificateSigningRequest{ + CertificateSigningRequest: pemCSR, + }, }) if err == nil || !strings.Contains(err.Error(), "The signature supplied in the request could not be verified") { diff --git a/pkg/api/legacy_server.go b/pkg/api/legacy_server.go index 9ad88ac0d..d419ab04c 100644 --- a/pkg/api/legacy_server.go +++ b/pkg/api/legacy_server.go @@ -65,10 +65,13 @@ func (l *legacyGRPCCAServer) CreateSigningCertificate(ctx context.Context, reque var v2Request fulciogrpc.CreateSigningCertificateRequest if len(request.CertificateSigningRequest) > 0 { - v2Request = fulciogrpc.CreateSigningCertificateRequest{ - Credentials: &creds, + key := fulciogrpc.CreateSigningCertificateRequest_CertificateSigningRequest{ CertificateSigningRequest: request.CertificateSigningRequest, //lint:ignore SA1019 this is valid because we're converting from v1beta to v1 API } + v2Request = fulciogrpc.CreateSigningCertificateRequest{ + Credentials: &creds, + Key: &key, + } } else { // the CSR and the public key have not been set if request.PublicKey == nil { @@ -79,13 +82,18 @@ func (l *legacyGRPCCAServer) CreateSigningCertificate(ctx context.Context, reque if !ok { algorithmEnum = int32(fulciogrpc.PublicKeyAlgorithm_PUBLIC_KEY_ALGORITHM_UNSPECIFIED) } + key := fulciogrpc.CreateSigningCertificateRequest_PublicKeyRequest{ + PublicKeyRequest: &fulciogrpc.PublicKeyRequest{ + PublicKey: &fulciogrpc.PublicKey{ + Algorithm: fulciogrpc.PublicKeyAlgorithm(algorithmEnum), + Content: string(request.PublicKey.Content), //lint:ignore SA1019 this is valid because we're converting from v1beta to v1 API + }, + ProofOfPossession: request.SignedEmailAddress, //lint:ignore SA1019 this is valid because we're converting from v1beta to v1 API, + }, + } v2Request = fulciogrpc.CreateSigningCertificateRequest{ Credentials: &creds, - PublicKey: &fulciogrpc.PublicKey{ - Algorithm: fulciogrpc.PublicKeyAlgorithm(algorithmEnum), - Content: string(request.PublicKey.Content), //lint:ignore SA1019 this is valid because we're converting from v1beta to v1 API - }, - ProofOfPossession: request.SignedEmailAddress, //lint:ignore SA1019 this is valid because we're converting from v1beta to v1 API + Key: &key, } } diff --git a/pkg/generated/protobuf/fulcio.pb.go b/pkg/generated/protobuf/fulcio.pb.go index dc9369795..2baf38fcd 100644 --- a/pkg/generated/protobuf/fulcio.pb.go +++ b/pkg/generated/protobuf/fulcio.pb.go @@ -96,21 +96,10 @@ type CreateSigningCertificateRequest struct { // // Identity information about who possesses the private / public key pair presented Credentials *Credentials `protobuf:"bytes,1,opt,name=credentials,proto3" json:"credentials,omitempty"` - // - // The public key to be stored in the requested certificate - PublicKey *PublicKey `protobuf:"bytes,2,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` - // - // Proof that the client possesses the private key; must be verifiable by provided public key - // - // This is a currently a signature over the `sub` claim from the OIDC identity token - ProofOfPossession []byte `protobuf:"bytes,3,opt,name=proof_of_possession,json=proofOfPossession,proto3" json:"proof_of_possession,omitempty"` - // - // PKCS#10 encoded certificate signing request - // - // Contains the public key to be stored in the requested certificate. All other CSR fields - // are ignored. Since the CSR is self-signed, it also acts as a proof of posession of - // the private key. - CertificateSigningRequest []byte `protobuf:"bytes,4,opt,name=certificate_signing_request,json=certificateSigningRequest,proto3" json:"certificate_signing_request,omitempty"` + // Types that are assignable to Key: + // *CreateSigningCertificateRequest_PublicKeyRequest + // *CreateSigningCertificateRequest_CertificateSigningRequest + Key isCreateSigningCertificateRequest_Key `protobuf_oneof:"key"` } func (x *CreateSigningCertificateRequest) Reset() { @@ -152,27 +141,53 @@ func (x *CreateSigningCertificateRequest) GetCredentials() *Credentials { return nil } -func (x *CreateSigningCertificateRequest) GetPublicKey() *PublicKey { - if x != nil { - return x.PublicKey +func (m *CreateSigningCertificateRequest) GetKey() isCreateSigningCertificateRequest_Key { + if m != nil { + return m.Key } return nil } -func (x *CreateSigningCertificateRequest) GetProofOfPossession() []byte { - if x != nil { - return x.ProofOfPossession +func (x *CreateSigningCertificateRequest) GetPublicKeyRequest() *PublicKeyRequest { + if x, ok := x.GetKey().(*CreateSigningCertificateRequest_PublicKeyRequest); ok { + return x.PublicKeyRequest } return nil } func (x *CreateSigningCertificateRequest) GetCertificateSigningRequest() []byte { - if x != nil { + if x, ok := x.GetKey().(*CreateSigningCertificateRequest_CertificateSigningRequest); ok { return x.CertificateSigningRequest } return nil } +type isCreateSigningCertificateRequest_Key interface { + isCreateSigningCertificateRequest_Key() +} + +type CreateSigningCertificateRequest_PublicKeyRequest struct { + // + // The public key to be stored in the requested certificate along with a signed + // challenge as proof of possession of the private key. + PublicKeyRequest *PublicKeyRequest `protobuf:"bytes,2,opt,name=public_key_request,json=publicKeyRequest,proto3,oneof"` +} + +type CreateSigningCertificateRequest_CertificateSigningRequest struct { + // + // PKCS#10 encoded certificate signing request + // + // Contains the public key to be stored in the requested certificate. All other CSR fields + // are ignored. Since the CSR is self-signed, it also acts as a proof of posession of + // the private key. + CertificateSigningRequest []byte `protobuf:"bytes,3,opt,name=certificate_signing_request,json=certificateSigningRequest,proto3,oneof"` +} + +func (*CreateSigningCertificateRequest_PublicKeyRequest) isCreateSigningCertificateRequest_Key() {} + +func (*CreateSigningCertificateRequest_CertificateSigningRequest) isCreateSigningCertificateRequest_Key() { +} + type Credentials struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -241,6 +256,67 @@ type Credentials_OidcIdentityToken struct { func (*Credentials_OidcIdentityToken) isCredentials_Credentials() {} +type PublicKeyRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // + // The public key to be stored in the requested certificate + PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + // + // Proof that the client possesses the private key; must be verifiable by provided public key + // + // This is a currently a signature over the `sub` claim from the OIDC identity token + ProofOfPossession []byte `protobuf:"bytes,2,opt,name=proof_of_possession,json=proofOfPossession,proto3" json:"proof_of_possession,omitempty"` +} + +func (x *PublicKeyRequest) Reset() { + *x = PublicKeyRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_fulcio_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PublicKeyRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PublicKeyRequest) ProtoMessage() {} + +func (x *PublicKeyRequest) ProtoReflect() protoreflect.Message { + mi := &file_fulcio_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PublicKeyRequest.ProtoReflect.Descriptor instead. +func (*PublicKeyRequest) Descriptor() ([]byte, []int) { + return file_fulcio_proto_rawDescGZIP(), []int{2} +} + +func (x *PublicKeyRequest) GetPublicKey() *PublicKey { + if x != nil { + return x.PublicKey + } + return nil +} + +func (x *PublicKeyRequest) GetProofOfPossession() []byte { + if x != nil { + return x.ProofOfPossession + } + return nil +} + type PublicKey struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -257,7 +333,7 @@ type PublicKey struct { func (x *PublicKey) Reset() { *x = PublicKey{} if protoimpl.UnsafeEnabled { - mi := &file_fulcio_proto_msgTypes[2] + mi := &file_fulcio_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -270,7 +346,7 @@ func (x *PublicKey) String() string { func (*PublicKey) ProtoMessage() {} func (x *PublicKey) ProtoReflect() protoreflect.Message { - mi := &file_fulcio_proto_msgTypes[2] + mi := &file_fulcio_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -283,7 +359,7 @@ func (x *PublicKey) ProtoReflect() protoreflect.Message { // Deprecated: Use PublicKey.ProtoReflect.Descriptor instead. func (*PublicKey) Descriptor() ([]byte, []int) { - return file_fulcio_proto_rawDescGZIP(), []int{2} + return file_fulcio_proto_rawDescGZIP(), []int{3} } func (x *PublicKey) GetAlgorithm() PublicKeyAlgorithm { @@ -314,7 +390,7 @@ type SigningCertificate struct { func (x *SigningCertificate) Reset() { *x = SigningCertificate{} if protoimpl.UnsafeEnabled { - mi := &file_fulcio_proto_msgTypes[3] + mi := &file_fulcio_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -327,7 +403,7 @@ func (x *SigningCertificate) String() string { func (*SigningCertificate) ProtoMessage() {} func (x *SigningCertificate) ProtoReflect() protoreflect.Message { - mi := &file_fulcio_proto_msgTypes[3] + mi := &file_fulcio_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -340,7 +416,7 @@ func (x *SigningCertificate) ProtoReflect() protoreflect.Message { // Deprecated: Use SigningCertificate.ProtoReflect.Descriptor instead. func (*SigningCertificate) Descriptor() ([]byte, []int) { - return file_fulcio_proto_rawDescGZIP(), []int{3} + return file_fulcio_proto_rawDescGZIP(), []int{4} } func (m *SigningCertificate) GetCertificate() isSigningCertificate_Certificate { @@ -403,7 +479,7 @@ type SigningCertificateDetachedSCT struct { func (x *SigningCertificateDetachedSCT) Reset() { *x = SigningCertificateDetachedSCT{} if protoimpl.UnsafeEnabled { - mi := &file_fulcio_proto_msgTypes[4] + mi := &file_fulcio_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -416,7 +492,7 @@ func (x *SigningCertificateDetachedSCT) String() string { func (*SigningCertificateDetachedSCT) ProtoMessage() {} func (x *SigningCertificateDetachedSCT) ProtoReflect() protoreflect.Message { - mi := &file_fulcio_proto_msgTypes[4] + mi := &file_fulcio_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -429,7 +505,7 @@ func (x *SigningCertificateDetachedSCT) ProtoReflect() protoreflect.Message { // Deprecated: Use SigningCertificateDetachedSCT.ProtoReflect.Descriptor instead. func (*SigningCertificateDetachedSCT) Descriptor() ([]byte, []int) { - return file_fulcio_proto_rawDescGZIP(), []int{4} + return file_fulcio_proto_rawDescGZIP(), []int{5} } func (x *SigningCertificateDetachedSCT) GetChain() *CertificateChain { @@ -462,7 +538,7 @@ type SigningCertificateEmbeddedSCT struct { func (x *SigningCertificateEmbeddedSCT) Reset() { *x = SigningCertificateEmbeddedSCT{} if protoimpl.UnsafeEnabled { - mi := &file_fulcio_proto_msgTypes[5] + mi := &file_fulcio_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -475,7 +551,7 @@ func (x *SigningCertificateEmbeddedSCT) String() string { func (*SigningCertificateEmbeddedSCT) ProtoMessage() {} func (x *SigningCertificateEmbeddedSCT) ProtoReflect() protoreflect.Message { - mi := &file_fulcio_proto_msgTypes[5] + mi := &file_fulcio_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -488,7 +564,7 @@ func (x *SigningCertificateEmbeddedSCT) ProtoReflect() protoreflect.Message { // Deprecated: Use SigningCertificateEmbeddedSCT.ProtoReflect.Descriptor instead. func (*SigningCertificateEmbeddedSCT) Descriptor() ([]byte, []int) { - return file_fulcio_proto_rawDescGZIP(), []int{5} + return file_fulcio_proto_rawDescGZIP(), []int{6} } func (x *SigningCertificateEmbeddedSCT) GetChain() *CertificateChain { @@ -508,7 +584,7 @@ type GetTrustBundleRequest struct { func (x *GetTrustBundleRequest) Reset() { *x = GetTrustBundleRequest{} if protoimpl.UnsafeEnabled { - mi := &file_fulcio_proto_msgTypes[6] + mi := &file_fulcio_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -521,7 +597,7 @@ func (x *GetTrustBundleRequest) String() string { func (*GetTrustBundleRequest) ProtoMessage() {} func (x *GetTrustBundleRequest) ProtoReflect() protoreflect.Message { - mi := &file_fulcio_proto_msgTypes[6] + mi := &file_fulcio_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -534,7 +610,7 @@ func (x *GetTrustBundleRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetTrustBundleRequest.ProtoReflect.Descriptor instead. func (*GetTrustBundleRequest) Descriptor() ([]byte, []int) { - return file_fulcio_proto_rawDescGZIP(), []int{6} + return file_fulcio_proto_rawDescGZIP(), []int{7} } type TrustBundle struct { @@ -551,7 +627,7 @@ type TrustBundle struct { func (x *TrustBundle) Reset() { *x = TrustBundle{} if protoimpl.UnsafeEnabled { - mi := &file_fulcio_proto_msgTypes[7] + mi := &file_fulcio_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -564,7 +640,7 @@ func (x *TrustBundle) String() string { func (*TrustBundle) ProtoMessage() {} func (x *TrustBundle) ProtoReflect() protoreflect.Message { - mi := &file_fulcio_proto_msgTypes[7] + mi := &file_fulcio_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -577,7 +653,7 @@ func (x *TrustBundle) ProtoReflect() protoreflect.Message { // Deprecated: Use TrustBundle.ProtoReflect.Descriptor instead. func (*TrustBundle) Descriptor() ([]byte, []int) { - return file_fulcio_proto_rawDescGZIP(), []int{7} + return file_fulcio_proto_rawDescGZIP(), []int{8} } func (x *TrustBundle) GetChains() []*CertificateChain { @@ -600,7 +676,7 @@ type CertificateChain struct { func (x *CertificateChain) Reset() { *x = CertificateChain{} if protoimpl.UnsafeEnabled { - mi := &file_fulcio_proto_msgTypes[8] + mi := &file_fulcio_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -613,7 +689,7 @@ func (x *CertificateChain) String() string { func (*CertificateChain) ProtoMessage() {} func (x *CertificateChain) ProtoReflect() protoreflect.Message { - mi := &file_fulcio_proto_msgTypes[8] + mi := &file_fulcio_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -626,7 +702,7 @@ func (x *CertificateChain) ProtoReflect() protoreflect.Message { // Deprecated: Use CertificateChain.ProtoReflect.Descriptor instead. func (*CertificateChain) Descriptor() ([]byte, []int) { - return file_fulcio_proto_rawDescGZIP(), []int{8} + return file_fulcio_proto_rawDescGZIP(), []int{9} } func (x *CertificateChain) GetCertificates() []string { @@ -645,114 +721,122 @@ var file_fulcio_proto_rawDesc = []byte{ 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xae, 0x02, 0x0a, 0x1f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9a, 0x02, 0x0a, 0x1f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4a, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x45, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, - 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, + 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x5d, 0x0a, 0x12, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, + 0x6b, 0x65, 0x79, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, + 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, + 0x48, 0x00, 0x52, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x1b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, + 0x52, 0x19, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, + 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x42, 0x05, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x22, 0x4e, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x73, 0x12, 0x30, 0x0a, 0x13, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x74, 0x79, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, + 0x52, 0x11, 0x6f, 0x69, 0x64, 0x63, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x54, 0x6f, + 0x6b, 0x65, 0x6e, 0x42, 0x0d, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x73, 0x22, 0x8e, 0x01, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, + 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, + 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, + 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x42, 0x03, + 0xe0, 0x41, 0x02, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x33, + 0x0a, 0x13, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x6f, 0x66, 0x5f, 0x70, 0x6f, 0x73, 0x73, 0x65, + 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, + 0x52, 0x11, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x4f, 0x66, 0x50, 0x6f, 0x73, 0x73, 0x65, 0x73, 0x73, + 0x69, 0x6f, 0x6e, 0x22, 0x74, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, + 0x12, 0x48, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x75, 0x62, + 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, + 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1d, 0x0a, 0x07, 0x63, 0x6f, + 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, + 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x22, 0xa3, 0x02, 0x0a, 0x12, 0x53, 0x69, + 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x12, 0x7e, 0x0a, 0x1f, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, + 0x73, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, - 0x76, 0x32, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x42, 0x03, 0xe0, 0x41, - 0x01, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x33, 0x0a, 0x13, - 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x6f, 0x66, 0x5f, 0x70, 0x6f, 0x73, 0x73, 0x65, 0x73, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x11, - 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x4f, 0x66, 0x50, 0x6f, 0x73, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x12, 0x43, 0x0a, 0x1b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x19, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x4e, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x30, 0x0a, 0x13, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x69, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x48, 0x00, 0x52, 0x11, 0x6f, 0x69, 0x64, 0x63, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x74, 0x79, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x42, 0x0d, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x22, 0x74, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x4b, 0x65, 0x79, 0x12, 0x48, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, - 0x68, 0x6d, 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1d, 0x0a, - 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x22, 0xa3, 0x02, 0x0a, - 0x12, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x12, 0x7e, 0x0a, 0x1f, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x63, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, - 0x65, 0x64, 0x5f, 0x73, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, - 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, - 0x53, 0x43, 0x54, 0x48, 0x00, 0x52, 0x1c, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, - 0x53, 0x63, 0x74, 0x12, 0x7e, 0x0a, 0x1f, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x63, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6d, 0x62, 0x65, 0x64, 0x64, - 0x65, 0x64, 0x5f, 0x73, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, - 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x6d, 0x62, 0x65, 0x64, 0x64, 0x65, 0x64, - 0x53, 0x43, 0x54, 0x48, 0x00, 0x52, 0x1c, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x6d, 0x62, 0x65, 0x64, 0x64, 0x65, 0x64, - 0x53, 0x63, 0x74, 0x42, 0x0d, 0x0a, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x22, 0xa1, 0x01, 0x0a, 0x1d, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, + 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x53, 0x43, 0x54, + 0x48, 0x00, 0x52, 0x1c, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x53, 0x63, 0x74, + 0x12, 0x7e, 0x0a, 0x1f, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6d, 0x62, 0x65, 0x64, 0x64, 0x65, 0x64, 0x5f, + 0x73, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x64, 0x65, 0x76, 0x2e, + 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, + 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x6d, 0x62, 0x65, 0x64, 0x64, 0x65, 0x64, 0x53, 0x43, 0x54, + 0x48, 0x00, 0x52, 0x1c, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x6d, 0x62, 0x65, 0x64, 0x64, 0x65, 0x64, 0x53, 0x63, 0x74, + 0x42, 0x0d, 0x0a, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, + 0xa1, 0x01, 0x0a, 0x1d, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x53, 0x43, + 0x54, 0x12, 0x3e, 0x0a, 0x05, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, + 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x05, 0x63, 0x68, 0x61, 0x69, + 0x6e, 0x12, 0x40, 0x0a, 0x1c, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, + 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x1a, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x43, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x22, 0x5f, 0x0a, 0x1d, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x6d, 0x62, 0x65, 0x64, 0x64, 0x65, 0x64, 0x53, 0x43, 0x54, 0x12, 0x3e, 0x0a, 0x05, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x05, 0x63, - 0x68, 0x61, 0x69, 0x6e, 0x12, 0x40, 0x0a, 0x1c, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x1a, 0x73, 0x69, 0x67, 0x6e, - 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x5f, 0x0a, 0x1d, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, - 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x6d, 0x62, 0x65, - 0x64, 0x64, 0x65, 0x64, 0x53, 0x43, 0x54, 0x12, 0x3e, 0x0a, 0x05, 0x63, 0x68, 0x61, 0x69, 0x6e, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, - 0x52, 0x05, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x22, 0x17, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x22, 0x4f, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, - 0x40, 0x0a, 0x06, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, - 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x06, 0x63, 0x68, 0x61, 0x69, 0x6e, - 0x73, 0x22, 0x36, 0x0a, 0x10, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2a, 0x5f, 0x0a, 0x12, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, - 0x24, 0x0a, 0x20, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, - 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, - 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, - 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x43, 0x44, 0x53, 0x41, 0x10, 0x02, 0x12, 0x0b, 0x0a, - 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x03, 0x32, 0xaa, 0x02, 0x0a, 0x02, 0x43, - 0x41, 0x12, 0x9f, 0x01, 0x0a, 0x18, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, - 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x37, - 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, - 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x69, + 0x68, 0x61, 0x69, 0x6e, 0x22, 0x17, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x4f, 0x0a, + 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x40, 0x0a, 0x06, + 0x63, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x64, + 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, + 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x06, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x73, 0x22, 0x36, + 0x0a, 0x10, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, + 0x69, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2a, 0x5f, 0x0a, 0x12, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, + 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x24, 0x0a, 0x20, + 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, + 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, + 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x01, 0x12, + 0x09, 0x0a, 0x05, 0x45, 0x43, 0x44, 0x53, 0x41, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x44, + 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x03, 0x32, 0xaa, 0x02, 0x0a, 0x02, 0x43, 0x41, 0x12, 0x9f, + 0x01, 0x0a, 0x18, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x37, 0x2e, 0x64, 0x65, + 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, + 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, + 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, + 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, - 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, - 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x22, 0x1e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x18, 0x22, 0x13, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, - 0x3a, 0x01, 0x2a, 0x12, 0x81, 0x01, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x2d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, - 0x47, 0x65, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x1b, 0x82, 0xd3, 0xe4, 0x93, - 0x02, 0x15, 0x12, 0x13, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x42, 0x5a, 0x0a, 0x16, 0x64, 0x65, 0x76, 0x2e, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, - 0x32, 0x42, 0x0b, 0x46, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2f, 0x70, 0x6b, 0x67, - 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x22, 0x1e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x18, 0x22, 0x13, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, + 0x32, 0x2f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x65, 0x72, 0x74, 0x3a, 0x01, 0x2a, + 0x12, 0x81, 0x01, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, + 0x64, 0x6c, 0x65, 0x12, 0x2d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x72, 0x75, 0x73, + 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x1b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, 0x12, + 0x13, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x42, 0x5a, 0x0a, 0x16, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2e, 0x76, 0x32, 0x42, 0x0b, + 0x46, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x31, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2f, 0x66, 0x75, 0x6c, 0x63, 0x69, 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x67, 0x65, + 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -768,37 +852,39 @@ func file_fulcio_proto_rawDescGZIP() []byte { } var file_fulcio_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_fulcio_proto_msgTypes = make([]protoimpl.MessageInfo, 9) +var file_fulcio_proto_msgTypes = make([]protoimpl.MessageInfo, 10) var file_fulcio_proto_goTypes = []interface{}{ (PublicKeyAlgorithm)(0), // 0: dev.sigstore.fulcio.v2.PublicKeyAlgorithm (*CreateSigningCertificateRequest)(nil), // 1: dev.sigstore.fulcio.v2.CreateSigningCertificateRequest (*Credentials)(nil), // 2: dev.sigstore.fulcio.v2.Credentials - (*PublicKey)(nil), // 3: dev.sigstore.fulcio.v2.PublicKey - (*SigningCertificate)(nil), // 4: dev.sigstore.fulcio.v2.SigningCertificate - (*SigningCertificateDetachedSCT)(nil), // 5: dev.sigstore.fulcio.v2.SigningCertificateDetachedSCT - (*SigningCertificateEmbeddedSCT)(nil), // 6: dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCT - (*GetTrustBundleRequest)(nil), // 7: dev.sigstore.fulcio.v2.GetTrustBundleRequest - (*TrustBundle)(nil), // 8: dev.sigstore.fulcio.v2.TrustBundle - (*CertificateChain)(nil), // 9: dev.sigstore.fulcio.v2.CertificateChain + (*PublicKeyRequest)(nil), // 3: dev.sigstore.fulcio.v2.PublicKeyRequest + (*PublicKey)(nil), // 4: dev.sigstore.fulcio.v2.PublicKey + (*SigningCertificate)(nil), // 5: dev.sigstore.fulcio.v2.SigningCertificate + (*SigningCertificateDetachedSCT)(nil), // 6: dev.sigstore.fulcio.v2.SigningCertificateDetachedSCT + (*SigningCertificateEmbeddedSCT)(nil), // 7: dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCT + (*GetTrustBundleRequest)(nil), // 8: dev.sigstore.fulcio.v2.GetTrustBundleRequest + (*TrustBundle)(nil), // 9: dev.sigstore.fulcio.v2.TrustBundle + (*CertificateChain)(nil), // 10: dev.sigstore.fulcio.v2.CertificateChain } var file_fulcio_proto_depIdxs = []int32{ 2, // 0: dev.sigstore.fulcio.v2.CreateSigningCertificateRequest.credentials:type_name -> dev.sigstore.fulcio.v2.Credentials - 3, // 1: dev.sigstore.fulcio.v2.CreateSigningCertificateRequest.public_key:type_name -> dev.sigstore.fulcio.v2.PublicKey - 0, // 2: dev.sigstore.fulcio.v2.PublicKey.algorithm:type_name -> dev.sigstore.fulcio.v2.PublicKeyAlgorithm - 5, // 3: dev.sigstore.fulcio.v2.SigningCertificate.signed_certificate_detached_sct:type_name -> dev.sigstore.fulcio.v2.SigningCertificateDetachedSCT - 6, // 4: dev.sigstore.fulcio.v2.SigningCertificate.signed_certificate_embedded_sct:type_name -> dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCT - 9, // 5: dev.sigstore.fulcio.v2.SigningCertificateDetachedSCT.chain:type_name -> dev.sigstore.fulcio.v2.CertificateChain - 9, // 6: dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCT.chain:type_name -> dev.sigstore.fulcio.v2.CertificateChain - 9, // 7: dev.sigstore.fulcio.v2.TrustBundle.chains:type_name -> dev.sigstore.fulcio.v2.CertificateChain - 1, // 8: dev.sigstore.fulcio.v2.CA.CreateSigningCertificate:input_type -> dev.sigstore.fulcio.v2.CreateSigningCertificateRequest - 7, // 9: dev.sigstore.fulcio.v2.CA.GetTrustBundle:input_type -> dev.sigstore.fulcio.v2.GetTrustBundleRequest - 4, // 10: dev.sigstore.fulcio.v2.CA.CreateSigningCertificate:output_type -> dev.sigstore.fulcio.v2.SigningCertificate - 8, // 11: dev.sigstore.fulcio.v2.CA.GetTrustBundle:output_type -> dev.sigstore.fulcio.v2.TrustBundle - 10, // [10:12] is the sub-list for method output_type - 8, // [8:10] is the sub-list for method input_type - 8, // [8:8] is the sub-list for extension type_name - 8, // [8:8] is the sub-list for extension extendee - 0, // [0:8] is the sub-list for field type_name + 3, // 1: dev.sigstore.fulcio.v2.CreateSigningCertificateRequest.public_key_request:type_name -> dev.sigstore.fulcio.v2.PublicKeyRequest + 4, // 2: dev.sigstore.fulcio.v2.PublicKeyRequest.public_key:type_name -> dev.sigstore.fulcio.v2.PublicKey + 0, // 3: dev.sigstore.fulcio.v2.PublicKey.algorithm:type_name -> dev.sigstore.fulcio.v2.PublicKeyAlgorithm + 6, // 4: dev.sigstore.fulcio.v2.SigningCertificate.signed_certificate_detached_sct:type_name -> dev.sigstore.fulcio.v2.SigningCertificateDetachedSCT + 7, // 5: dev.sigstore.fulcio.v2.SigningCertificate.signed_certificate_embedded_sct:type_name -> dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCT + 10, // 6: dev.sigstore.fulcio.v2.SigningCertificateDetachedSCT.chain:type_name -> dev.sigstore.fulcio.v2.CertificateChain + 10, // 7: dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCT.chain:type_name -> dev.sigstore.fulcio.v2.CertificateChain + 10, // 8: dev.sigstore.fulcio.v2.TrustBundle.chains:type_name -> dev.sigstore.fulcio.v2.CertificateChain + 1, // 9: dev.sigstore.fulcio.v2.CA.CreateSigningCertificate:input_type -> dev.sigstore.fulcio.v2.CreateSigningCertificateRequest + 8, // 10: dev.sigstore.fulcio.v2.CA.GetTrustBundle:input_type -> dev.sigstore.fulcio.v2.GetTrustBundleRequest + 5, // 11: dev.sigstore.fulcio.v2.CA.CreateSigningCertificate:output_type -> dev.sigstore.fulcio.v2.SigningCertificate + 9, // 12: dev.sigstore.fulcio.v2.CA.GetTrustBundle:output_type -> dev.sigstore.fulcio.v2.TrustBundle + 11, // [11:13] is the sub-list for method output_type + 9, // [9:11] is the sub-list for method input_type + 9, // [9:9] is the sub-list for extension type_name + 9, // [9:9] is the sub-list for extension extendee + 0, // [0:9] is the sub-list for field type_name } func init() { file_fulcio_proto_init() } @@ -832,7 +918,7 @@ func file_fulcio_proto_init() { } } file_fulcio_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PublicKey); i { + switch v := v.(*PublicKeyRequest); i { case 0: return &v.state case 1: @@ -844,7 +930,7 @@ func file_fulcio_proto_init() { } } file_fulcio_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SigningCertificate); i { + switch v := v.(*PublicKey); i { case 0: return &v.state case 1: @@ -856,7 +942,7 @@ func file_fulcio_proto_init() { } } file_fulcio_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SigningCertificateDetachedSCT); i { + switch v := v.(*SigningCertificate); i { case 0: return &v.state case 1: @@ -868,7 +954,7 @@ func file_fulcio_proto_init() { } } file_fulcio_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SigningCertificateEmbeddedSCT); i { + switch v := v.(*SigningCertificateDetachedSCT); i { case 0: return &v.state case 1: @@ -880,7 +966,7 @@ func file_fulcio_proto_init() { } } file_fulcio_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetTrustBundleRequest); i { + switch v := v.(*SigningCertificateEmbeddedSCT); i { case 0: return &v.state case 1: @@ -892,7 +978,7 @@ func file_fulcio_proto_init() { } } file_fulcio_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrustBundle); i { + switch v := v.(*GetTrustBundleRequest); i { case 0: return &v.state case 1: @@ -904,6 +990,18 @@ func file_fulcio_proto_init() { } } file_fulcio_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TrustBundle); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_fulcio_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CertificateChain); i { case 0: return &v.state @@ -916,10 +1014,14 @@ func file_fulcio_proto_init() { } } } + file_fulcio_proto_msgTypes[0].OneofWrappers = []interface{}{ + (*CreateSigningCertificateRequest_PublicKeyRequest)(nil), + (*CreateSigningCertificateRequest_CertificateSigningRequest)(nil), + } file_fulcio_proto_msgTypes[1].OneofWrappers = []interface{}{ (*Credentials_OidcIdentityToken)(nil), } - file_fulcio_proto_msgTypes[3].OneofWrappers = []interface{}{ + file_fulcio_proto_msgTypes[4].OneofWrappers = []interface{}{ (*SigningCertificate_SignedCertificateDetachedSct)(nil), (*SigningCertificate_SignedCertificateEmbeddedSct)(nil), } @@ -929,7 +1031,7 @@ func file_fulcio_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_fulcio_proto_rawDesc, NumEnums: 1, - NumMessages: 9, + NumMessages: 10, NumExtensions: 0, NumServices: 1, },