github.com/letsencrypt/boulder@v0.20251208.0/ra/proto/ra.proto

github.com/letsencrypt/boulder@v0.20251208.0/ra/proto/ra.proto (about)

     1  syntax = "proto3";
     2  
     3  package ra;
     4  option go_package = "github.com/letsencrypt/boulder/ra/proto";
     5  
     6  import "core/proto/core.proto";
     7  import "google/protobuf/empty.proto";
     8  import "google/protobuf/duration.proto";
     9  
    10  service RegistrationAuthority {
    11    rpc NewRegistration(core.Registration) returns (core.Registration) {}
    12    rpc UpdateRegistrationKey(UpdateRegistrationKeyRequest) returns (core.Registration) {}
    13    rpc DeactivateRegistration(DeactivateRegistrationRequest) returns (core.Registration) {}
    14    rpc PerformValidation(PerformValidationRequest) returns (core.Authorization) {}
    15    rpc DeactivateAuthorization(core.Authorization) returns (google.protobuf.Empty) {}
    16    rpc RevokeCertByApplicant(RevokeCertByApplicantRequest) returns (google.protobuf.Empty) {}
    17    rpc RevokeCertByKey(RevokeCertByKeyRequest) returns (google.protobuf.Empty) {}
    18    rpc AdministrativelyRevokeCertificate(AdministrativelyRevokeCertificateRequest) returns (google.protobuf.Empty) {}
    19    rpc NewOrder(NewOrderRequest) returns (core.Order) {}
    20    rpc GetAuthorization(GetAuthorizationRequest) returns (core.Authorization) {}
    21    rpc FinalizeOrder(FinalizeOrderRequest) returns (core.Order) {}
    22    rpc UnpauseAccount(UnpauseAccountRequest) returns (UnpauseAccountResponse) {}
    23    rpc AddRateLimitOverride(AddRateLimitOverrideRequest) returns (AddRateLimitOverrideResponse) {}
    24  }
    25  
    26  service SCTProvider {
    27    rpc GetSCTs(SCTRequest) returns (SCTResponse) {}
    28  }
    29  
    30  message SCTRequest {
    31    bytes precertDER = 1;
    32  }
    33  
    34  message SCTResponse {
    35    repeated bytes sctDER = 1;
    36  }
    37  
    38  message GenerateOCSPRequest {
    39    string serial = 1;
    40  }
    41  
    42  message UpdateRegistrationKeyRequest {
    43    int64 registrationID = 1;
    44    bytes jwk = 2;
    45  }
    46  
    47  message DeactivateRegistrationRequest {
    48    int64 registrationID = 1;
    49  }
    50  
    51  message UpdateAuthorizationRequest {
    52    core.Authorization authz = 1;
    53    int64 challengeIndex = 2;
    54    core.Challenge response = 3;
    55  }
    56  
    57  message PerformValidationRequest {
    58    core.Authorization authz = 1;
    59    int64 challengeIndex = 2;
    60  }
    61  
    62  message RevokeCertByApplicantRequest {
    63    bytes cert = 1;
    64    int64 code = 2;
    65    int64 regID = 3;
    66  }
    67  
    68  message RevokeCertByKeyRequest {
    69    bytes cert = 1;
    70    reserved 2; // previously code
    71  }
    72  
    73  message AdministrativelyRevokeCertificateRequest {
    74    // Deprecated: this field is ignored.
    75    bytes cert = 1;
    76    // The `serial` field is required.
    77    string serial = 4;
    78    int64 code = 2;
    79    string adminName = 3;
    80    bool skipBlockKey = 5;
    81    // If the malformed flag is set, the RA will not attempt to parse the
    82    // certificate in question. In this case, the keyCompromise reason cannot be
    83    // specified, because the key cannot be blocked.
    84    bool malformed = 6;
    85    // The CRL shard to store the revocation in.
    86    //
    87    // This is used when revoking malformed certificates, to allow human judgement
    88    // in setting the CRL shard instead of automatically determining it by parsing
    89    // the certificate.
    90    //
    91    // Passing a nonzero crlShard with malformed=false returns error.
    92    int64 crlShard = 7;
    93  }
    94  
    95  message NewOrderRequest {
    96    // Next unused field number: 9
    97    int64 registrationID = 1;
    98    reserved 2; // previously dnsNames
    99    repeated core.Identifier identifiers = 8;
   100    string certificateProfileName = 5;
   101    // Replaces is the ARI certificate Id that this order replaces.
   102    string replaces = 7;
   103    // ReplacesSerial is the serial number of the certificate that this order replaces.
   104    string replacesSerial = 3;
   105    reserved 4; // previously isARIRenewal
   106    reserved 6; // previously isRenewal
   107  }
   108  
   109  message GetAuthorizationRequest {
   110    int64 id = 1;
   111  }
   112  
   113  message FinalizeOrderRequest {
   114    core.Order order = 1;
   115    bytes csr = 2;
   116  }
   117  
   118  message UnpauseAccountRequest {
   119    // Next unused field number: 2
   120  
   121    // The registrationID to be unpaused so issuance can be resumed.
   122    int64 registrationID = 1;
   123  }
   124  
   125  message UnpauseAccountResponse {
   126    // Next unused field number: 2
   127  
   128    // Count is the number of identifiers which were unpaused for the input regid.
   129    int64 count = 1;
   130  }
   131  
   132  message AddRateLimitOverrideRequest {
   133    int64 limitEnum      = 1;
   134    string bucketKey = 2;
   135    string comment    = 3;
   136    google.protobuf.Duration period = 4;
   137    int64 count      = 5;
   138    int64 burst      = 6;
   139  }
   140  
   141  message AddRateLimitOverrideResponse {
   142    bool inserted = 1;
   143    bool enabled = 2;
   144  }