github.com/letsencrypt/boulder@v0.20251208.0/sa/proto/sa.proto (about) 1 syntax = "proto3"; 2 3 package sa; 4 option go_package = "github.com/letsencrypt/boulder/sa/proto"; 5 6 import "core/proto/core.proto"; 7 import "google/protobuf/empty.proto"; 8 import "google/protobuf/timestamp.proto"; 9 import "google/protobuf/duration.proto"; 10 11 // StorageAuthorityReadOnly exposes only those SA methods which are read-only. 12 service StorageAuthorityReadOnly { 13 rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {} 14 rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {} 15 rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {} 16 rpc FQDNSetTimestampsForWindow(CountFQDNSetsRequest) returns (Timestamps) {} 17 rpc GetAuthorization2(AuthorizationID2) returns (core.Authorization) {} 18 rpc GetCertificate(Serial) returns (core.Certificate) {} 19 rpc GetLintPrecertificate(Serial) returns (core.Certificate) {} 20 rpc GetCertificateStatus(Serial) returns (core.CertificateStatus) {} 21 rpc GetOrder(OrderRequest) returns (core.Order) {} 22 rpc GetOrderForNames(GetOrderForNamesRequest) returns (core.Order) {} 23 rpc GetRegistration(RegistrationID) returns (core.Registration) {} 24 rpc GetRegistrationByKey(JSONWebKey) returns (core.Registration) {} 25 rpc GetRevocationStatus(Serial) returns (RevocationStatus) {} 26 rpc GetRevokedCertsByShard(GetRevokedCertsByShardRequest) returns (stream core.CRLEntry) {} 27 rpc GetSerialMetadata(Serial) returns (SerialMetadata) {} 28 rpc GetSerialsByAccount(RegistrationID) returns (stream Serial) {} 29 rpc GetSerialsByKey(SPKIHash) returns (stream Serial) {} 30 rpc GetValidAuthorizations2(GetValidAuthorizationsRequest) returns (Authorizations) {} 31 rpc GetValidOrderAuthorizations2(GetValidOrderAuthorizationsRequest) returns (Authorizations) {} 32 rpc IncidentsForSerial(Serial) returns (Incidents) {} 33 rpc KeyBlocked(SPKIHash) returns (Exists) {} 34 rpc ReplacementOrderExists(Serial) returns (Exists) {} 35 rpc SerialsForIncident (SerialsForIncidentRequest) returns (stream IncidentSerial) {} 36 rpc CheckIdentifiersPaused (PauseRequest) returns (Identifiers) {} 37 rpc GetPausedIdentifiers (RegistrationID) returns (Identifiers) {} 38 rpc GetRateLimitOverride(GetRateLimitOverrideRequest) returns (RateLimitOverrideResponse) {} 39 rpc GetEnabledRateLimitOverrides(google.protobuf.Empty) returns (stream RateLimitOverrideResponse) {} 40 } 41 42 // StorageAuthority provides full read/write access to the database. 43 service StorageAuthority { 44 // Getters: this list must be identical to the StorageAuthorityReadOnly rpcs. 45 rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {} 46 rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {} 47 rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {} 48 rpc FQDNSetTimestampsForWindow(CountFQDNSetsRequest) returns (Timestamps) {} 49 rpc GetAuthorization2(AuthorizationID2) returns (core.Authorization) {} 50 rpc GetCertificate(Serial) returns (core.Certificate) {} 51 rpc GetLintPrecertificate(Serial) returns (core.Certificate) {} 52 rpc GetCertificateStatus(Serial) returns (core.CertificateStatus) {} 53 rpc GetOrder(OrderRequest) returns (core.Order) {} 54 rpc GetOrderForNames(GetOrderForNamesRequest) returns (core.Order) {} 55 rpc GetRegistration(RegistrationID) returns (core.Registration) {} 56 rpc GetRegistrationByKey(JSONWebKey) returns (core.Registration) {} 57 rpc GetRevocationStatus(Serial) returns (RevocationStatus) {} 58 rpc GetRevokedCertsByShard(GetRevokedCertsByShardRequest) returns (stream core.CRLEntry) {} 59 rpc GetSerialMetadata(Serial) returns (SerialMetadata) {} 60 rpc GetSerialsByAccount(RegistrationID) returns (stream Serial) {} 61 rpc GetSerialsByKey(SPKIHash) returns (stream Serial) {} 62 rpc GetValidAuthorizations2(GetValidAuthorizationsRequest) returns (Authorizations) {} 63 rpc GetValidOrderAuthorizations2(GetValidOrderAuthorizationsRequest) returns (Authorizations) {} 64 rpc IncidentsForSerial(Serial) returns (Incidents) {} 65 rpc KeyBlocked(SPKIHash) returns (Exists) {} 66 rpc ReplacementOrderExists(Serial) returns (Exists) {} 67 rpc SerialsForIncident (SerialsForIncidentRequest) returns (stream IncidentSerial) {} 68 rpc CheckIdentifiersPaused (PauseRequest) returns (Identifiers) {} 69 rpc GetPausedIdentifiers (RegistrationID) returns (Identifiers) {} 70 rpc GetRateLimitOverride(GetRateLimitOverrideRequest) returns (RateLimitOverrideResponse) {} 71 rpc GetEnabledRateLimitOverrides(google.protobuf.Empty) returns (stream RateLimitOverrideResponse) {} 72 73 // Adders 74 rpc AddBlockedKey(AddBlockedKeyRequest) returns (google.protobuf.Empty) {} 75 rpc AddCertificate(AddCertificateRequest) returns (google.protobuf.Empty) {} 76 rpc AddPrecertificate(AddCertificateRequest) returns (google.protobuf.Empty) {} 77 rpc AddSerial(AddSerialRequest) returns (google.protobuf.Empty) {} 78 rpc DeactivateAuthorization2(AuthorizationID2) returns (google.protobuf.Empty) {} 79 rpc DeactivateRegistration(RegistrationID) returns (core.Registration) {} 80 rpc FinalizeAuthorization2(FinalizeAuthorizationRequest) returns (google.protobuf.Empty) {} 81 rpc FinalizeOrder(FinalizeOrderRequest) returns (google.protobuf.Empty) {} 82 rpc NewOrderAndAuthzs(NewOrderAndAuthzsRequest) returns (core.Order) {} 83 rpc NewRegistration(core.Registration) returns (core.Registration) {} 84 rpc RevokeCertificate(RevokeCertificateRequest) returns (google.protobuf.Empty) {} 85 rpc SetOrderError(SetOrderErrorRequest) returns (google.protobuf.Empty) {} 86 rpc SetOrderProcessing(OrderRequest) returns (google.protobuf.Empty) {} 87 rpc UpdateRegistrationKey(UpdateRegistrationKeyRequest) returns (core.Registration) {} 88 rpc UpdateRevokedCertificate(RevokeCertificateRequest) returns (google.protobuf.Empty) {} 89 rpc LeaseCRLShard(LeaseCRLShardRequest) returns (LeaseCRLShardResponse) {} 90 rpc UpdateCRLShard(UpdateCRLShardRequest) returns (google.protobuf.Empty) {} 91 rpc PauseIdentifiers(PauseRequest) returns (PauseIdentifiersResponse) {} 92 rpc UnpauseAccount(RegistrationID) returns (Count) {} 93 rpc AddRateLimitOverride(AddRateLimitOverrideRequest) returns (AddRateLimitOverrideResponse) {} 94 rpc DisableRateLimitOverride(DisableRateLimitOverrideRequest) returns (google.protobuf.Empty) {} 95 rpc EnableRateLimitOverride(EnableRateLimitOverrideRequest) returns (google.protobuf.Empty) {} 96 } 97 98 message RegistrationID { 99 int64 id = 1; 100 } 101 102 message JSONWebKey { 103 bytes jwk = 1; 104 } 105 106 message AuthorizationID { 107 string id = 1; 108 } 109 110 message GetValidAuthorizationsRequest { 111 // Next unused field number: 7 112 int64 registrationID = 1; 113 reserved 2; // Previously dnsNames 114 repeated core.Identifier identifiers = 6; 115 reserved 3; // Previously nowNS 116 google.protobuf.Timestamp validUntil = 4; 117 string profile = 5; 118 } 119 120 message Serial { 121 string serial = 1; 122 } 123 124 message SerialMetadata { 125 // Next unused field number: 7 126 string serial = 1; 127 int64 registrationID = 2; 128 reserved 3; // Previously createdNS 129 google.protobuf.Timestamp created = 5; 130 reserved 4; // Previously expiresNS 131 google.protobuf.Timestamp expires = 6; 132 } 133 134 message Range { 135 // Next unused field number: 5 136 reserved 1; // Previously earliestNS 137 google.protobuf.Timestamp earliest = 3; 138 reserved 2; // Previously latestNS 139 google.protobuf.Timestamp latest = 4; 140 } 141 142 message Count { 143 int64 count = 1; 144 } 145 146 message Timestamps { 147 // Next unused field number: 3 148 reserved 1; // Previously repeated timestampsNS 149 repeated google.protobuf.Timestamp timestamps = 2; 150 } 151 152 message CountInvalidAuthorizationsRequest { 153 // Next unused field number: 5 154 int64 registrationID = 1; 155 reserved 2; // Previously dnsName 156 core.Identifier identifier = 4; 157 // Count authorizations that expire in this range. 158 Range range = 3; 159 } 160 161 message CountFQDNSetsRequest { 162 // Next unused field number: 6 163 reserved 1; // Previously windowNS 164 reserved 2; // Previously dnsNames 165 repeated core.Identifier identifiers = 5; 166 google.protobuf.Duration window = 3; 167 int64 limit = 4; 168 } 169 170 message FQDNSetExistsRequest { 171 // Next unused field number: 3 172 reserved 1; // Previously dnsNames 173 repeated core.Identifier identifiers = 2; 174 } 175 176 message Exists { 177 bool exists = 1; 178 } 179 180 message AddSerialRequest { 181 // Next unused field number: 7 182 int64 regID = 1; 183 string serial = 2; 184 reserved 3; // Previously createdNS 185 google.protobuf.Timestamp created = 5; 186 reserved 4; // Previously expiresNS 187 google.protobuf.Timestamp expires = 6; 188 } 189 190 message AddCertificateRequest { 191 // Next unused field number: 8 192 bytes der = 1; 193 int64 regID = 2; 194 reserved 3; // previously ocsp 195 // An issued time. When not present the SA defaults to using 196 // the current time. 197 reserved 4; // Previously issuedNS 198 google.protobuf.Timestamp issued = 7; 199 int64 issuerNameID = 5; // https://pkg.go.dev/github.com/letsencrypt/boulder/issuance#IssuerNameID 200 reserved 6; // Previously ocspNotReady 201 } 202 203 message OrderRequest { 204 int64 id = 1; 205 } 206 207 message NewOrderRequest { 208 // Next unused field number: 10 209 int64 registrationID = 1; 210 reserved 2; // Previously expiresNS 211 google.protobuf.Timestamp expires = 5; 212 reserved 3; // Previously dnsNames 213 repeated core.Identifier identifiers = 9; 214 // A list of already-existing authorization IDs that should be associated with 215 // the new Order object. This is for authorization reuse. 216 repeated int64 v2Authorizations = 4; 217 string certificateProfileName = 7; 218 // Replaces is the ARI certificate Id that this order replaces. 219 string replaces = 8; 220 // ReplacesSerial is the serial number of the certificate that this order 221 // replaces. 222 string replacesSerial = 6; 223 224 } 225 226 // NewAuthzRequest represents a request to create an authorization. 227 message NewAuthzRequest { 228 // Next unused field number: 13 229 reserved 1; // previously id 230 reserved 2; // previously dnsName 231 core.Identifier identifier = 12; 232 int64 registrationID = 3; 233 reserved 4; // previously status 234 reserved 5; // previously expiresNS 235 google.protobuf.Timestamp expires = 9; 236 reserved 6; // previously challenges 237 reserved 7; // previously ACMEv1 combinations 238 reserved 8; // previously v2 239 repeated string challengeTypes = 10; 240 string token = 11; 241 } 242 243 message NewOrderAndAuthzsRequest { 244 NewOrderRequest newOrder = 1; 245 // Authorizations to be newly created alongside the order, and associated with it. 246 // These will be combined with any reused authorizations (newOrder.v2Authorizations) 247 // to make the overall set of authorizations for the order. This field and 248 // newOrder.v2Authorizations may both be present, or only one of the two may be 249 // present, but they may not both be absent. 250 repeated NewAuthzRequest newAuthzs = 2; 251 } 252 253 message SetOrderErrorRequest { 254 int64 id = 1; 255 core.ProblemDetails error = 2; 256 } 257 258 message GetValidOrderAuthorizationsRequest { 259 int64 id = 1; 260 int64 acctID = 2; 261 } 262 263 message GetOrderForNamesRequest { 264 // Next unused field number: 4 265 int64 acctID = 1; 266 reserved 2; // Previously dnsNames 267 repeated core.Identifier identifiers = 3; 268 } 269 270 message FinalizeOrderRequest { 271 int64 id = 1; 272 string certificateSerial = 2; 273 } 274 275 message GetAuthorizationsRequest { 276 // Next unused field number: 7 277 int64 registrationID = 1; 278 reserved 2; // Previously dnsNames 279 repeated core.Identifier identifiers = 6; 280 reserved 3; // Previously nowNS 281 google.protobuf.Timestamp validUntil = 4; 282 string profile = 5; 283 } 284 285 message Authorizations { 286 repeated core.Authorization authzs = 2; 287 } 288 289 message AuthorizationIDs { 290 repeated string ids = 1; 291 } 292 293 message AuthorizationID2 { 294 int64 id = 1; 295 } 296 297 message RevokeCertificateRequest { 298 // Next unused field number: 10 299 string serial = 1; 300 int64 reason = 2; 301 reserved 3; // Previously dateNS 302 google.protobuf.Timestamp date = 8; 303 reserved 5; // Previously backdateNS 304 google.protobuf.Timestamp backdate = 9; 305 bytes response = 4; 306 int64 issuerID = 6; 307 int64 shardIdx = 7; 308 } 309 310 message FinalizeAuthorizationRequest { 311 // Next unused field number: 10 312 int64 id = 1; 313 string status = 2; 314 reserved 3; // Previously 315 google.protobuf.Timestamp expires = 8; 316 string attempted = 4; 317 repeated core.ValidationRecord validationRecords = 5; 318 core.ProblemDetails validationError = 6; 319 reserved 7; // Previously attemptedAtNS 320 google.protobuf.Timestamp attemptedAt = 9; 321 } 322 323 message AddBlockedKeyRequest { 324 // Next unused field number: 7 325 bytes keyHash = 1; 326 reserved 2; // Previously addedNS 327 google.protobuf.Timestamp added = 6; 328 string source = 3; 329 string comment = 4; 330 int64 revokedBy = 5; 331 } 332 333 message SPKIHash { 334 bytes keyHash = 1; 335 } 336 337 message Incident { 338 // Next unused field number: 7 339 int64 id = 1; 340 string serialTable = 2; 341 string url = 3; 342 reserved 4; // Previously renewByNS 343 google.protobuf.Timestamp renewBy = 6; 344 bool enabled = 5; 345 } 346 347 message Incidents { 348 repeated Incident incidents = 1; 349 } 350 351 message SerialsForIncidentRequest { 352 string incidentTable = 1; 353 } 354 355 message IncidentSerial { 356 // Next unused field number: 6 357 string serial = 1; 358 int64 registrationID = 2; // May be 0 (NULL) 359 int64 orderID = 3; // May be 0 (NULL) 360 reserved 4; // Previously lastNoticeSentNS 361 google.protobuf.Timestamp lastNoticeSent = 5; 362 } 363 364 message GetRevokedCertsByShardRequest { 365 int64 issuerNameID = 1; 366 google.protobuf.Timestamp revokedBefore = 2; 367 google.protobuf.Timestamp expiresAfter = 3; 368 int64 shardIdx = 4; 369 } 370 371 message RevocationStatus { 372 int64 status = 1; 373 int64 revokedReason = 2; 374 google.protobuf.Timestamp revokedDate = 3; // Unix timestamp (nanoseconds) 375 } 376 377 message LeaseCRLShardRequest { 378 int64 issuerNameID = 1; 379 int64 minShardIdx = 2; 380 int64 maxShardIdx = 3; 381 google.protobuf.Timestamp until = 4; 382 } 383 384 message LeaseCRLShardResponse { 385 int64 issuerNameID = 1; 386 int64 shardIdx = 2; 387 } 388 389 message UpdateCRLShardRequest { 390 int64 issuerNameID = 1; 391 int64 shardIdx = 2; 392 google.protobuf.Timestamp thisUpdate = 3; 393 google.protobuf.Timestamp nextUpdate = 4; 394 } 395 396 message Identifiers { 397 repeated core.Identifier identifiers = 1; 398 } 399 400 message PauseRequest { 401 int64 registrationID = 1; 402 repeated core.Identifier identifiers = 2; 403 } 404 405 message PauseIdentifiersResponse { 406 int64 paused = 1; 407 int64 repaused = 2; 408 } 409 410 message UpdateRegistrationKeyRequest { 411 int64 registrationID = 1; 412 bytes jwk = 2; 413 } 414 415 message RateLimitOverride { 416 int64 limitEnum = 1; 417 string bucketKey = 2; 418 string comment = 3; 419 google.protobuf.Duration period = 4; 420 int64 count = 5; 421 int64 burst = 6; 422 } 423 424 message AddRateLimitOverrideRequest { 425 RateLimitOverride override = 1; 426 } 427 428 message AddRateLimitOverrideResponse { 429 bool inserted = 1; 430 bool enabled = 2; 431 } 432 433 message EnableRateLimitOverrideRequest { 434 int64 limitEnum = 1; 435 string bucketKey = 2; 436 } 437 438 message DisableRateLimitOverrideRequest { 439 int64 limitEnum = 1; 440 string bucketKey = 2; 441 } 442 443 message GetRateLimitOverrideRequest { 444 int64 limitEnum = 1; 445 string bucketKey = 2; 446 } 447 448 message RateLimitOverrideResponse { 449 RateLimitOverride override = 1; 450 bool enabled = 2; 451 google.protobuf.Timestamp updatedAt = 3; 452 }