2020-10-01 16:01:28 +08:00
|
|
|
|
syntax = "proto3";
|
|
|
|
|
|
option go_package = "./pb";
|
|
|
|
|
|
|
|
|
|
|
|
package pb;
|
|
|
|
|
|
|
2021-01-25 16:41:30 +08:00
|
|
|
|
import "models/rpc_messages.proto";
|
2020-10-01 16:01:28 +08:00
|
|
|
|
|
2022-06-25 19:22:19 +08:00
|
|
|
|
// SSL/TLS策略管理服务
|
2020-10-01 16:01:28 +08:00
|
|
|
|
service SSLPolicyService {
|
2023-06-16 18:27:16 +08:00
|
|
|
|
// 创建策略
|
2020-10-01 16:01:28 +08:00
|
|
|
|
rpc createSSLPolicy (CreateSSLPolicyRequest) returns (CreateSSLPolicyResponse);
|
|
|
|
|
|
|
2023-06-16 18:27:16 +08:00
|
|
|
|
// 修改策略
|
2020-11-13 18:23:06 +08:00
|
|
|
|
rpc updateSSLPolicy (UpdateSSLPolicyRequest) returns (RPCSuccess);
|
2020-10-01 16:01:28 +08:00
|
|
|
|
|
2023-06-16 18:27:16 +08:00
|
|
|
|
// 查找策略
|
2020-10-01 16:01:28 +08:00
|
|
|
|
rpc findEnabledSSLPolicyConfig (FindEnabledSSLPolicyConfigRequest) returns (FindEnabledSSLPolicyConfigResponse);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-06-16 18:27:16 +08:00
|
|
|
|
// 创建策略
|
2020-10-01 16:01:28 +08:00
|
|
|
|
message CreateSSLPolicyRequest {
|
2023-06-16 18:27:16 +08:00
|
|
|
|
bool http2Enabled = 1; // 可选项,是否启用HTTP/2
|
|
|
|
|
|
bool http3Enabled = 10; // 可选项,是否启用HTTP/3(在满足条件的基础上)
|
|
|
|
|
|
string minVersion = 2; // 支持的最低SSL版本,可选择值: SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
|
|
|
|
|
|
bytes sslCertsJSON = 3; // 可选项,关联的证书信息,可以在创建后再通过修改策略来配置 @link json:ssl_cert_refs
|
|
|
|
|
|
bytes hstsJSON = 4; // 可选项,HSTS配置 @link json:hsts
|
|
|
|
|
|
int32 clientAuthType = 5; // 可选项,客户端校验类型:0 无需证书,1 需要客户端证书,2 需要任一客户端证书,3 如果客户端上传了证书才校验,4 需要客户端证书而且需要校验
|
|
|
|
|
|
bytes clientCACertsJSON = 6; // 可选项,CA证书内容
|
|
|
|
|
|
repeated string cipherSuites = 7; // 可选项,自定义加密套件
|
|
|
|
|
|
bool cipherSuitesIsOn = 8; // 可选项,是否启用自定义加密套件
|
|
|
|
|
|
bool ocspIsOn = 9; // 可选项,是否启用OCSP
|
2020-10-01 16:01:28 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
message CreateSSLPolicyResponse {
|
2023-06-16 18:27:16 +08:00
|
|
|
|
int64 sslPolicyId = 1; // 创建的策略ID
|
2020-10-01 16:01:28 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-06-16 18:27:16 +08:00
|
|
|
|
// 修改策略
|
2020-10-01 16:01:28 +08:00
|
|
|
|
message UpdateSSLPolicyRequest {
|
2023-06-16 18:27:16 +08:00
|
|
|
|
int64 sslPolicyId = 1; // 策略ID
|
|
|
|
|
|
bool http2Enabled = 2; // 可选项,是否启用HTTP/2
|
|
|
|
|
|
bool http3Enabled = 11; // 可选项,是否启用HTTP/3(在满足条件的基础上)
|
|
|
|
|
|
string minVersion = 3; // 支持的最低SSL版本,可选择值: SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
|
|
|
|
|
|
bytes sslCertsJSON = 4; // 关联的证书信息 @link json:ssl_cert_refs
|
|
|
|
|
|
bytes hstsJSON = 5; // 可选项,HSTS配置 @link json:hsts
|
|
|
|
|
|
int32 clientAuthType = 6; // 可选项,客户端校验类型:0 无需证书,1 需要客户端证书,2 需要任一客户端证书,3 如果客户端上传了证书才校验,4 需要客户端证书而且需要校验
|
|
|
|
|
|
bytes clientCACertsJSON = 7; // 可选项,CA证书内容
|
|
|
|
|
|
repeated string cipherSuites = 8; // 可选项,自定义加密套件
|
|
|
|
|
|
bool cipherSuitesIsOn = 9; // 可选项,是否启用自定义加密套件
|
|
|
|
|
|
bool ocspIsOn = 10; // 可选项,是否启用OCSP
|
2020-10-01 16:01:28 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-06-16 18:27:16 +08:00
|
|
|
|
// 查找策略
|
2020-10-01 16:01:28 +08:00
|
|
|
|
message FindEnabledSSLPolicyConfigRequest {
|
2022-12-31 17:12:55 +08:00
|
|
|
|
int64 sslPolicyId = 1; // SSL策略ID
|
2023-06-16 18:27:16 +08:00
|
|
|
|
bool ignoreData = 2; // 是否忽略证书内容数据
|
2020-10-01 16:01:28 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
message FindEnabledSSLPolicyConfigResponse {
|
2023-06-16 18:27:16 +08:00
|
|
|
|
bytes sslPolicyJSON = 1; // 策略配置信息
|
2020-10-01 16:01:28 +08:00
|
|
|
|
}
|
