From 462b1c77b8b8624b2f4b4f24aeff80048c2523db Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Fri, 18 Mar 2022 17:04:53 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8A=A8=E6=80=81=E6=9B=B4=E6=96=B0OCSP?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkg/nodeconfigs/node_config.go | 60 ++- pkg/rpc/pb/service_ssl_cert.pb.go | 476 ++++++++++++++++----- pkg/rpc/protos/service_ssl_cert.proto | 19 + pkg/serverconfigs/sslconfigs/ssl_consts.go | 3 - pkg/serverconfigs/sslconfigs/ssl_policy.go | 45 ++ 5 files changed, 481 insertions(+), 122 deletions(-) diff --git a/pkg/nodeconfigs/node_config.go b/pkg/nodeconfigs/node_config.go index b01cd92..79b4ce9 100644 --- a/pkg/nodeconfigs/node_config.go +++ b/pkg/nodeconfigs/node_config.go @@ -27,21 +27,24 @@ func NewServerError(serverId int64, message string) *ServerError { // NodeConfig 边缘节点配置 type NodeConfig struct { - Id int64 `yaml:"id" json:"id"` - NodeId string `yaml:"nodeId" json:"nodeId"` - Secret string `yaml:"secret" json:"secret"` - IsOn bool `yaml:"isOn" json:"isOn"` - Servers []*serverconfigs.ServerConfig `yaml:"servers" json:"servers"` - SupportCNAME bool `yaml:"supportCNAME" json:"supportCNAME"` - Version int64 `yaml:"version" json:"version"` - Name string `yaml:"name" json:"name"` - MaxCPU int32 `yaml:"maxCPU" json:"maxCPU"` - RegionId int64 `yaml:"regionId" json:"regionId"` - CacheDiskDir string `yaml:"cacheDiskDir" json:"cacheDiskDir"` // 文件缓存目录 - MaxCacheDiskCapacity *shared.SizeCapacity `yaml:"maxCacheDiskCapacity" json:"maxCacheDiskCapacity"` // 文件缓存容量 - MaxCacheMemoryCapacity *shared.SizeCapacity `yaml:"maxCacheMemoryCapacity" json:"maxCacheMemoryCapacity"` // 内容缓存容量 - MaxThreads int `yaml:"maxThreads" json:"maxThreads"` - TCPMaxConnections int `yaml:"tcpMaxConnections" json:"tcpMaxConnections"` + Id int64 `yaml:"id" json:"id"` + NodeId string `yaml:"nodeId" json:"nodeId"` + Secret string `yaml:"secret" json:"secret"` + IsOn bool `yaml:"isOn" json:"isOn"` + Servers []*serverconfigs.ServerConfig `yaml:"servers" json:"servers"` + SupportCNAME bool `yaml:"supportCNAME" json:"supportCNAME"` + Version int64 `yaml:"version" json:"version"` + Name string `yaml:"name" json:"name"` + RegionId int64 `yaml:"regionId" json:"regionId"` + OCSPVersion int64 `yaml:"ocspVersion" json:"ocspVersion"` + + // 性能 + MaxCPU int32 `yaml:"maxCPU" json:"maxCPU"` + CacheDiskDir string `yaml:"cacheDiskDir" json:"cacheDiskDir"` // 文件缓存目录 + MaxCacheDiskCapacity *shared.SizeCapacity `yaml:"maxCacheDiskCapacity" json:"maxCacheDiskCapacity"` // 文件缓存容量 + MaxCacheMemoryCapacity *shared.SizeCapacity `yaml:"maxCacheMemoryCapacity" json:"maxCacheMemoryCapacity"` // 内容缓存容量 + MaxThreads int `yaml:"maxThreads" json:"maxThreads"` + TCPMaxConnections int `yaml:"tcpMaxConnections" json:"tcpMaxConnections"` // 全局配置 GlobalConfig *serverconfigs.GlobalConfig `yaml:"globalConfig" json:"globalConfig"` // 全局配置 @@ -56,9 +59,11 @@ type NodeConfig struct { TimeZone string `yaml:"timeZone" json:"timeZone"` AutoOpenPorts bool `yaml:"autoOpenPorts" json:"autoOpenPorts"` + // 指标 MetricItems []*serverconfigs.MetricItemConfig `yaml:"metricItems" json:"metricItems"` - AllowedIPs []string `yaml:"allowedIPs" json:"allowedIPs"` // 自动白名单 + // 自动白名单 + AllowedIPs []string `yaml:"allowedIPs" json:"allowedIPs"` paddedId string @@ -421,3 +426,26 @@ func (this *NodeConfig) IPIsAutoAllowed(ip string) bool { func (this *NodeConfig) SYNFloodConfig() *firewallconfigs.SYNFloodConfig { return this.synFlood } + +// UpdateCertOCSP 修改证书OCSP +func (this *NodeConfig) UpdateCertOCSP(certId int64, ocsp []byte) { + shared.Locker.Lock() + defer shared.Locker.Unlock() + + var servers = this.Servers + for _, server := range servers { + if server.HTTPS != nil && + server.HTTPS.SSLPolicy != nil && + server.HTTPS.SSLPolicy.OCSPIsOn && + server.HTTPS.SSLPolicy.ContainsCert(certId) { + server.HTTPS.SSLPolicy.UpdateCertOCSP(certId, ocsp) + } + + if server.TLS != nil && + server.TLS.SSLPolicy != nil && + server.TLS.SSLPolicy.OCSPIsOn && + server.TLS.SSLPolicy.ContainsCert(certId) { + server.TLS.SSLPolicy.UpdateCertOCSP(certId, ocsp) + } + } +} diff --git a/pkg/rpc/pb/service_ssl_cert.pb.go b/pkg/rpc/pb/service_ssl_cert.pb.go index 673d4e2..8f3579a 100644 --- a/pkg/rpc/pb/service_ssl_cert.pb.go +++ b/pkg/rpc/pb/service_ssl_cert.pb.go @@ -1016,6 +1016,172 @@ func (*ResetAllSSLCertsWithOCSPErrorRequest) Descriptor() ([]byte, []int) { return file_service_ssl_cert_proto_rawDescGZIP(), []int{14} } +// 读取证书的OCSP +type ListUpdatedSSLCertOCSPRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Version int64 `protobuf:"varint,1,opt,name=version,proto3" json:"version,omitempty"` + Size int32 `protobuf:"varint,2,opt,name=size,proto3" json:"size,omitempty"` +} + +func (x *ListUpdatedSSLCertOCSPRequest) Reset() { + *x = ListUpdatedSSLCertOCSPRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_service_ssl_cert_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListUpdatedSSLCertOCSPRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListUpdatedSSLCertOCSPRequest) ProtoMessage() {} + +func (x *ListUpdatedSSLCertOCSPRequest) ProtoReflect() protoreflect.Message { + mi := &file_service_ssl_cert_proto_msgTypes[15] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListUpdatedSSLCertOCSPRequest.ProtoReflect.Descriptor instead. +func (*ListUpdatedSSLCertOCSPRequest) Descriptor() ([]byte, []int) { + return file_service_ssl_cert_proto_rawDescGZIP(), []int{15} +} + +func (x *ListUpdatedSSLCertOCSPRequest) GetVersion() int64 { + if x != nil { + return x.Version + } + return 0 +} + +func (x *ListUpdatedSSLCertOCSPRequest) GetSize() int32 { + if x != nil { + return x.Size + } + return 0 +} + +type ListUpdatedSSLCertOCSPResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SslCertOCSP []*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP `protobuf:"bytes,1,rep,name=sslCertOCSP,proto3" json:"sslCertOCSP,omitempty"` +} + +func (x *ListUpdatedSSLCertOCSPResponse) Reset() { + *x = ListUpdatedSSLCertOCSPResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_service_ssl_cert_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListUpdatedSSLCertOCSPResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListUpdatedSSLCertOCSPResponse) ProtoMessage() {} + +func (x *ListUpdatedSSLCertOCSPResponse) ProtoReflect() protoreflect.Message { + mi := &file_service_ssl_cert_proto_msgTypes[16] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListUpdatedSSLCertOCSPResponse.ProtoReflect.Descriptor instead. +func (*ListUpdatedSSLCertOCSPResponse) Descriptor() ([]byte, []int) { + return file_service_ssl_cert_proto_rawDescGZIP(), []int{16} +} + +func (x *ListUpdatedSSLCertOCSPResponse) GetSslCertOCSP() []*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP { + if x != nil { + return x.SslCertOCSP + } + return nil +} + +type ListUpdatedSSLCertOCSPResponse_SSLCertOCSP struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SslCertId int64 `protobuf:"varint,1,opt,name=sslCertId,proto3" json:"sslCertId,omitempty"` + Ocsp []byte `protobuf:"bytes,2,opt,name=ocsp,proto3" json:"ocsp,omitempty"` + Version int64 `protobuf:"varint,3,opt,name=version,proto3" json:"version,omitempty"` +} + +func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) Reset() { + *x = ListUpdatedSSLCertOCSPResponse_SSLCertOCSP{} + if protoimpl.UnsafeEnabled { + mi := &file_service_ssl_cert_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) ProtoMessage() {} + +func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) ProtoReflect() protoreflect.Message { + mi := &file_service_ssl_cert_proto_msgTypes[17] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListUpdatedSSLCertOCSPResponse_SSLCertOCSP.ProtoReflect.Descriptor instead. +func (*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) Descriptor() ([]byte, []int) { + return file_service_ssl_cert_proto_rawDescGZIP(), []int{16, 0} +} + +func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetSslCertId() int64 { + if x != nil { + return x.SslCertId + } + return 0 +} + +func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetOcsp() []byte { + if x != nil { + return x.Ocsp + } + return nil +} + +func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetVersion() int64 { + if x != nil { + return x.Version + } + return 0 +} + var File_service_ssl_cert_proto protoreflect.FileDescriptor var file_service_ssl_cert_proto_rawDesc = []byte{ @@ -1140,63 +1306,87 @@ var file_service_ssl_cert_proto_rawDesc = []byte{ 0x03, 0x52, 0x0a, 0x73, 0x73, 0x6c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x73, 0x22, 0x26, 0x0a, 0x24, 0x52, 0x65, 0x73, 0x65, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x32, 0x88, 0x07, 0x0a, 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, - 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, - 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, - 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39, - 0x0a, 0x0d, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, - 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, - 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, - 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x39, 0x0a, 0x0d, 0x64, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, - 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x12, 0x65, 0x0a, 0x18, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x23, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, - 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e, 0x0a, 0x0d, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, - 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x43, 0x6f, - 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x6c, - 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62, - 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, - 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, - 0x0a, 0x1d, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, - 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, - 0x28, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, - 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, - 0x50, 0x43, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x68, 0x0a, 0x19, 0x6c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, - 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x24, 0x2e, 0x70, - 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, - 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x4d, 0x0a, 0x1d, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, + 0x73, 0x69, 0x7a, 0x65, 0x22, 0xcd, 0x01, 0x0a, 0x1e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x50, 0x0a, 0x0b, 0x73, 0x73, 0x6c, 0x43, 0x65, + 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x70, + 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, + 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x2e, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x0b, 0x73, 0x73, + 0x6c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x1a, 0x59, 0x0a, 0x0b, 0x53, 0x53, 0x4c, + 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x73, 0x6c, 0x43, + 0x65, 0x72, 0x74, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x73, 0x73, 0x6c, + 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x76, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x32, 0xe9, 0x07, 0x0a, 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x53, + 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39, 0x0a, + 0x0d, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, + 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, + 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, + 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x39, 0x0a, 0x0d, 0x64, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x44, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x12, 0x65, 0x0a, 0x18, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, + 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, + 0x23, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, + 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, + 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e, 0x0a, 0x0d, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62, + 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x43, 0x6f, 0x75, + 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x6c, 0x69, + 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62, 0x2e, + 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, + 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, + 0x1d, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, + 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x28, + 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x55, 0x0a, 0x1b, 0x69, 0x67, 0x6e, + 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, + 0x43, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x68, + 0x0a, 0x19, 0x6c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, + 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x24, 0x2e, 0x70, 0x62, + 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, + 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, + 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x55, 0x0a, 0x1b, 0x69, 0x67, 0x6e, 0x6f, + 0x72, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, + 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x49, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, - 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x49, 0x67, - 0x6e, 0x6f, 0x72, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, - 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x12, 0x53, 0x0a, 0x1a, 0x72, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, - 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x25, - 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, - 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x59, 0x0a, 0x1d, 0x72, 0x65, 0x73, 0x65, 0x74, 0x41, 0x6c, - 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, - 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x28, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, - 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, - 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, + 0x53, 0x0a, 0x1a, 0x72, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, + 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x25, 0x2e, + 0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, + 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x12, 0x59, 0x0a, 0x1d, 0x72, 0x65, 0x73, 0x65, 0x74, 0x41, 0x6c, 0x6c, + 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x28, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x74, + 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, + 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, + 0x5f, 0x0a, 0x16, 0x6c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, + 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x21, 0x2e, 0x70, 0x62, 0x2e, 0x4c, + 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, + 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70, + 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, + 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } @@ -1212,56 +1402,62 @@ func file_service_ssl_cert_proto_rawDescGZIP() []byte { return file_service_ssl_cert_proto_rawDescData } -var file_service_ssl_cert_proto_msgTypes = make([]protoimpl.MessageInfo, 15) +var file_service_ssl_cert_proto_msgTypes = make([]protoimpl.MessageInfo, 18) var file_service_ssl_cert_proto_goTypes = []interface{}{ - (*CreateSSLCertRequest)(nil), // 0: pb.CreateSSLCertRequest - (*CreateSSLCertResponse)(nil), // 1: pb.CreateSSLCertResponse - (*UpdateSSLCertRequest)(nil), // 2: pb.UpdateSSLCertRequest - (*FindEnabledSSLCertConfigRequest)(nil), // 3: pb.FindEnabledSSLCertConfigRequest - (*FindEnabledSSLCertConfigResponse)(nil), // 4: pb.FindEnabledSSLCertConfigResponse - (*DeleteSSLCertRequest)(nil), // 5: pb.DeleteSSLCertRequest - (*CountSSLCertRequest)(nil), // 6: pb.CountSSLCertRequest - (*ListSSLCertsRequest)(nil), // 7: pb.ListSSLCertsRequest - (*ListSSLCertsResponse)(nil), // 8: pb.ListSSLCertsResponse - (*CountAllSSLCertsWithOCSPErrorRequest)(nil), // 9: pb.CountAllSSLCertsWithOCSPErrorRequest - (*ListSSLCertsWithOCSPErrorRequest)(nil), // 10: pb.ListSSLCertsWithOCSPErrorRequest - (*ListSSLCertsWithOCSPErrorResponse)(nil), // 11: pb.ListSSLCertsWithOCSPErrorResponse - (*IgnoreSSLCertsWithOCSPErrorRequest)(nil), // 12: pb.IgnoreSSLCertsWithOCSPErrorRequest - (*ResetSSLCertsWithOCSPErrorRequest)(nil), // 13: pb.ResetSSLCertsWithOCSPErrorRequest - (*ResetAllSSLCertsWithOCSPErrorRequest)(nil), // 14: pb.ResetAllSSLCertsWithOCSPErrorRequest - (*SSLCert)(nil), // 15: pb.SSLCert - (*RPCSuccess)(nil), // 16: pb.RPCSuccess - (*RPCCountResponse)(nil), // 17: pb.RPCCountResponse + (*CreateSSLCertRequest)(nil), // 0: pb.CreateSSLCertRequest + (*CreateSSLCertResponse)(nil), // 1: pb.CreateSSLCertResponse + (*UpdateSSLCertRequest)(nil), // 2: pb.UpdateSSLCertRequest + (*FindEnabledSSLCertConfigRequest)(nil), // 3: pb.FindEnabledSSLCertConfigRequest + (*FindEnabledSSLCertConfigResponse)(nil), // 4: pb.FindEnabledSSLCertConfigResponse + (*DeleteSSLCertRequest)(nil), // 5: pb.DeleteSSLCertRequest + (*CountSSLCertRequest)(nil), // 6: pb.CountSSLCertRequest + (*ListSSLCertsRequest)(nil), // 7: pb.ListSSLCertsRequest + (*ListSSLCertsResponse)(nil), // 8: pb.ListSSLCertsResponse + (*CountAllSSLCertsWithOCSPErrorRequest)(nil), // 9: pb.CountAllSSLCertsWithOCSPErrorRequest + (*ListSSLCertsWithOCSPErrorRequest)(nil), // 10: pb.ListSSLCertsWithOCSPErrorRequest + (*ListSSLCertsWithOCSPErrorResponse)(nil), // 11: pb.ListSSLCertsWithOCSPErrorResponse + (*IgnoreSSLCertsWithOCSPErrorRequest)(nil), // 12: pb.IgnoreSSLCertsWithOCSPErrorRequest + (*ResetSSLCertsWithOCSPErrorRequest)(nil), // 13: pb.ResetSSLCertsWithOCSPErrorRequest + (*ResetAllSSLCertsWithOCSPErrorRequest)(nil), // 14: pb.ResetAllSSLCertsWithOCSPErrorRequest + (*ListUpdatedSSLCertOCSPRequest)(nil), // 15: pb.ListUpdatedSSLCertOCSPRequest + (*ListUpdatedSSLCertOCSPResponse)(nil), // 16: pb.ListUpdatedSSLCertOCSPResponse + (*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP)(nil), // 17: pb.ListUpdatedSSLCertOCSPResponse.SSLCertOCSP + (*SSLCert)(nil), // 18: pb.SSLCert + (*RPCSuccess)(nil), // 19: pb.RPCSuccess + (*RPCCountResponse)(nil), // 20: pb.RPCCountResponse } var file_service_ssl_cert_proto_depIdxs = []int32{ - 15, // 0: pb.ListSSLCertsWithOCSPErrorResponse.sslCerts:type_name -> pb.SSLCert - 0, // 1: pb.SSLCertService.createSSLCert:input_type -> pb.CreateSSLCertRequest - 2, // 2: pb.SSLCertService.updateSSLCert:input_type -> pb.UpdateSSLCertRequest - 5, // 3: pb.SSLCertService.deleteSSLCert:input_type -> pb.DeleteSSLCertRequest - 3, // 4: pb.SSLCertService.findEnabledSSLCertConfig:input_type -> pb.FindEnabledSSLCertConfigRequest - 6, // 5: pb.SSLCertService.countSSLCerts:input_type -> pb.CountSSLCertRequest - 7, // 6: pb.SSLCertService.listSSLCerts:input_type -> pb.ListSSLCertsRequest - 9, // 7: pb.SSLCertService.countAllSSLCertsWithOCSPError:input_type -> pb.CountAllSSLCertsWithOCSPErrorRequest - 10, // 8: pb.SSLCertService.listSSLCertsWithOCSPError:input_type -> pb.ListSSLCertsWithOCSPErrorRequest - 12, // 9: pb.SSLCertService.ignoreSSLCertsWithOCSPError:input_type -> pb.IgnoreSSLCertsWithOCSPErrorRequest - 13, // 10: pb.SSLCertService.resetSSLCertsWithOCSPError:input_type -> pb.ResetSSLCertsWithOCSPErrorRequest - 14, // 11: pb.SSLCertService.resetAllSSLCertsWithOCSPError:input_type -> pb.ResetAllSSLCertsWithOCSPErrorRequest - 1, // 12: pb.SSLCertService.createSSLCert:output_type -> pb.CreateSSLCertResponse - 16, // 13: pb.SSLCertService.updateSSLCert:output_type -> pb.RPCSuccess - 16, // 14: pb.SSLCertService.deleteSSLCert:output_type -> pb.RPCSuccess - 4, // 15: pb.SSLCertService.findEnabledSSLCertConfig:output_type -> pb.FindEnabledSSLCertConfigResponse - 17, // 16: pb.SSLCertService.countSSLCerts:output_type -> pb.RPCCountResponse - 8, // 17: pb.SSLCertService.listSSLCerts:output_type -> pb.ListSSLCertsResponse - 17, // 18: pb.SSLCertService.countAllSSLCertsWithOCSPError:output_type -> pb.RPCCountResponse - 11, // 19: pb.SSLCertService.listSSLCertsWithOCSPError:output_type -> pb.ListSSLCertsWithOCSPErrorResponse - 16, // 20: pb.SSLCertService.ignoreSSLCertsWithOCSPError:output_type -> pb.RPCSuccess - 16, // 21: pb.SSLCertService.resetSSLCertsWithOCSPError:output_type -> pb.RPCSuccess - 16, // 22: pb.SSLCertService.resetAllSSLCertsWithOCSPError:output_type -> pb.RPCSuccess - 12, // [12:23] is the sub-list for method output_type - 1, // [1:12] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name + 18, // 0: pb.ListSSLCertsWithOCSPErrorResponse.sslCerts:type_name -> pb.SSLCert + 17, // 1: pb.ListUpdatedSSLCertOCSPResponse.sslCertOCSP:type_name -> pb.ListUpdatedSSLCertOCSPResponse.SSLCertOCSP + 0, // 2: pb.SSLCertService.createSSLCert:input_type -> pb.CreateSSLCertRequest + 2, // 3: pb.SSLCertService.updateSSLCert:input_type -> pb.UpdateSSLCertRequest + 5, // 4: pb.SSLCertService.deleteSSLCert:input_type -> pb.DeleteSSLCertRequest + 3, // 5: pb.SSLCertService.findEnabledSSLCertConfig:input_type -> pb.FindEnabledSSLCertConfigRequest + 6, // 6: pb.SSLCertService.countSSLCerts:input_type -> pb.CountSSLCertRequest + 7, // 7: pb.SSLCertService.listSSLCerts:input_type -> pb.ListSSLCertsRequest + 9, // 8: pb.SSLCertService.countAllSSLCertsWithOCSPError:input_type -> pb.CountAllSSLCertsWithOCSPErrorRequest + 10, // 9: pb.SSLCertService.listSSLCertsWithOCSPError:input_type -> pb.ListSSLCertsWithOCSPErrorRequest + 12, // 10: pb.SSLCertService.ignoreSSLCertsWithOCSPError:input_type -> pb.IgnoreSSLCertsWithOCSPErrorRequest + 13, // 11: pb.SSLCertService.resetSSLCertsWithOCSPError:input_type -> pb.ResetSSLCertsWithOCSPErrorRequest + 14, // 12: pb.SSLCertService.resetAllSSLCertsWithOCSPError:input_type -> pb.ResetAllSSLCertsWithOCSPErrorRequest + 15, // 13: pb.SSLCertService.listUpdatedSSLCertOCSP:input_type -> pb.ListUpdatedSSLCertOCSPRequest + 1, // 14: pb.SSLCertService.createSSLCert:output_type -> pb.CreateSSLCertResponse + 19, // 15: pb.SSLCertService.updateSSLCert:output_type -> pb.RPCSuccess + 19, // 16: pb.SSLCertService.deleteSSLCert:output_type -> pb.RPCSuccess + 4, // 17: pb.SSLCertService.findEnabledSSLCertConfig:output_type -> pb.FindEnabledSSLCertConfigResponse + 20, // 18: pb.SSLCertService.countSSLCerts:output_type -> pb.RPCCountResponse + 8, // 19: pb.SSLCertService.listSSLCerts:output_type -> pb.ListSSLCertsResponse + 20, // 20: pb.SSLCertService.countAllSSLCertsWithOCSPError:output_type -> pb.RPCCountResponse + 11, // 21: pb.SSLCertService.listSSLCertsWithOCSPError:output_type -> pb.ListSSLCertsWithOCSPErrorResponse + 19, // 22: pb.SSLCertService.ignoreSSLCertsWithOCSPError:output_type -> pb.RPCSuccess + 19, // 23: pb.SSLCertService.resetSSLCertsWithOCSPError:output_type -> pb.RPCSuccess + 19, // 24: pb.SSLCertService.resetAllSSLCertsWithOCSPError:output_type -> pb.RPCSuccess + 16, // 25: pb.SSLCertService.listUpdatedSSLCertOCSP:output_type -> pb.ListUpdatedSSLCertOCSPResponse + 14, // [14:26] is the sub-list for method output_type + 2, // [2:14] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } func init() { file_service_ssl_cert_proto_init() } @@ -1452,6 +1648,42 @@ func file_service_ssl_cert_proto_init() { return nil } } + file_service_ssl_cert_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListUpdatedSSLCertOCSPRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_service_ssl_cert_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListUpdatedSSLCertOCSPResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_service_ssl_cert_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ @@ -1459,7 +1691,7 @@ func file_service_ssl_cert_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_service_ssl_cert_proto_rawDesc, NumEnums: 0, - NumMessages: 15, + NumMessages: 18, NumExtensions: 0, NumServices: 1, }, @@ -1507,6 +1739,8 @@ type SSLCertServiceClient interface { ResetSSLCertsWithOCSPError(ctx context.Context, in *ResetSSLCertsWithOCSPErrorRequest, opts ...grpc.CallOption) (*RPCSuccess, error) // 重置所有证书OCSP错误状态 ResetAllSSLCertsWithOCSPError(ctx context.Context, in *ResetAllSSLCertsWithOCSPErrorRequest, opts ...grpc.CallOption) (*RPCSuccess, error) + // 读取证书的OCSP + ListUpdatedSSLCertOCSP(ctx context.Context, in *ListUpdatedSSLCertOCSPRequest, opts ...grpc.CallOption) (*ListUpdatedSSLCertOCSPResponse, error) } type sSLCertServiceClient struct { @@ -1616,6 +1850,15 @@ func (c *sSLCertServiceClient) ResetAllSSLCertsWithOCSPError(ctx context.Context return out, nil } +func (c *sSLCertServiceClient) ListUpdatedSSLCertOCSP(ctx context.Context, in *ListUpdatedSSLCertOCSPRequest, opts ...grpc.CallOption) (*ListUpdatedSSLCertOCSPResponse, error) { + out := new(ListUpdatedSSLCertOCSPResponse) + err := c.cc.Invoke(ctx, "/pb.SSLCertService/listUpdatedSSLCertOCSP", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // SSLCertServiceServer is the server API for SSLCertService service. type SSLCertServiceServer interface { // 创建Cert @@ -1640,6 +1883,8 @@ type SSLCertServiceServer interface { ResetSSLCertsWithOCSPError(context.Context, *ResetSSLCertsWithOCSPErrorRequest) (*RPCSuccess, error) // 重置所有证书OCSP错误状态 ResetAllSSLCertsWithOCSPError(context.Context, *ResetAllSSLCertsWithOCSPErrorRequest) (*RPCSuccess, error) + // 读取证书的OCSP + ListUpdatedSSLCertOCSP(context.Context, *ListUpdatedSSLCertOCSPRequest) (*ListUpdatedSSLCertOCSPResponse, error) } // UnimplementedSSLCertServiceServer can be embedded to have forward compatible implementations. @@ -1679,6 +1924,9 @@ func (*UnimplementedSSLCertServiceServer) ResetSSLCertsWithOCSPError(context.Con func (*UnimplementedSSLCertServiceServer) ResetAllSSLCertsWithOCSPError(context.Context, *ResetAllSSLCertsWithOCSPErrorRequest) (*RPCSuccess, error) { return nil, status.Errorf(codes.Unimplemented, "method ResetAllSSLCertsWithOCSPError not implemented") } +func (*UnimplementedSSLCertServiceServer) ListUpdatedSSLCertOCSP(context.Context, *ListUpdatedSSLCertOCSPRequest) (*ListUpdatedSSLCertOCSPResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListUpdatedSSLCertOCSP not implemented") +} func RegisterSSLCertServiceServer(s *grpc.Server, srv SSLCertServiceServer) { s.RegisterService(&_SSLCertService_serviceDesc, srv) @@ -1882,6 +2130,24 @@ func _SSLCertService_ResetAllSSLCertsWithOCSPError_Handler(srv interface{}, ctx return interceptor(ctx, in, info, handler) } +func _SSLCertService_ListUpdatedSSLCertOCSP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListUpdatedSSLCertOCSPRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SSLCertServiceServer).ListUpdatedSSLCertOCSP(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SSLCertService/ListUpdatedSSLCertOCSP", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SSLCertServiceServer).ListUpdatedSSLCertOCSP(ctx, req.(*ListUpdatedSSLCertOCSPRequest)) + } + return interceptor(ctx, in, info, handler) +} + var _SSLCertService_serviceDesc = grpc.ServiceDesc{ ServiceName: "pb.SSLCertService", HandlerType: (*SSLCertServiceServer)(nil), @@ -1930,6 +2196,10 @@ var _SSLCertService_serviceDesc = grpc.ServiceDesc{ MethodName: "resetAllSSLCertsWithOCSPError", Handler: _SSLCertService_ResetAllSSLCertsWithOCSPError_Handler, }, + { + MethodName: "listUpdatedSSLCertOCSP", + Handler: _SSLCertService_ListUpdatedSSLCertOCSP_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "service_ssl_cert.proto", diff --git a/pkg/rpc/protos/service_ssl_cert.proto b/pkg/rpc/protos/service_ssl_cert.proto index 39708fe..a8cc109 100644 --- a/pkg/rpc/protos/service_ssl_cert.proto +++ b/pkg/rpc/protos/service_ssl_cert.proto @@ -39,6 +39,9 @@ service SSLCertService { // 重置所有证书OCSP错误状态 rpc resetAllSSLCertsWithOCSPError (ResetAllSSLCertsWithOCSPErrorRequest) returns (RPCSuccess); + + // 读取证书的OCSP + rpc listUpdatedSSLCertOCSP(ListUpdatedSSLCertOCSPRequest) returns (ListUpdatedSSLCertOCSPResponse); } // 创建Cert @@ -145,4 +148,20 @@ message ResetSSLCertsWithOCSPErrorRequest { // 重置所有证书OCSP错误状态 message ResetAllSSLCertsWithOCSPErrorRequest { +} + +// 读取证书的OCSP +message ListUpdatedSSLCertOCSPRequest { + int64 version = 1; + int32 size = 2; +} + +message ListUpdatedSSLCertOCSPResponse { + repeated SSLCertOCSP sslCertOCSP = 1; + + message SSLCertOCSP { + int64 sslCertId = 1; + bytes ocsp = 2; + int64 version = 3; + } } \ No newline at end of file diff --git a/pkg/serverconfigs/sslconfigs/ssl_consts.go b/pkg/serverconfigs/sslconfigs/ssl_consts.go index 61327b1..392f6a1 100644 --- a/pkg/serverconfigs/sslconfigs/ssl_consts.go +++ b/pkg/serverconfigs/sslconfigs/ssl_consts.go @@ -2,7 +2,6 @@ package sslconfigs import ( "crypto/tls" - "os" ) var AllTlsVersions = []TLSVersion{"SSL 3.0", "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3"} @@ -78,8 +77,6 @@ func (this *SSLPolicy) convertMinVersion() { this.minVersion = tls.VersionTLS12 case "TLS 1.3": this.minVersion = tls.VersionTLS13 - - os.Setenv("GODEBUG", "tls13=1") // TODO should be removed in go 1.14, in go 1.12 tls IS NOT FULL IMPLEMENTED YET default: this.minVersion = tls.VersionTLS10 } diff --git a/pkg/serverconfigs/sslconfigs/ssl_policy.go b/pkg/serverconfigs/sslconfigs/ssl_policy.go index ad2315c..0057a7a 100644 --- a/pkg/serverconfigs/sslconfigs/ssl_policy.go +++ b/pkg/serverconfigs/sslconfigs/ssl_policy.go @@ -1,6 +1,7 @@ package sslconfigs import ( + "bytes" "crypto/tls" "crypto/x509" "github.com/TeaOSLab/EdgeCommon/pkg/configutils" @@ -154,3 +155,47 @@ func (this *SSLPolicy) CAPool() *x509.CertPool { func (this *SSLPolicy) TLSConfig() *tls.Config { return this.tlsConfig } + +// ContainsCert 检查是否包括某个证书 +func (this *SSLPolicy) ContainsCert(certId int64) bool { + for _, cert := range this.Certs { + if cert.Id == certId { + return true + } + } + return false +} + +// UpdateCertOCSP 修改某个证书的OCSP +func (this *SSLPolicy) UpdateCertOCSP(certId int64, ocsp []byte) { + for _, cert := range this.Certs { + if cert.Id == certId { + cert.OCSP = ocsp + cert.CertObject().OCSPStaple = cert.OCSP + + // 修改tlsConfig中的cert + for index, cert2 := range this.tlsConfig.Certificates { + if this.certIsEqual(*cert.CertObject(), cert2) { + this.tlsConfig.Certificates[index].OCSPStaple = ocsp + } + } + break + } + } +} + +func (this *SSLPolicy) certIsEqual(cert1 tls.Certificate, cert2 tls.Certificate) bool { + var b1 = cert1.Certificate + var b2 = cert2.Certificate + if len(b1) != len(b2) { + return false + } + + for index, b := range b1 { + if bytes.Compare(b, b2[index]) != 0 { + return false + } + } + + return true +}