syntax = "proto3";
option go_package = "./pb";

package pb;

import "models/rpc_messages.proto";

// SSL/TLS策略管理服务
service SSLPolicyService {
	// 创建Policy
	rpc createSSLPolicy (CreateSSLPolicyRequest) returns (CreateSSLPolicyResponse);

	// 修改Policy
	rpc updateSSLPolicy (UpdateSSLPolicyRequest) returns (RPCSuccess);

	// 查找Policy
	rpc findEnabledSSLPolicyConfig (FindEnabledSSLPolicyConfigRequest) returns (FindEnabledSSLPolicyConfigResponse);
}

// 创建Policy
message CreateSSLPolicyRequest {
	bool http2Enabled = 1; // 是否启用HTTP/2
	bool http3Enabled = 10; // 是否启用HTTP/3（在满足条件的基础上）
	string minVersion = 2; // 支持的最低SSL版本
	bytes sslCertsJSON = 3; // 证书内容
	bytes hstsJSON = 4; // HSTS配置
	int32 clientAuthType = 5; //
	bytes clientCACertsJSON = 6; // CA证书内容
	repeated string cipherSuites = 7; // 自定义加密套件
	bool cipherSuitesIsOn = 8; // 是否启用自定义加密套件
	bool ocspIsOn = 9; // 是否启用OCSP
}

message CreateSSLPolicyResponse {
	int64 sslPolicyId = 1;
}

// 修改Policy
message UpdateSSLPolicyRequest {
	int64 sslPolicyId = 1;
	bool http2Enabled = 2;
	bool http3Enabled = 11; // 是否启用HTTP/3（在满足条件的基础上）
	string minVersion = 3;
	bytes sslCertsJSON = 4;
	bytes hstsJSON = 5;
	int32 clientAuthType = 6;
	bytes clientCACertsJSON = 7;
	repeated string cipherSuites = 8;
	bool cipherSuitesIsOn = 9;
	bool ocspIsOn = 10;
}

// 查找Policy
message FindEnabledSSLPolicyConfigRequest {
	int64 sslPolicyId = 1; // SSL策略ID
	bool ignoreData = 2; // 忽略证书内容数据
}

message FindEnabledSSLPolicyConfigResponse {
	bytes sslPolicyJSON = 1;
}