mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac4577f778109cfc9026b4d3ff478793191f30ff
metacrypt/gen/metacrypt/v2/pki.pb.go
Kyle Isom ac4577f778 Add CRL endpoint, sign-CSR web route, and policy-based issuance authorization 
- Register handleSignCSR route in webserver (was dead code)
- Add GET /v1/pki/{mount}/issuer/{name}/crl REST endpoint and
  PKIService.GetCRL gRPC RPC for DER-encoded CRL generation
- Replace admin-only gates on issue/renew/sign-csr with policy-based
  access control: admins grant-all, authenticated users subject to
  identifier ownership (CN/SANs not held by another user's active cert)
  and optional policy overrides via ca/{mount}/id/{identifier} resources
- Add PolicyChecker to engine.Request and policy.Match() method to
  distinguish matched rules from default deny
- Update and expand CA engine tests for ownership, revocation freeing,
  and policy override scenarios

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-16 15:22:04 -07:00

493 lines
15 KiB
Go
Raw Blame History

// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.11
// protoc v3.20.3
// source: proto/metacrypt/v2/pki.proto
package metacryptv2
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
type GetRootCertRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Mount string `protobuf:"bytes,1,opt,name=mount,proto3" json:"mount,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetRootCertRequest) Reset() {
*x = GetRootCertRequest{}
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetRootCertRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetRootCertRequest) ProtoMessage() {}
func (x *GetRootCertRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetRootCertRequest.ProtoReflect.Descriptor instead.
func (*GetRootCertRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{0}
}
func (x *GetRootCertRequest) GetMount() string {
if x != nil {
return x.Mount
}
return ""
}
type GetRootCertResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
CertPem []byte `protobuf:"bytes,1,opt,name=cert_pem,json=certPem,proto3" json:"cert_pem,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetRootCertResponse) Reset() {
*x = GetRootCertResponse{}
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetRootCertResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetRootCertResponse) ProtoMessage() {}
func (x *GetRootCertResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetRootCertResponse.ProtoReflect.Descriptor instead.
func (*GetRootCertResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{1}
}
func (x *GetRootCertResponse) GetCertPem() []byte {
if x != nil {
return x.CertPem
}
return nil
}
type GetChainRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Mount string `protobuf:"bytes,1,opt,name=mount,proto3" json:"mount,omitempty"`
Issuer string `protobuf:"bytes,2,opt,name=issuer,proto3" json:"issuer,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetChainRequest) Reset() {
*x = GetChainRequest{}
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetChainRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetChainRequest) ProtoMessage() {}
func (x *GetChainRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetChainRequest.ProtoReflect.Descriptor instead.
func (*GetChainRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{2}
}
func (x *GetChainRequest) GetMount() string {
if x != nil {
return x.Mount
}
return ""
}
func (x *GetChainRequest) GetIssuer() string {
if x != nil {
return x.Issuer
}
return ""
}
type GetChainResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
ChainPem []byte `protobuf:"bytes,1,opt,name=chain_pem,json=chainPem,proto3" json:"chain_pem,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetChainResponse) Reset() {
*x = GetChainResponse{}
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetChainResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetChainResponse) ProtoMessage() {}
func (x *GetChainResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetChainResponse.ProtoReflect.Descriptor instead.
func (*GetChainResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{3}
}
func (x *GetChainResponse) GetChainPem() []byte {
if x != nil {
return x.ChainPem
}
return nil
}
type GetIssuerCertRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Mount string `protobuf:"bytes,1,opt,name=mount,proto3" json:"mount,omitempty"`
Issuer string `protobuf:"bytes,2,opt,name=issuer,proto3" json:"issuer,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetIssuerCertRequest) Reset() {
*x = GetIssuerCertRequest{}
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetIssuerCertRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetIssuerCertRequest) ProtoMessage() {}
func (x *GetIssuerCertRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetIssuerCertRequest.ProtoReflect.Descriptor instead.
func (*GetIssuerCertRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{4}
}
func (x *GetIssuerCertRequest) GetMount() string {
if x != nil {
return x.Mount
}
return ""
}
func (x *GetIssuerCertRequest) GetIssuer() string {
if x != nil {
return x.Issuer
}
return ""
}
type GetIssuerCertResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
CertPem []byte `protobuf:"bytes,1,opt,name=cert_pem,json=certPem,proto3" json:"cert_pem,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetIssuerCertResponse) Reset() {
*x = GetIssuerCertResponse{}
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetIssuerCertResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetIssuerCertResponse) ProtoMessage() {}
func (x *GetIssuerCertResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetIssuerCertResponse.ProtoReflect.Descriptor instead.
func (*GetIssuerCertResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{5}
}
func (x *GetIssuerCertResponse) GetCertPem() []byte {
if x != nil {
return x.CertPem
}
return nil
}
type GetCRLRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Mount string `protobuf:"bytes,1,opt,name=mount,proto3" json:"mount,omitempty"`
Issuer string `protobuf:"bytes,2,opt,name=issuer,proto3" json:"issuer,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetCRLRequest) Reset() {
*x = GetCRLRequest{}
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetCRLRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetCRLRequest) ProtoMessage() {}
func (x *GetCRLRequest) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetCRLRequest.ProtoReflect.Descriptor instead.
func (*GetCRLRequest) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{6}
}
func (x *GetCRLRequest) GetMount() string {
if x != nil {
return x.Mount
}
return ""
}
func (x *GetCRLRequest) GetIssuer() string {
if x != nil {
return x.Issuer
}
return ""
}
type GetCRLResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
CrlDer []byte `protobuf:"bytes,1,opt,name=crl_der,json=crlDer,proto3" json:"crl_der,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetCRLResponse) Reset() {
*x = GetCRLResponse{}
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetCRLResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetCRLResponse) ProtoMessage() {}
func (x *GetCRLResponse) ProtoReflect() protoreflect.Message {
mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[7]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetCRLResponse.ProtoReflect.Descriptor instead.
func (*GetCRLResponse) Descriptor() ([]byte, []int) {
return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{7}
}
func (x *GetCRLResponse) GetCrlDer() []byte {
if x != nil {
return x.CrlDer
}
return nil
}
var File_proto_metacrypt_v2_pki_proto protoreflect.FileDescriptor
const file_proto_metacrypt_v2_pki_proto_rawDesc = "" +
"\n" +
"\x1cproto/metacrypt/v2/pki.proto\x12\fmetacrypt.v2\"*\n" +
"\x12GetRootCertRequest\x12\x14\n" +
"\x05mount\x18\x01 \x01(\tR\x05mount\"0\n" +
"\x13GetRootCertResponse\x12\x19\n" +
"\bcert_pem\x18\x01 \x01(\fR\acertPem\"?\n" +
"\x0fGetChainRequest\x12\x14\n" +
"\x05mount\x18\x01 \x01(\tR\x05mount\x12\x16\n" +
"\x06issuer\x18\x02 \x01(\tR\x06issuer\"/\n" +
"\x10GetChainResponse\x12\x1b\n" +
"\tchain_pem\x18\x01 \x01(\fR\bchainPem\"D\n" +
"\x14GetIssuerCertRequest\x12\x14\n" +
"\x05mount\x18\x01 \x01(\tR\x05mount\x12\x16\n" +
"\x06issuer\x18\x02 \x01(\tR\x06issuer\"2\n" +
"\x15GetIssuerCertResponse\x12\x19\n" +
"\bcert_pem\x18\x01 \x01(\fR\acertPem\"=\n" +
"\rGetCRLRequest\x12\x14\n" +
"\x05mount\x18\x01 \x01(\tR\x05mount\x12\x16\n" +
"\x06issuer\x18\x02 \x01(\tR\x06issuer\")\n" +
"\x0eGetCRLResponse\x12\x17\n" +
"\acrl_der\x18\x01 \x01(\fR\x06crlDer2\xca\x02\n" +
"\n" +
"PKIService\x12R\n" +
"\vGetRootCert\x12 .metacrypt.v2.GetRootCertRequest\x1a!.metacrypt.v2.GetRootCertResponse\x12I\n" +
"\bGetChain\x12\x1d.metacrypt.v2.GetChainRequest\x1a\x1e.metacrypt.v2.GetChainResponse\x12X\n" +
"\rGetIssuerCert\x12\".metacrypt.v2.GetIssuerCertRequest\x1a#.metacrypt.v2.GetIssuerCertResponse\x12C\n" +
"\x06GetCRL\x12\x1b.metacrypt.v2.GetCRLRequest\x1a\x1c.metacrypt.v2.GetCRLResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
var (
file_proto_metacrypt_v2_pki_proto_rawDescOnce sync.Once
file_proto_metacrypt_v2_pki_proto_rawDescData []byte
)
func file_proto_metacrypt_v2_pki_proto_rawDescGZIP() []byte {
file_proto_metacrypt_v2_pki_proto_rawDescOnce.Do(func() {
file_proto_metacrypt_v2_pki_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_proto_metacrypt_v2_pki_proto_rawDesc), len(file_proto_metacrypt_v2_pki_proto_rawDesc)))
})
return file_proto_metacrypt_v2_pki_proto_rawDescData
}
var file_proto_metacrypt_v2_pki_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
var file_proto_metacrypt_v2_pki_proto_goTypes = []any{
(*GetRootCertRequest)(nil), // 0: metacrypt.v2.GetRootCertRequest
(*GetRootCertResponse)(nil), // 1: metacrypt.v2.GetRootCertResponse
(*GetChainRequest)(nil), // 2: metacrypt.v2.GetChainRequest
(*GetChainResponse)(nil), // 3: metacrypt.v2.GetChainResponse
(*GetIssuerCertRequest)(nil), // 4: metacrypt.v2.GetIssuerCertRequest
(*GetIssuerCertResponse)(nil), // 5: metacrypt.v2.GetIssuerCertResponse
(*GetCRLRequest)(nil), // 6: metacrypt.v2.GetCRLRequest
(*GetCRLResponse)(nil), // 7: metacrypt.v2.GetCRLResponse
}
var file_proto_metacrypt_v2_pki_proto_depIdxs = []int32{
0, // 0: metacrypt.v2.PKIService.GetRootCert:input_type -> metacrypt.v2.GetRootCertRequest
2, // 1: metacrypt.v2.PKIService.GetChain:input_type -> metacrypt.v2.GetChainRequest
4, // 2: metacrypt.v2.PKIService.GetIssuerCert:input_type -> metacrypt.v2.GetIssuerCertRequest
6, // 3: metacrypt.v2.PKIService.GetCRL:input_type -> metacrypt.v2.GetCRLRequest
1, // 4: metacrypt.v2.PKIService.GetRootCert:output_type -> metacrypt.v2.GetRootCertResponse
3, // 5: metacrypt.v2.PKIService.GetChain:output_type -> metacrypt.v2.GetChainResponse
5, // 6: metacrypt.v2.PKIService.GetIssuerCert:output_type -> metacrypt.v2.GetIssuerCertResponse
7, // 7: metacrypt.v2.PKIService.GetCRL:output_type -> metacrypt.v2.GetCRLResponse
4, // [4:8] is the sub-list for method output_type
0, // [0:4] is the sub-list for method input_type
0, // [0:0] is the sub-list for extension type_name
0, // [0:0] is the sub-list for extension extendee
0, // [0:0] is the sub-list for field type_name
}
func init() { file_proto_metacrypt_v2_pki_proto_init() }
func file_proto_metacrypt_v2_pki_proto_init() {
if File_proto_metacrypt_v2_pki_proto != nil {
return
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_proto_metacrypt_v2_pki_proto_rawDesc), len(file_proto_metacrypt_v2_pki_proto_rawDesc)),
NumEnums: 0,
NumMessages: 8,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_proto_metacrypt_v2_pki_proto_goTypes,
DependencyIndexes: file_proto_metacrypt_v2_pki_proto_depIdxs,
MessageInfos: file_proto_metacrypt_v2_pki_proto_msgTypes,
}.Build()
File_proto_metacrypt_v2_pki_proto = out.File
file_proto_metacrypt_v2_pki_proto_goTypes = nil
file_proto_metacrypt_v2_pki_proto_depIdxs = nil
}
Reference in New Issue View Git Blame Copy Permalink