diff --git a/GNUmakefile b/GNUmakefile index fbc56b6082..538445b4cb 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -7,7 +7,9 @@ GOTOOLS = \ golang.org/x/tools/cmd/cover \ golang.org/x/tools/cmd/stringer \ github.com/axw/gocov/gocov \ - gopkg.in/matm/v1/gocov-html + gopkg.in/matm/v1/gocov-html \ + github.com/gogo/protobuf/protoc-gen-gofast \ + github.com/vektra/mockery/cmd/mockery GOTAGS ?= GOFILES ?= $(shell go list ./... | grep -v /vendor/) @@ -271,6 +273,8 @@ ui-docker: ui-build-image ui-legacy-docker: ui-legacy-build-image @$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh ui-legacy +proto: + protoc agent/connect/ca/plugin/*.proto --gofast_out=plugins=grpc:../../.. .PHONY: all ci bin dev dist cov test test-ci test-internal test-install-deps cover format vet ui static-assets tools vendorfmt -.PHONY: docker-images go-build-image ui-build-image ui-legacy-build-image static-assets-docker consul-docker ui-docker ui-legacy-docker version +.PHONY: docker-images go-build-image ui-build-image ui-legacy-build-image static-assets-docker consul-docker ui-docker ui-legacy-docker version proto diff --git a/agent/connect/ca/mock_Provider.go b/agent/connect/ca/mock_Provider.go new file mode 100644 index 0000000000..e8b9e58929 --- /dev/null +++ b/agent/connect/ca/mock_Provider.go @@ -0,0 +1,214 @@ +// Code generated by mockery v1.0.0. DO NOT EDIT. + +package ca + +import mock "github.com/stretchr/testify/mock" +import x509 "crypto/x509" + +// MockProvider is an autogenerated mock type for the Provider type +type MockProvider struct { + mock.Mock +} + +// ActiveIntermediate provides a mock function with given fields: +func (_m *MockProvider) ActiveIntermediate() (string, error) { + ret := _m.Called() + + var r0 string + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func() error); ok { + r1 = rf() + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ActiveRoot provides a mock function with given fields: +func (_m *MockProvider) ActiveRoot() (string, error) { + ret := _m.Called() + + var r0 string + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func() error); ok { + r1 = rf() + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// Cleanup provides a mock function with given fields: +func (_m *MockProvider) Cleanup() error { + ret := _m.Called() + + var r0 error + if rf, ok := ret.Get(0).(func() error); ok { + r0 = rf() + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// Configure provides a mock function with given fields: clusterId, isRoot, rawConfig +func (_m *MockProvider) Configure(clusterId string, isRoot bool, rawConfig map[string]interface{}) error { + ret := _m.Called(clusterId, isRoot, rawConfig) + + var r0 error + if rf, ok := ret.Get(0).(func(string, bool, map[string]interface{}) error); ok { + r0 = rf(clusterId, isRoot, rawConfig) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// CrossSignCA provides a mock function with given fields: _a0 +func (_m *MockProvider) CrossSignCA(_a0 *x509.Certificate) (string, error) { + ret := _m.Called(_a0) + + var r0 string + if rf, ok := ret.Get(0).(func(*x509.Certificate) string); ok { + r0 = rf(_a0) + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func(*x509.Certificate) error); ok { + r1 = rf(_a0) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GenerateIntermediate provides a mock function with given fields: +func (_m *MockProvider) GenerateIntermediate() (string, error) { + ret := _m.Called() + + var r0 string + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func() error); ok { + r1 = rf() + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GenerateIntermediateCSR provides a mock function with given fields: +func (_m *MockProvider) GenerateIntermediateCSR() (string, error) { + ret := _m.Called() + + var r0 string + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func() error); ok { + r1 = rf() + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GenerateRoot provides a mock function with given fields: +func (_m *MockProvider) GenerateRoot() error { + ret := _m.Called() + + var r0 error + if rf, ok := ret.Get(0).(func() error); ok { + r0 = rf() + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// SetIntermediate provides a mock function with given fields: intermediatePEM, rootPEM +func (_m *MockProvider) SetIntermediate(intermediatePEM string, rootPEM string) error { + ret := _m.Called(intermediatePEM, rootPEM) + + var r0 error + if rf, ok := ret.Get(0).(func(string, string) error); ok { + r0 = rf(intermediatePEM, rootPEM) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// Sign provides a mock function with given fields: _a0 +func (_m *MockProvider) Sign(_a0 *x509.CertificateRequest) (string, error) { + ret := _m.Called(_a0) + + var r0 string + if rf, ok := ret.Get(0).(func(*x509.CertificateRequest) string); ok { + r0 = rf(_a0) + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func(*x509.CertificateRequest) error); ok { + r1 = rf(_a0) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// SignIntermediate provides a mock function with given fields: _a0 +func (_m *MockProvider) SignIntermediate(_a0 *x509.CertificateRequest) (string, error) { + ret := _m.Called(_a0) + + var r0 string + if rf, ok := ret.Get(0).(func(*x509.CertificateRequest) string); ok { + r0 = rf(_a0) + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func(*x509.CertificateRequest) error); ok { + r1 = rf(_a0) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} diff --git a/agent/connect/ca/plugin/client.go b/agent/connect/ca/plugin/client.go new file mode 100644 index 0000000000..1cdc25c6eb --- /dev/null +++ b/agent/connect/ca/plugin/client.go @@ -0,0 +1,18 @@ +package plugin + +import ( + "github.com/hashicorp/go-plugin" +) + +// ClientConfig returns a base *plugin.ClientConfig that is configured to +// be able to dispense CA provider plugins. The returned value should be +// modified with additional options prior to execution (such as Cmd, Managed, +// etc.) +func ClientConfig() *plugin.ClientConfig { + return &plugin.ClientConfig{ + HandshakeConfig: handshakeConfig, + Plugins: map[string]plugin.Plugin{ + Name: &ProviderPlugin{}, + }, + } +} diff --git a/agent/connect/ca/plugin/plugin.go b/agent/connect/ca/plugin/plugin.go new file mode 100644 index 0000000000..1e32bda602 --- /dev/null +++ b/agent/connect/ca/plugin/plugin.go @@ -0,0 +1,41 @@ +package plugin + +import ( + "context" + "net/rpc" + + "github.com/hashicorp/consul/agent/connect/ca" + "github.com/hashicorp/go-plugin" + "google.golang.org/grpc" +) + +// ProviderPlugin implements plugin.Plugin for initializing a plugin +// server and client for both net/rpc and gRPC. +type ProviderPlugin struct { + Impl ca.Provider +} + +func (p ProviderPlugin) Server(*plugin.MuxBroker) (interface{}, error) { + return &providerPluginRPCServer{impl: p.Impl}, nil +} + +func (ProviderPlugin) Client(b *plugin.MuxBroker, c *rpc.Client) (interface{}, error) { + return &providerPluginRPCClient{client: c}, nil +} + +func (p ProviderPlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { + RegisterCAServer(s, &providerPluginGRPCServer{impl: p.Impl}) + return nil +} + +func (ProviderPlugin) GRPCClient(doneCtx context.Context, _ *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { + return &providerPluginGRPCClient{ + client: NewCAClient(c), + clientConn: c, + doneCtx: doneCtx, + }, nil +} + +// Verification +var _ plugin.Plugin = ProviderPlugin{} +var _ plugin.GRPCPlugin = ProviderPlugin{} diff --git a/agent/connect/ca/plugin/plugin_test.go b/agent/connect/ca/plugin/plugin_test.go new file mode 100644 index 0000000000..f4c100c288 --- /dev/null +++ b/agent/connect/ca/plugin/plugin_test.go @@ -0,0 +1,311 @@ +package plugin + +import ( + "crypto/x509" + "encoding/pem" + "errors" + "testing" + + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/connect/ca" + "github.com/hashicorp/go-plugin" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" +) + +func TestProvider_Configure(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Basic configure + m.On("Configure", "foo", false, map[string]interface{}{ + "string": "bar", + "number": float64(42), // because json + }).Once().Return(nil) + require.NoError(p.Configure("foo", false, map[string]interface{}{ + "string": "bar", + "number": float64(42), + })) + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("Configure", "foo", false, map[string]interface{}{}).Once().Return(errors.New("hello world")) + err := p.Configure("foo", false, map[string]interface{}{}) + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_GenerateRoot(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("GenerateRoot").Once().Return(nil) + require.NoError(p.GenerateRoot()) + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("GenerateRoot").Once().Return(errors.New("hello world")) + err := p.GenerateRoot() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_ActiveRoot(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("ActiveRoot").Once().Return("foo", nil) + actual, err := p.ActiveRoot() + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("ActiveRoot").Once().Return("", errors.New("hello world")) + actual, err = p.ActiveRoot() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_GenerateIntermediateCSR(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("GenerateIntermediateCSR").Once().Return("foo", nil) + actual, err := p.GenerateIntermediateCSR() + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("GenerateIntermediateCSR").Once().Return("", errors.New("hello world")) + actual, err = p.GenerateIntermediateCSR() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_SetIntermediate(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("SetIntermediate", "foo", "bar").Once().Return(nil) + err := p.SetIntermediate("foo", "bar") + require.NoError(err) + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("SetIntermediate", "foo", "bar").Once().Return(errors.New("hello world")) + err = p.SetIntermediate("foo", "bar") + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_ActiveIntermediate(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("ActiveIntermediate").Once().Return("foo", nil) + actual, err := p.ActiveIntermediate() + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("ActiveIntermediate").Once().Return("", errors.New("hello world")) + actual, err = p.ActiveIntermediate() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_GenerateIntermediate(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("GenerateIntermediate").Once().Return("foo", nil) + actual, err := p.GenerateIntermediate() + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("GenerateIntermediate").Once().Return("", errors.New("hello world")) + actual, err = p.GenerateIntermediate() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_Sign(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Create a CSR + csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + block, _ := pem.Decode([]byte(csrPEM)) + csr, err := x509.ParseCertificateRequest(block.Bytes) + require.NoError(err) + require.NoError(csr.CheckSignature()) + + // No error + m.On("Sign", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { + csr := args.Get(0).(*x509.CertificateRequest) + require.NoError(csr.CheckSignature()) + }) + actual, err := p.Sign(csr) + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("Sign", mock.Anything).Once().Return("", errors.New("hello world")) + actual, err = p.Sign(csr) + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_SignIntermediate(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Create a CSR + csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + block, _ := pem.Decode([]byte(csrPEM)) + csr, err := x509.ParseCertificateRequest(block.Bytes) + require.NoError(err) + require.NoError(csr.CheckSignature()) + + // No error + m.On("SignIntermediate", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { + csr := args.Get(0).(*x509.CertificateRequest) + require.NoError(csr.CheckSignature()) + }) + actual, err := p.SignIntermediate(csr) + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("SignIntermediate", mock.Anything).Once().Return("", errors.New("hello world")) + actual, err = p.SignIntermediate(csr) + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_CrossSignCA(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Create a CSR + root := connect.TestCA(t, nil) + block, _ := pem.Decode([]byte(root.RootCert)) + crt, err := x509.ParseCertificate(block.Bytes) + require.NoError(err) + + // No error + m.On("CrossSignCA", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { + actual := args.Get(0).(*x509.Certificate) + require.True(crt.Equal(actual)) + }) + actual, err := p.CrossSignCA(crt) + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("CrossSignCA", mock.Anything).Once().Return("", errors.New("hello world")) + actual, err = p.CrossSignCA(crt) + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_Cleanup(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("Cleanup").Once().Return(nil) + require.NoError(p.Cleanup()) + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("Cleanup").Once().Return(errors.New("hello world")) + err := p.Cleanup() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +// testPlugin runs the given test function callback for all supported +// transports of the plugin RPC layer. +func testPlugin(t *testing.T, f func(t *testing.T, m *ca.MockProvider, actual ca.Provider)) { + t.Run("net/rpc", func(t *testing.T) { + // Create a mock provider + mockP := new(ca.MockProvider) + client, _ := plugin.TestPluginRPCConn(t, map[string]plugin.Plugin{ + Name: &ProviderPlugin{Impl: mockP}, + }, nil) + defer client.Close() + + // Request the provider + raw, err := client.Dispense(Name) + require.NoError(t, err) + provider := raw.(ca.Provider) + + // Call the test function + f(t, mockP, provider) + }) + + t.Run("gRPC", func(t *testing.T) { + // Create a mock provider + mockP := new(ca.MockProvider) + client, _ := plugin.TestPluginGRPCConn(t, map[string]plugin.Plugin{ + Name: &ProviderPlugin{Impl: mockP}, + }) + defer client.Close() + + // Request the provider + raw, err := client.Dispense(Name) + require.NoError(t, err) + provider := raw.(ca.Provider) + + // Call the test function + f(t, mockP, provider) + }) +} diff --git a/agent/connect/ca/plugin/provider.pb.go b/agent/connect/ca/plugin/provider.pb.go new file mode 100644 index 0000000000..8c15dcdc07 --- /dev/null +++ b/agent/connect/ca/plugin/provider.pb.go @@ -0,0 +1,2923 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: agent/connect/ca/plugin/provider.proto + +package plugin // import "github.com/hashicorp/consul/agent/connect/ca/plugin" + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" + +import ( + context "golang.org/x/net/context" + grpc "google.golang.org/grpc" +) + +import io "io" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +type ConfigureRequest struct { + ClusterId string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` + IsRoot bool `protobuf:"varint,2,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"` + Config []byte `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ConfigureRequest) Reset() { *m = ConfigureRequest{} } +func (m *ConfigureRequest) String() string { return proto.CompactTextString(m) } +func (*ConfigureRequest) ProtoMessage() {} +func (*ConfigureRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{0} +} +func (m *ConfigureRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ConfigureRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ConfigureRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *ConfigureRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ConfigureRequest.Merge(dst, src) +} +func (m *ConfigureRequest) XXX_Size() int { + return m.Size() +} +func (m *ConfigureRequest) XXX_DiscardUnknown() { + xxx_messageInfo_ConfigureRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_ConfigureRequest proto.InternalMessageInfo + +func (m *ConfigureRequest) GetClusterId() string { + if m != nil { + return m.ClusterId + } + return "" +} + +func (m *ConfigureRequest) GetIsRoot() bool { + if m != nil { + return m.IsRoot + } + return false +} + +func (m *ConfigureRequest) GetConfig() []byte { + if m != nil { + return m.Config + } + return nil +} + +type SetIntermediateRequest struct { + IntermediatePem string `protobuf:"bytes,1,opt,name=intermediate_pem,json=intermediatePem,proto3" json:"intermediate_pem,omitempty"` + RootPem string `protobuf:"bytes,2,opt,name=root_pem,json=rootPem,proto3" json:"root_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SetIntermediateRequest) Reset() { *m = SetIntermediateRequest{} } +func (m *SetIntermediateRequest) String() string { return proto.CompactTextString(m) } +func (*SetIntermediateRequest) ProtoMessage() {} +func (*SetIntermediateRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{1} +} +func (m *SetIntermediateRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SetIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SetIntermediateRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SetIntermediateRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SetIntermediateRequest.Merge(dst, src) +} +func (m *SetIntermediateRequest) XXX_Size() int { + return m.Size() +} +func (m *SetIntermediateRequest) XXX_DiscardUnknown() { + xxx_messageInfo_SetIntermediateRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_SetIntermediateRequest proto.InternalMessageInfo + +func (m *SetIntermediateRequest) GetIntermediatePem() string { + if m != nil { + return m.IntermediatePem + } + return "" +} + +func (m *SetIntermediateRequest) GetRootPem() string { + if m != nil { + return m.RootPem + } + return "" +} + +type SignRequest struct { + Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SignRequest) Reset() { *m = SignRequest{} } +func (m *SignRequest) String() string { return proto.CompactTextString(m) } +func (*SignRequest) ProtoMessage() {} +func (*SignRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{2} +} +func (m *SignRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SignRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SignRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SignRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignRequest.Merge(dst, src) +} +func (m *SignRequest) XXX_Size() int { + return m.Size() +} +func (m *SignRequest) XXX_DiscardUnknown() { + xxx_messageInfo_SignRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_SignRequest proto.InternalMessageInfo + +func (m *SignRequest) GetCsr() []byte { + if m != nil { + return m.Csr + } + return nil +} + +type SignIntermediateRequest struct { + Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SignIntermediateRequest) Reset() { *m = SignIntermediateRequest{} } +func (m *SignIntermediateRequest) String() string { return proto.CompactTextString(m) } +func (*SignIntermediateRequest) ProtoMessage() {} +func (*SignIntermediateRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{3} +} +func (m *SignIntermediateRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SignIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SignIntermediateRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SignIntermediateRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignIntermediateRequest.Merge(dst, src) +} +func (m *SignIntermediateRequest) XXX_Size() int { + return m.Size() +} +func (m *SignIntermediateRequest) XXX_DiscardUnknown() { + xxx_messageInfo_SignIntermediateRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_SignIntermediateRequest proto.InternalMessageInfo + +func (m *SignIntermediateRequest) GetCsr() []byte { + if m != nil { + return m.Csr + } + return nil +} + +type CrossSignCARequest struct { + Crt []byte `protobuf:"bytes,1,opt,name=crt,proto3" json:"crt,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *CrossSignCARequest) Reset() { *m = CrossSignCARequest{} } +func (m *CrossSignCARequest) String() string { return proto.CompactTextString(m) } +func (*CrossSignCARequest) ProtoMessage() {} +func (*CrossSignCARequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{4} +} +func (m *CrossSignCARequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CrossSignCARequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_CrossSignCARequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *CrossSignCARequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_CrossSignCARequest.Merge(dst, src) +} +func (m *CrossSignCARequest) XXX_Size() int { + return m.Size() +} +func (m *CrossSignCARequest) XXX_DiscardUnknown() { + xxx_messageInfo_CrossSignCARequest.DiscardUnknown(m) +} + +var xxx_messageInfo_CrossSignCARequest proto.InternalMessageInfo + +func (m *CrossSignCARequest) GetCrt() []byte { + if m != nil { + return m.Crt + } + return nil +} + +type ActiveRootResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ActiveRootResponse) Reset() { *m = ActiveRootResponse{} } +func (m *ActiveRootResponse) String() string { return proto.CompactTextString(m) } +func (*ActiveRootResponse) ProtoMessage() {} +func (*ActiveRootResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{5} +} +func (m *ActiveRootResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ActiveRootResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ActiveRootResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *ActiveRootResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_ActiveRootResponse.Merge(dst, src) +} +func (m *ActiveRootResponse) XXX_Size() int { + return m.Size() +} +func (m *ActiveRootResponse) XXX_DiscardUnknown() { + xxx_messageInfo_ActiveRootResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_ActiveRootResponse proto.InternalMessageInfo + +func (m *ActiveRootResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type GenerateIntermediateCSRResponse struct { + CsrPem string `protobuf:"bytes,1,opt,name=csr_pem,json=csrPem,proto3" json:"csr_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *GenerateIntermediateCSRResponse) Reset() { *m = GenerateIntermediateCSRResponse{} } +func (m *GenerateIntermediateCSRResponse) String() string { return proto.CompactTextString(m) } +func (*GenerateIntermediateCSRResponse) ProtoMessage() {} +func (*GenerateIntermediateCSRResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{6} +} +func (m *GenerateIntermediateCSRResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GenerateIntermediateCSRResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GenerateIntermediateCSRResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *GenerateIntermediateCSRResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_GenerateIntermediateCSRResponse.Merge(dst, src) +} +func (m *GenerateIntermediateCSRResponse) XXX_Size() int { + return m.Size() +} +func (m *GenerateIntermediateCSRResponse) XXX_DiscardUnknown() { + xxx_messageInfo_GenerateIntermediateCSRResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_GenerateIntermediateCSRResponse proto.InternalMessageInfo + +func (m *GenerateIntermediateCSRResponse) GetCsrPem() string { + if m != nil { + return m.CsrPem + } + return "" +} + +type ActiveIntermediateResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ActiveIntermediateResponse) Reset() { *m = ActiveIntermediateResponse{} } +func (m *ActiveIntermediateResponse) String() string { return proto.CompactTextString(m) } +func (*ActiveIntermediateResponse) ProtoMessage() {} +func (*ActiveIntermediateResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{7} +} +func (m *ActiveIntermediateResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ActiveIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ActiveIntermediateResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *ActiveIntermediateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_ActiveIntermediateResponse.Merge(dst, src) +} +func (m *ActiveIntermediateResponse) XXX_Size() int { + return m.Size() +} +func (m *ActiveIntermediateResponse) XXX_DiscardUnknown() { + xxx_messageInfo_ActiveIntermediateResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_ActiveIntermediateResponse proto.InternalMessageInfo + +func (m *ActiveIntermediateResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type GenerateIntermediateResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *GenerateIntermediateResponse) Reset() { *m = GenerateIntermediateResponse{} } +func (m *GenerateIntermediateResponse) String() string { return proto.CompactTextString(m) } +func (*GenerateIntermediateResponse) ProtoMessage() {} +func (*GenerateIntermediateResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{8} +} +func (m *GenerateIntermediateResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GenerateIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GenerateIntermediateResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *GenerateIntermediateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_GenerateIntermediateResponse.Merge(dst, src) +} +func (m *GenerateIntermediateResponse) XXX_Size() int { + return m.Size() +} +func (m *GenerateIntermediateResponse) XXX_DiscardUnknown() { + xxx_messageInfo_GenerateIntermediateResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_GenerateIntermediateResponse proto.InternalMessageInfo + +func (m *GenerateIntermediateResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type SignResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SignResponse) Reset() { *m = SignResponse{} } +func (m *SignResponse) String() string { return proto.CompactTextString(m) } +func (*SignResponse) ProtoMessage() {} +func (*SignResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{9} +} +func (m *SignResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SignResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SignResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SignResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignResponse.Merge(dst, src) +} +func (m *SignResponse) XXX_Size() int { + return m.Size() +} +func (m *SignResponse) XXX_DiscardUnknown() { + xxx_messageInfo_SignResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_SignResponse proto.InternalMessageInfo + +func (m *SignResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type SignIntermediateResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SignIntermediateResponse) Reset() { *m = SignIntermediateResponse{} } +func (m *SignIntermediateResponse) String() string { return proto.CompactTextString(m) } +func (*SignIntermediateResponse) ProtoMessage() {} +func (*SignIntermediateResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{10} +} +func (m *SignIntermediateResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SignIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SignIntermediateResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SignIntermediateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignIntermediateResponse.Merge(dst, src) +} +func (m *SignIntermediateResponse) XXX_Size() int { + return m.Size() +} +func (m *SignIntermediateResponse) XXX_DiscardUnknown() { + xxx_messageInfo_SignIntermediateResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_SignIntermediateResponse proto.InternalMessageInfo + +func (m *SignIntermediateResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type CrossSignCAResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *CrossSignCAResponse) Reset() { *m = CrossSignCAResponse{} } +func (m *CrossSignCAResponse) String() string { return proto.CompactTextString(m) } +func (*CrossSignCAResponse) ProtoMessage() {} +func (*CrossSignCAResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{11} +} +func (m *CrossSignCAResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CrossSignCAResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_CrossSignCAResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *CrossSignCAResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_CrossSignCAResponse.Merge(dst, src) +} +func (m *CrossSignCAResponse) XXX_Size() int { + return m.Size() +} +func (m *CrossSignCAResponse) XXX_DiscardUnknown() { + xxx_messageInfo_CrossSignCAResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_CrossSignCAResponse proto.InternalMessageInfo + +func (m *CrossSignCAResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +// Protobufs doesn't allow no req/resp so in the cases where there are +// no arguments we use the Empty message. +type Empty struct { + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *Empty) Reset() { *m = Empty{} } +func (m *Empty) String() string { return proto.CompactTextString(m) } +func (*Empty) ProtoMessage() {} +func (*Empty) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{12} +} +func (m *Empty) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_Empty.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *Empty) XXX_Merge(src proto.Message) { + xxx_messageInfo_Empty.Merge(dst, src) +} +func (m *Empty) XXX_Size() int { + return m.Size() +} +func (m *Empty) XXX_DiscardUnknown() { + xxx_messageInfo_Empty.DiscardUnknown(m) +} + +var xxx_messageInfo_Empty proto.InternalMessageInfo + +func init() { + proto.RegisterType((*ConfigureRequest)(nil), "plugin.ConfigureRequest") + proto.RegisterType((*SetIntermediateRequest)(nil), "plugin.SetIntermediateRequest") + proto.RegisterType((*SignRequest)(nil), "plugin.SignRequest") + proto.RegisterType((*SignIntermediateRequest)(nil), "plugin.SignIntermediateRequest") + proto.RegisterType((*CrossSignCARequest)(nil), "plugin.CrossSignCARequest") + proto.RegisterType((*ActiveRootResponse)(nil), "plugin.ActiveRootResponse") + proto.RegisterType((*GenerateIntermediateCSRResponse)(nil), "plugin.GenerateIntermediateCSRResponse") + proto.RegisterType((*ActiveIntermediateResponse)(nil), "plugin.ActiveIntermediateResponse") + proto.RegisterType((*GenerateIntermediateResponse)(nil), "plugin.GenerateIntermediateResponse") + proto.RegisterType((*SignResponse)(nil), "plugin.SignResponse") + proto.RegisterType((*SignIntermediateResponse)(nil), "plugin.SignIntermediateResponse") + proto.RegisterType((*CrossSignCAResponse)(nil), "plugin.CrossSignCAResponse") + proto.RegisterType((*Empty)(nil), "plugin.Empty") +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 + +// CAClient is the client API for CA service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type CAClient interface { + Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*Empty, error) + GenerateRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) + ActiveRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveRootResponse, error) + GenerateIntermediateCSR(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateCSRResponse, error) + SetIntermediate(ctx context.Context, in *SetIntermediateRequest, opts ...grpc.CallOption) (*Empty, error) + ActiveIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveIntermediateResponse, error) + GenerateIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateResponse, error) + Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) + SignIntermediate(ctx context.Context, in *SignIntermediateRequest, opts ...grpc.CallOption) (*SignIntermediateResponse, error) + CrossSignCA(ctx context.Context, in *CrossSignCARequest, opts ...grpc.CallOption) (*CrossSignCAResponse, error) + Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) +} + +type cAClient struct { + cc *grpc.ClientConn +} + +func NewCAClient(cc *grpc.ClientConn) CAClient { + return &cAClient{cc} +} + +func (c *cAClient) Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/plugin.CA/Configure", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) GenerateRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/plugin.CA/GenerateRoot", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) ActiveRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveRootResponse, error) { + out := new(ActiveRootResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/ActiveRoot", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) GenerateIntermediateCSR(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateCSRResponse, error) { + out := new(GenerateIntermediateCSRResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/GenerateIntermediateCSR", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) SetIntermediate(ctx context.Context, in *SetIntermediateRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/plugin.CA/SetIntermediate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) ActiveIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveIntermediateResponse, error) { + out := new(ActiveIntermediateResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/ActiveIntermediate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) GenerateIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateResponse, error) { + out := new(GenerateIntermediateResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/GenerateIntermediate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) { + out := new(SignResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/Sign", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) SignIntermediate(ctx context.Context, in *SignIntermediateRequest, opts ...grpc.CallOption) (*SignIntermediateResponse, error) { + out := new(SignIntermediateResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/SignIntermediate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) CrossSignCA(ctx context.Context, in *CrossSignCARequest, opts ...grpc.CallOption) (*CrossSignCAResponse, error) { + out := new(CrossSignCAResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/CrossSignCA", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/plugin.CA/Cleanup", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CAServer is the server API for CA service. +type CAServer interface { + Configure(context.Context, *ConfigureRequest) (*Empty, error) + GenerateRoot(context.Context, *Empty) (*Empty, error) + ActiveRoot(context.Context, *Empty) (*ActiveRootResponse, error) + GenerateIntermediateCSR(context.Context, *Empty) (*GenerateIntermediateCSRResponse, error) + SetIntermediate(context.Context, *SetIntermediateRequest) (*Empty, error) + ActiveIntermediate(context.Context, *Empty) (*ActiveIntermediateResponse, error) + GenerateIntermediate(context.Context, *Empty) (*GenerateIntermediateResponse, error) + Sign(context.Context, *SignRequest) (*SignResponse, error) + SignIntermediate(context.Context, *SignIntermediateRequest) (*SignIntermediateResponse, error) + CrossSignCA(context.Context, *CrossSignCARequest) (*CrossSignCAResponse, error) + Cleanup(context.Context, *Empty) (*Empty, error) +} + +func RegisterCAServer(s *grpc.Server, srv CAServer) { + s.RegisterService(&_CA_serviceDesc, srv) +} + +func _CA_Configure_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ConfigureRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).Configure(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/Configure", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).Configure(ctx, req.(*ConfigureRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_GenerateRoot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).GenerateRoot(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/GenerateRoot", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).GenerateRoot(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_ActiveRoot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).ActiveRoot(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/ActiveRoot", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).ActiveRoot(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_GenerateIntermediateCSR_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).GenerateIntermediateCSR(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/GenerateIntermediateCSR", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).GenerateIntermediateCSR(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_SetIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SetIntermediateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).SetIntermediate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/SetIntermediate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).SetIntermediate(ctx, req.(*SetIntermediateRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_ActiveIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).ActiveIntermediate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/ActiveIntermediate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).ActiveIntermediate(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_GenerateIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).GenerateIntermediate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/GenerateIntermediate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).GenerateIntermediate(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SignRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).Sign(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/Sign", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).Sign(ctx, req.(*SignRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_SignIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SignIntermediateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).SignIntermediate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/SignIntermediate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).SignIntermediate(ctx, req.(*SignIntermediateRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_CrossSignCA_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CrossSignCARequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).CrossSignCA(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/CrossSignCA", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).CrossSignCA(ctx, req.(*CrossSignCARequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_Cleanup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).Cleanup(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/Cleanup", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).Cleanup(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +var _CA_serviceDesc = grpc.ServiceDesc{ + ServiceName: "plugin.CA", + HandlerType: (*CAServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Configure", + Handler: _CA_Configure_Handler, + }, + { + MethodName: "GenerateRoot", + Handler: _CA_GenerateRoot_Handler, + }, + { + MethodName: "ActiveRoot", + Handler: _CA_ActiveRoot_Handler, + }, + { + MethodName: "GenerateIntermediateCSR", + Handler: _CA_GenerateIntermediateCSR_Handler, + }, + { + MethodName: "SetIntermediate", + Handler: _CA_SetIntermediate_Handler, + }, + { + MethodName: "ActiveIntermediate", + Handler: _CA_ActiveIntermediate_Handler, + }, + { + MethodName: "GenerateIntermediate", + Handler: _CA_GenerateIntermediate_Handler, + }, + { + MethodName: "Sign", + Handler: _CA_Sign_Handler, + }, + { + MethodName: "SignIntermediate", + Handler: _CA_SignIntermediate_Handler, + }, + { + MethodName: "CrossSignCA", + Handler: _CA_CrossSignCA_Handler, + }, + { + MethodName: "Cleanup", + Handler: _CA_Cleanup_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "agent/connect/ca/plugin/provider.proto", +} + +func (m *ConfigureRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ConfigureRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.ClusterId) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.ClusterId))) + i += copy(dAtA[i:], m.ClusterId) + } + if m.IsRoot { + dAtA[i] = 0x10 + i++ + if m.IsRoot { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i++ + } + if len(m.Config) > 0 { + dAtA[i] = 0x1a + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.Config))) + i += copy(dAtA[i:], m.Config) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SetIntermediateRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SetIntermediateRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.IntermediatePem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.IntermediatePem))) + i += copy(dAtA[i:], m.IntermediatePem) + } + if len(m.RootPem) > 0 { + dAtA[i] = 0x12 + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.RootPem))) + i += copy(dAtA[i:], m.RootPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SignRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SignRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Csr) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.Csr))) + i += copy(dAtA[i:], m.Csr) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SignIntermediateRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SignIntermediateRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Csr) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.Csr))) + i += copy(dAtA[i:], m.Csr) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *CrossSignCARequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CrossSignCARequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Crt) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.Crt))) + i += copy(dAtA[i:], m.Crt) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *ActiveRootResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ActiveRootResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *GenerateIntermediateCSRResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GenerateIntermediateCSRResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CsrPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CsrPem))) + i += copy(dAtA[i:], m.CsrPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *ActiveIntermediateResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ActiveIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *GenerateIntermediateResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GenerateIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SignResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SignResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SignIntermediateResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SignIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *CrossSignCAResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CrossSignCAResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *Empty) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Empty) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func encodeVarintProvider(dAtA []byte, offset int, v uint64) int { + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return offset + 1 +} +func (m *ConfigureRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ClusterId) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.IsRoot { + n += 2 + } + l = len(m.Config) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SetIntermediateRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.IntermediatePem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + l = len(m.RootPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SignRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Csr) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SignIntermediateRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Csr) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *CrossSignCARequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Crt) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ActiveRootResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GenerateIntermediateCSRResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CsrPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ActiveIntermediateResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GenerateIntermediateResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SignResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SignIntermediateResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *CrossSignCAResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *Empty) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func sovProvider(x uint64) (n int) { + for { + n++ + x >>= 7 + if x == 0 { + break + } + } + return n +} +func sozProvider(x uint64) (n int) { + return sovProvider(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ConfigureRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ConfigureRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ClusterId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field IsRoot", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + m.IsRoot = bool(v != 0) + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Config = append(m.Config[:0], dAtA[iNdEx:postIndex]...) + if m.Config == nil { + m.Config = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SetIntermediateRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SetIntermediateRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field IntermediatePem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.IntermediatePem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RootPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RootPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SignRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SignRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SignRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Csr", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Csr = append(m.Csr[:0], dAtA[iNdEx:postIndex]...) + if m.Csr == nil { + m.Csr = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SignIntermediateRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SignIntermediateRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Csr", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Csr = append(m.Csr[:0], dAtA[iNdEx:postIndex]...) + if m.Csr == nil { + m.Csr = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CrossSignCARequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CrossSignCARequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Crt", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Crt = append(m.Crt[:0], dAtA[iNdEx:postIndex]...) + if m.Crt == nil { + m.Crt = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ActiveRootResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ActiveRootResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GenerateIntermediateCSRResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GenerateIntermediateCSRResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CsrPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CsrPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ActiveIntermediateResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ActiveIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GenerateIntermediateResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GenerateIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SignResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SignResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SignResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SignIntermediateResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SignIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CrossSignCAResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CrossSignCAResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Empty) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Empty: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Empty: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipProvider(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowProvider + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowProvider + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + return iNdEx, nil + case 1: + iNdEx += 8 + return iNdEx, nil + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowProvider + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + iNdEx += length + if length < 0 { + return 0, ErrInvalidLengthProvider + } + return iNdEx, nil + case 3: + for { + var innerWire uint64 + var start int = iNdEx + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowProvider + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + innerWire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + innerWireType := int(innerWire & 0x7) + if innerWireType == 4 { + break + } + next, err := skipProvider(dAtA[start:]) + if err != nil { + return 0, err + } + iNdEx = start + next + } + return iNdEx, nil + case 4: + return iNdEx, nil + case 5: + iNdEx += 4 + return iNdEx, nil + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + } + panic("unreachable") +} + +var ( + ErrInvalidLengthProvider = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowProvider = fmt.Errorf("proto: integer overflow") +) + +func init() { + proto.RegisterFile("agent/connect/ca/plugin/provider.proto", fileDescriptor_provider_8ff2d2670790989c) +} + +var fileDescriptor_provider_8ff2d2670790989c = []byte{ + // 566 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0xdf, 0x6e, 0xd3, 0x3e, + 0x18, 0xfd, 0xa5, 0xfb, 0xad, 0x5d, 0xbf, 0x15, 0xad, 0xf2, 0xa6, 0xb5, 0x14, 0x68, 0xab, 0x08, + 0xad, 0x45, 0x40, 0x23, 0x28, 0x68, 0x12, 0x57, 0x94, 0x68, 0x4c, 0x13, 0x37, 0x23, 0x15, 0x37, + 0x5c, 0x50, 0xa5, 0xae, 0x49, 0x2d, 0x35, 0x71, 0xb0, 0x9d, 0x49, 0xbc, 0x09, 0x6f, 0x04, 0x97, + 0x3c, 0x02, 0x2a, 0x2f, 0x82, 0x9c, 0x26, 0x59, 0x92, 0xa6, 0xcb, 0x5d, 0xfc, 0xe5, 0x9c, 0xf3, + 0xfd, 0x3b, 0x36, 0x9c, 0xd9, 0x0e, 0xf1, 0xa4, 0x81, 0x99, 0xe7, 0x11, 0x2c, 0x0d, 0x6c, 0x1b, + 0xfe, 0x2a, 0x70, 0xa8, 0x67, 0xf8, 0x9c, 0xdd, 0xd0, 0x05, 0xe1, 0x23, 0x9f, 0x33, 0xc9, 0x50, + 0x75, 0x13, 0xd6, 0xe7, 0xd0, 0x34, 0x99, 0xf7, 0x95, 0x3a, 0x01, 0x27, 0x16, 0xf9, 0x16, 0x10, + 0x21, 0xd1, 0x23, 0x00, 0xbc, 0x0a, 0x84, 0x24, 0x7c, 0x46, 0x17, 0x6d, 0xad, 0xaf, 0x0d, 0xeb, + 0x56, 0x3d, 0x8a, 0x5c, 0x2d, 0x50, 0x0b, 0x6a, 0x54, 0xcc, 0x38, 0x63, 0xb2, 0x5d, 0xe9, 0x6b, + 0xc3, 0x03, 0xab, 0x4a, 0x85, 0xc5, 0x98, 0x44, 0xa7, 0x50, 0xc5, 0xa1, 0x56, 0x7b, 0xaf, 0xaf, + 0x0d, 0x1b, 0x56, 0x74, 0xd2, 0xbf, 0xc0, 0xe9, 0x94, 0xc8, 0x2b, 0x4f, 0x12, 0xee, 0x92, 0x05, + 0xb5, 0x65, 0x92, 0xe9, 0x09, 0x34, 0x69, 0x2a, 0x3c, 0xf3, 0x89, 0x1b, 0xe5, 0x3b, 0x4a, 0xc7, + 0xaf, 0x89, 0x8b, 0xee, 0xc3, 0x81, 0x4a, 0x19, 0x42, 0x2a, 0x21, 0xa4, 0xa6, 0xce, 0xd7, 0xc4, + 0xd5, 0x7b, 0x70, 0x38, 0xa5, 0x8e, 0x17, 0x8b, 0x36, 0x61, 0x0f, 0x0b, 0x1e, 0xea, 0x34, 0x2c, + 0xf5, 0xa9, 0x3f, 0x85, 0x96, 0x02, 0x14, 0x55, 0xb0, 0x0d, 0x3e, 0x03, 0x64, 0x72, 0x26, 0x84, + 0x62, 0x98, 0x93, 0x34, 0x8e, 0xcb, 0x04, 0xc7, 0xa5, 0xfe, 0x1c, 0xd0, 0x04, 0x4b, 0x7a, 0x43, + 0x54, 0xef, 0x16, 0x11, 0x3e, 0xf3, 0x04, 0x51, 0xc3, 0xc1, 0x5c, 0xa6, 0x1a, 0xa9, 0x62, 0x1e, + 0x16, 0xf9, 0x06, 0x7a, 0x97, 0xc4, 0x23, 0xdc, 0x96, 0x24, 0x5d, 0x87, 0x39, 0xb5, 0x32, 0x5c, + 0xc1, 0x33, 0x5c, 0xc1, 0x15, 0xf7, 0x35, 0x74, 0x36, 0xa9, 0xb2, 0x1d, 0x94, 0xa5, 0x3c, 0x87, + 0x87, 0x45, 0x29, 0xcb, 0x89, 0x03, 0x68, 0x6c, 0x06, 0x5a, 0x06, 0x1c, 0x43, 0x7b, 0x7b, 0xb0, + 0x65, 0xa4, 0x11, 0x1c, 0x67, 0x06, 0x5c, 0x86, 0xaf, 0xc1, 0xfe, 0x85, 0xeb, 0xcb, 0xef, 0x2f, + 0x7f, 0xee, 0x43, 0xc5, 0x9c, 0xa0, 0x57, 0x50, 0x4f, 0x2c, 0x8b, 0xda, 0xa3, 0x8d, 0x91, 0x47, + 0x79, 0x17, 0x77, 0xee, 0xc5, 0x7f, 0x42, 0x32, 0x7a, 0x06, 0x8d, 0x78, 0x18, 0xa1, 0x59, 0xb3, + 0xbf, 0xf3, 0xe8, 0x73, 0x80, 0xdb, 0xe5, 0xe6, 0xb1, 0x9d, 0xf8, 0x58, 0xb0, 0xff, 0x8f, 0xd0, + 0xda, 0xb1, 0xe6, 0xbc, 0xca, 0x20, 0x3e, 0x96, 0xd9, 0xe2, 0x2d, 0x1c, 0xe5, 0xae, 0x0f, 0xea, + 0xc6, 0xdc, 0xe2, 0x7b, 0x95, 0xef, 0xe6, 0x32, 0xb6, 0x6a, 0x46, 0x24, 0x57, 0x8f, 0x9e, 0xed, + 0xaa, 0x70, 0xa7, 0x1f, 0xe0, 0xa4, 0xa8, 0xda, 0xbc, 0xd4, 0xe3, 0xbb, 0x5a, 0x4b, 0xc4, 0x5e, + 0xc0, 0xff, 0xca, 0x02, 0xe8, 0x38, 0x69, 0xe6, 0xf6, 0x12, 0x77, 0x4e, 0xb2, 0xc1, 0x88, 0xf2, + 0x09, 0x9a, 0x79, 0xbf, 0xa1, 0x5e, 0x1a, 0x59, 0x34, 0x8c, 0xfe, 0x6e, 0x40, 0x24, 0xfb, 0x1e, + 0x0e, 0x53, 0x8e, 0x44, 0xc9, 0x7e, 0xb7, 0xdf, 0x81, 0xce, 0x83, 0xc2, 0x7f, 0x91, 0xce, 0x00, + 0x6a, 0xe6, 0x8a, 0xd8, 0x5e, 0xe0, 0xdf, 0x6d, 0xaf, 0x77, 0x17, 0xbf, 0xd6, 0x5d, 0xed, 0xf7, + 0xba, 0xab, 0xfd, 0x59, 0x77, 0xb5, 0x1f, 0x7f, 0xbb, 0xff, 0x7d, 0x1e, 0x3b, 0x54, 0x2e, 0x83, + 0xf9, 0x08, 0x33, 0xd7, 0x58, 0xda, 0x62, 0x49, 0x31, 0xe3, 0xbe, 0x7a, 0xc6, 0x45, 0xb0, 0x32, + 0x76, 0xbc, 0xe9, 0xf3, 0x6a, 0xf8, 0x96, 0x8f, 0xff, 0x05, 0x00, 0x00, 0xff, 0xff, 0x7b, 0x20, + 0xb4, 0xe4, 0xf5, 0x05, 0x00, 0x00, +} diff --git a/agent/connect/ca/plugin/provider.proto b/agent/connect/ca/plugin/provider.proto new file mode 100644 index 0000000000..6ca9cf88f5 --- /dev/null +++ b/agent/connect/ca/plugin/provider.proto @@ -0,0 +1,84 @@ +/* This proto file contains the service and structures for implementing + * a Consul CA provider plugin. For clearer documentation on what each + * RPC method should do, please refer to the Go interface documentation + * for `agent/connect/ca.Provider`. + * + * After implementing this service, the plugin must also output the proper + * format to stdout for the plugin handshake. Please refer to the Consul + * documentation for more information. + */ + +syntax = "proto3"; + +option go_package = "github.com/hashicorp/consul/agent/connect/ca/plugin"; + +package plugin; + +service CA { + rpc Configure(ConfigureRequest) returns (Empty); + rpc GenerateRoot(Empty) returns (Empty); + rpc ActiveRoot(Empty) returns (ActiveRootResponse); + rpc GenerateIntermediateCSR(Empty) returns (GenerateIntermediateCSRResponse); + rpc SetIntermediate(SetIntermediateRequest) returns (Empty); + rpc ActiveIntermediate(Empty) returns (ActiveIntermediateResponse); + rpc GenerateIntermediate(Empty) returns (GenerateIntermediateResponse); + rpc Sign(SignRequest) returns (SignResponse); + rpc SignIntermediate(SignIntermediateRequest) returns (SignIntermediateResponse); + rpc CrossSignCA(CrossSignCARequest) returns (CrossSignCAResponse); + rpc Cleanup(Empty) returns (Empty); +} + +message ConfigureRequest { + string cluster_id = 1; + bool is_root = 2; + bytes config = 3; // JSON-encoded structure +} + +message SetIntermediateRequest { + string intermediate_pem = 1; + string root_pem = 2; +} + +message SignRequest { + bytes csr = 1; +} + +message SignIntermediateRequest { + bytes csr = 1; +} + +message CrossSignCARequest { + bytes crt = 1; +} + +message ActiveRootResponse { + string crt_pem = 1; +} + +message GenerateIntermediateCSRResponse { + string csr_pem = 1; +} + +message ActiveIntermediateResponse { + string crt_pem = 1; +} + +message GenerateIntermediateResponse { + string crt_pem = 1; +} + +message SignResponse { + string crt_pem = 1; +} + +message SignIntermediateResponse { + string crt_pem = 1; +} + +message CrossSignCAResponse { + string crt_pem = 1; +} + +// Protobufs doesn't allow no req/resp so in the cases where there are +// no arguments we use the Empty message. +message Empty {} diff --git a/agent/connect/ca/plugin/serve.go b/agent/connect/ca/plugin/serve.go new file mode 100644 index 0000000000..94bc04425c --- /dev/null +++ b/agent/connect/ca/plugin/serve.go @@ -0,0 +1,33 @@ +package plugin + +import ( + "github.com/hashicorp/consul/agent/connect/ca" + "github.com/hashicorp/go-plugin" +) + +// Name is the name of the plugin that users of the package should use +// with *plugin.Client.Dispense to get the proper plugin instance. +const Name = "consul-connect-ca" + +// handshakeConfig is the HandshakeConfig used to configure clients and servers. +var handshakeConfig = plugin.HandshakeConfig{ + // The ProtocolVersion is the version that must match between Consul + // and CA plugins. This should be bumped whenever a change happens in + // one or the other that makes it so that they can't safely communicate. + ProtocolVersion: 1, + + // The magic cookie values should NEVER be changed. + MagicCookieKey: "CONSUL_PLUGIN_MAGIC_COOKIE", + MagicCookieValue: "f31f63b28fa82a3cdb30a6284cb1e50e3a13b7e60ba105a2c91219da319d216c", +} + +// Serve serves a CA plugin. This function never returns and should be the +// final function called in the main function of the plugin. +func Serve(p ca.Provider) { + plugin.Serve(&plugin.ServeConfig{ + HandshakeConfig: handshakeConfig, + Plugins: map[string]plugin.Plugin{ + Name: &ProviderPlugin{Impl: p}, + }, + }) +} diff --git a/agent/connect/ca/plugin/transport_grpc.go b/agent/connect/ca/plugin/transport_grpc.go new file mode 100644 index 0000000000..cb21e559cd --- /dev/null +++ b/agent/connect/ca/plugin/transport_grpc.go @@ -0,0 +1,210 @@ +package plugin + +import ( + "context" + "crypto/x509" + "encoding/json" + + "github.com/hashicorp/consul/agent/connect/ca" + "google.golang.org/grpc" +) + +// providerPluginGRPCServer implements the CAServer interface for gRPC. +type providerPluginGRPCServer struct { + impl ca.Provider +} + +func (p *providerPluginGRPCServer) Configure(_ context.Context, req *ConfigureRequest) (*Empty, error) { + var rawConfig map[string]interface{} + if err := json.Unmarshal(req.Config, &rawConfig); err != nil { + return nil, err + } + + return &Empty{}, p.impl.Configure(req.ClusterId, req.IsRoot, rawConfig) +} + +func (p *providerPluginGRPCServer) GenerateRoot(context.Context, *Empty) (*Empty, error) { + return &Empty{}, p.impl.GenerateRoot() +} + +func (p *providerPluginGRPCServer) ActiveRoot(context.Context, *Empty) (*ActiveRootResponse, error) { + pem, err := p.impl.ActiveRoot() + return &ActiveRootResponse{CrtPem: pem}, err +} + +func (p *providerPluginGRPCServer) GenerateIntermediateCSR(context.Context, *Empty) (*GenerateIntermediateCSRResponse, error) { + pem, err := p.impl.GenerateIntermediateCSR() + return &GenerateIntermediateCSRResponse{CsrPem: pem}, err +} + +func (p *providerPluginGRPCServer) SetIntermediate(_ context.Context, req *SetIntermediateRequest) (*Empty, error) { + return &Empty{}, p.impl.SetIntermediate(req.IntermediatePem, req.RootPem) +} + +func (p *providerPluginGRPCServer) ActiveIntermediate(context.Context, *Empty) (*ActiveIntermediateResponse, error) { + pem, err := p.impl.ActiveIntermediate() + return &ActiveIntermediateResponse{CrtPem: pem}, err +} + +func (p *providerPluginGRPCServer) GenerateIntermediate(context.Context, *Empty) (*GenerateIntermediateResponse, error) { + pem, err := p.impl.GenerateIntermediate() + return &GenerateIntermediateResponse{CrtPem: pem}, err +} + +func (p *providerPluginGRPCServer) Sign(_ context.Context, req *SignRequest) (*SignResponse, error) { + csr, err := x509.ParseCertificateRequest(req.Csr) + if err != nil { + return nil, err + } + + crtPEM, err := p.impl.Sign(csr) + return &SignResponse{CrtPem: crtPEM}, err +} + +func (p *providerPluginGRPCServer) SignIntermediate(_ context.Context, req *SignIntermediateRequest) (*SignIntermediateResponse, error) { + csr, err := x509.ParseCertificateRequest(req.Csr) + if err != nil { + return nil, err + } + + crtPEM, err := p.impl.SignIntermediate(csr) + return &SignIntermediateResponse{CrtPem: crtPEM}, err +} + +func (p *providerPluginGRPCServer) CrossSignCA(_ context.Context, req *CrossSignCARequest) (*CrossSignCAResponse, error) { + crt, err := x509.ParseCertificate(req.Crt) + if err != nil { + return nil, err + } + + crtPEM, err := p.impl.CrossSignCA(crt) + return &CrossSignCAResponse{CrtPem: crtPEM}, err +} + +func (p *providerPluginGRPCServer) Cleanup(context.Context, *Empty) (*Empty, error) { + return &Empty{}, p.impl.Cleanup() +} + +// providerPluginGRPCClient implements ca.Provider for acting as a client +// to a remote CA provider plugin over gRPC. +type providerPluginGRPCClient struct { + client CAClient + clientConn *grpc.ClientConn + doneCtx context.Context +} + +func (p *providerPluginGRPCClient) Configure( + clusterId string, + isRoot bool, + rawConfig map[string]interface{}) error { + config, err := json.Marshal(rawConfig) + if err != nil { + return err + } + + _, err = p.client.Configure(p.doneCtx, &ConfigureRequest{ + ClusterId: clusterId, + IsRoot: isRoot, + Config: config, + }) + return p.err(err) +} + +func (p *providerPluginGRPCClient) GenerateRoot() error { + _, err := p.client.GenerateRoot(p.doneCtx, &Empty{}) + return p.err(err) +} + +func (p *providerPluginGRPCClient) ActiveRoot() (string, error) { + resp, err := p.client.ActiveRoot(p.doneCtx, &Empty{}) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) GenerateIntermediateCSR() (string, error) { + resp, err := p.client.GenerateIntermediateCSR(p.doneCtx, &Empty{}) + if err != nil { + return "", p.err(err) + } + + return resp.CsrPem, nil +} + +func (p *providerPluginGRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error { + _, err := p.client.SetIntermediate(p.doneCtx, &SetIntermediateRequest{ + IntermediatePem: intermediatePEM, + RootPem: rootPEM, + }) + return p.err(err) +} + +func (p *providerPluginGRPCClient) ActiveIntermediate() (string, error) { + resp, err := p.client.ActiveIntermediate(p.doneCtx, &Empty{}) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) GenerateIntermediate() (string, error) { + resp, err := p.client.GenerateIntermediate(p.doneCtx, &Empty{}) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) Sign(csr *x509.CertificateRequest) (string, error) { + resp, err := p.client.Sign(p.doneCtx, &SignRequest{ + Csr: csr.Raw, + }) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) { + resp, err := p.client.SignIntermediate(p.doneCtx, &SignIntermediateRequest{ + Csr: csr.Raw, + }) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) { + resp, err := p.client.CrossSignCA(p.doneCtx, &CrossSignCARequest{ + Crt: crt.Raw, + }) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) Cleanup() error { + _, err := p.client.Cleanup(p.doneCtx, &Empty{}) + return p.err(err) +} + +func (p *providerPluginGRPCClient) err(err error) error { + if err := p.doneCtx.Err(); err != nil { + return err + } + + return err +} + +// Verification +var _ CAServer = &providerPluginGRPCServer{} +var _ ca.Provider = &providerPluginGRPCClient{} diff --git a/agent/connect/ca/plugin/transport_netrpc.go b/agent/connect/ca/plugin/transport_netrpc.go new file mode 100644 index 0000000000..8186e1d00c --- /dev/null +++ b/agent/connect/ca/plugin/transport_netrpc.go @@ -0,0 +1,185 @@ +package plugin + +import ( + "crypto/x509" + "net/rpc" + + "github.com/hashicorp/consul/agent/connect/ca" +) + +// providerPluginRPCServer implements a net/rpc backed transport for +// an underlying implementation of a ca.Provider. The server side is the +// plugin binary itself. +type providerPluginRPCServer struct { + impl ca.Provider +} + +func (p *providerPluginRPCServer) Configure(args *ConfigureRPCRequest, _ *struct{}) error { + return p.impl.Configure(args.ClusterId, args.IsRoot, args.RawConfig) +} + +func (p *providerPluginRPCServer) GenerateRoot(struct{}, *struct{}) error { + return p.impl.GenerateRoot() +} + +func (p *providerPluginRPCServer) ActiveRoot(_ struct{}, resp *ActiveRootResponse) error { + var err error + resp.CrtPem, err = p.impl.ActiveRoot() + return err +} + +func (p *providerPluginRPCServer) GenerateIntermediateCSR(_ struct{}, resp *GenerateIntermediateCSRResponse) error { + var err error + resp.CsrPem, err = p.impl.GenerateIntermediateCSR() + return err +} + +func (p *providerPluginRPCServer) SetIntermediate(args *SetIntermediateRPCRequest, _ *struct{}) error { + return p.impl.SetIntermediate(args.IntermediatePEM, args.RootPEM) +} + +func (p *providerPluginRPCServer) ActiveIntermediate(_ struct{}, resp *ActiveIntermediateResponse) error { + var err error + resp.CrtPem, err = p.impl.ActiveIntermediate() + return err +} + +func (p *providerPluginRPCServer) GenerateIntermediate(_ struct{}, resp *GenerateIntermediateResponse) error { + var err error + resp.CrtPem, err = p.impl.GenerateIntermediate() + return err +} + +func (p *providerPluginRPCServer) Sign(args *SignRequest, resp *SignResponse) error { + csr, err := x509.ParseCertificateRequest(args.Csr) + if err != nil { + return err + } + + resp.CrtPem, err = p.impl.Sign(csr) + return err +} + +func (p *providerPluginRPCServer) SignIntermediate(args *SignIntermediateRequest, resp *SignIntermediateResponse) error { + csr, err := x509.ParseCertificateRequest(args.Csr) + if err != nil { + return err + } + + resp.CrtPem, err = p.impl.SignIntermediate(csr) + return err +} + +func (p *providerPluginRPCServer) CrossSignCA(args *CrossSignCARequest, resp *CrossSignCAResponse) error { + crt, err := x509.ParseCertificate(args.Crt) + if err != nil { + return err + } + + resp.CrtPem, err = p.impl.CrossSignCA(crt) + return err +} + +func (p *providerPluginRPCServer) Cleanup(struct{}, *struct{}) error { + return p.impl.Cleanup() +} + +// providerPluginRPCClient implements a net/rpc backed transport for +// an underlying implementation of a ca.Provider. The client side is the +// software calling into the plugin binary over rpc. +// +// This implements ca.Provider. +type providerPluginRPCClient struct { + client *rpc.Client +} + +func (p *providerPluginRPCClient) Configure( + clusterId string, + isRoot bool, + rawConfig map[string]interface{}) error { + return p.client.Call("Plugin.Configure", &ConfigureRPCRequest{ + ClusterId: clusterId, + IsRoot: isRoot, + RawConfig: rawConfig, + }, &struct{}{}) +} + +func (p *providerPluginRPCClient) GenerateRoot() error { + return p.client.Call("Plugin.GenerateRoot", struct{}{}, &struct{}{}) +} + +func (p *providerPluginRPCClient) ActiveRoot() (string, error) { + var resp ActiveRootResponse + err := p.client.Call("Plugin.ActiveRoot", struct{}{}, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) GenerateIntermediateCSR() (string, error) { + var resp GenerateIntermediateCSRResponse + err := p.client.Call("Plugin.GenerateIntermediateCSR", struct{}{}, &resp) + return resp.CsrPem, err +} + +func (p *providerPluginRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error { + return p.client.Call("Plugin.SetIntermediate", &SetIntermediateRPCRequest{ + IntermediatePEM: intermediatePEM, + RootPEM: rootPEM, + }, &struct{}{}) +} + +func (p *providerPluginRPCClient) ActiveIntermediate() (string, error) { + var resp ActiveIntermediateResponse + err := p.client.Call("Plugin.ActiveIntermediate", struct{}{}, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) GenerateIntermediate() (string, error) { + var resp GenerateIntermediateResponse + err := p.client.Call("Plugin.GenerateIntermediate", struct{}{}, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) Sign(csr *x509.CertificateRequest) (string, error) { + var resp SignResponse + err := p.client.Call("Plugin.Sign", &SignRequest{ + Csr: csr.Raw, + }, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) { + var resp SignIntermediateResponse + err := p.client.Call("Plugin.SignIntermediate", &SignIntermediateRequest{ + Csr: csr.Raw, + }, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) { + var resp CrossSignCAResponse + err := p.client.Call("Plugin.CrossSignCA", &CrossSignCARequest{ + Crt: crt.Raw, + }, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) Cleanup() error { + return p.client.Call("Plugin.Cleanup", struct{}{}, &struct{}{}) +} + +// Verification +var _ ca.Provider = &providerPluginRPCClient{} + +//------------------------------------------------------------------- +// Structs for net/rpc request and response + +type ConfigureRPCRequest struct { + ClusterId string + IsRoot bool + RawConfig map[string]interface{} +} + +type SetIntermediateRPCRequest struct { + IntermediatePEM string + RootPEM string +} diff --git a/agent/connect/ca/provider.go b/agent/connect/ca/provider.go index 0a1df39dec..1a89d6492c 100644 --- a/agent/connect/ca/provider.go +++ b/agent/connect/ca/provider.go @@ -4,6 +4,8 @@ import ( "crypto/x509" ) +//go:generate mockery -name Provider -inpkg + // Provider is the interface for Consul to interact with // an external CA that provides leaf certificate signing for // given SpiffeIDServices.