From f76022fa63ed075ad84d75abc49753ee3e244cb1 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Mon, 7 Jan 2019 09:48:44 -0800 Subject: [PATCH] CA Provider Plugins (#4751) This adds the `agent/connect/ca/plugin` library for consuming/serving Connect CA providers as [go-plugin](https://github.com/hashicorp/go-plugin) plugins. This **does not** wire this up in any way to Consul itself, so this will not enable using these plugins yet. ## Why? We want to enable CA providers to be pluggable without modifying Consul so that any CA or PKI system can potentially back the Connect certificates. This CA system may also be used in the future for easier bootstrapping and internal cluster security. ### go-plugin The benefit of `go-plugin` is that for the plugin consumer, the fact that the interface implementation is communicating over multi-process RPC is invisible. Internals of Consul will continue to just use `ca.Provider` interface implementations as if they're local. For plugin _authors_, they simply have to implement the interface. The network/transport/process management issues are handled by go-plugin itself. The CA provider plugins support both `net/rpc` and gRPC transports. This enables easy authoring in any language. go-plugin handles the actual protocol handshake and connection. This is just a feature of go-plugin. `go-plugin` is already in production use for years by Packer, Terraform, Nomad, Vault, and Sentinel. We've shown stability for both desktop and server-side software. It is very mature. ## Implementation Details ### `map[string]interface{}` The `Configure` method passes a `map[string]interface{}`. This map contains only Go primitives and containers of primitives (no funcs, chans, etc.). For `net/rpc` we encode as-is using Gob. For gRPC we marshal to JSON and transmit as a `bytes` type. This is the same approach we take with Vault and other software. Note that this is just the transport protocol, the end software views it fully decoded. ### `x509.Certificate` and `CertificateRequest` We transmit the raw ASN.1 bytes and decode on the other side. Unit tests are verifying we get the same cert/csrs across the wire. ### Testing `go-plugin` exposes test helpers that enable testing the full plugin RPC over real loopback network connections. We test all endpoints for success and error for both `net/rpc` and gRPC. ### Vendoring This PR doesn't introduce vendoring for two reasons: 1. @banks's `f-envoy` branch introduces a lot of these and I didn't want conflict. 2. The library isn't actually used yet so it doesn't introduce compile-time errors (it does introduce test errors). ## Next Steps With this in place, we need to figure out the proper way to actually hook these up to Consul, load them, etc. This discussion can happen elsewhere, since regardless of approach this plugin library implementation is the exact same. --- GNUmakefile | 8 +- agent/connect/ca/mock_Provider.go | 214 ++ agent/connect/ca/plugin/client.go | 18 + agent/connect/ca/plugin/plugin.go | 41 + agent/connect/ca/plugin/plugin_test.go | 311 ++ agent/connect/ca/plugin/provider.pb.go | 2923 +++++++++++++++++++ agent/connect/ca/plugin/provider.proto | 84 + agent/connect/ca/plugin/serve.go | 33 + agent/connect/ca/plugin/transport_grpc.go | 210 ++ agent/connect/ca/plugin/transport_netrpc.go | 185 ++ agent/connect/ca/provider.go | 2 + 11 files changed, 4027 insertions(+), 2 deletions(-) create mode 100644 agent/connect/ca/mock_Provider.go create mode 100644 agent/connect/ca/plugin/client.go create mode 100644 agent/connect/ca/plugin/plugin.go create mode 100644 agent/connect/ca/plugin/plugin_test.go create mode 100644 agent/connect/ca/plugin/provider.pb.go create mode 100644 agent/connect/ca/plugin/provider.proto create mode 100644 agent/connect/ca/plugin/serve.go create mode 100644 agent/connect/ca/plugin/transport_grpc.go create mode 100644 agent/connect/ca/plugin/transport_netrpc.go diff --git a/GNUmakefile b/GNUmakefile index fbc56b6082..538445b4cb 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -7,7 +7,9 @@ GOTOOLS = \ golang.org/x/tools/cmd/cover \ golang.org/x/tools/cmd/stringer \ github.com/axw/gocov/gocov \ - gopkg.in/matm/v1/gocov-html + gopkg.in/matm/v1/gocov-html \ + github.com/gogo/protobuf/protoc-gen-gofast \ + github.com/vektra/mockery/cmd/mockery GOTAGS ?= GOFILES ?= $(shell go list ./... | grep -v /vendor/) @@ -271,6 +273,8 @@ ui-docker: ui-build-image ui-legacy-docker: ui-legacy-build-image @$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh ui-legacy +proto: + protoc agent/connect/ca/plugin/*.proto --gofast_out=plugins=grpc:../../.. .PHONY: all ci bin dev dist cov test test-ci test-internal test-install-deps cover format vet ui static-assets tools vendorfmt -.PHONY: docker-images go-build-image ui-build-image ui-legacy-build-image static-assets-docker consul-docker ui-docker ui-legacy-docker version +.PHONY: docker-images go-build-image ui-build-image ui-legacy-build-image static-assets-docker consul-docker ui-docker ui-legacy-docker version proto diff --git a/agent/connect/ca/mock_Provider.go b/agent/connect/ca/mock_Provider.go new file mode 100644 index 0000000000..e8b9e58929 --- /dev/null +++ b/agent/connect/ca/mock_Provider.go @@ -0,0 +1,214 @@ +// Code generated by mockery v1.0.0. DO NOT EDIT. + +package ca + +import mock "github.com/stretchr/testify/mock" +import x509 "crypto/x509" + +// MockProvider is an autogenerated mock type for the Provider type +type MockProvider struct { + mock.Mock +} + +// ActiveIntermediate provides a mock function with given fields: +func (_m *MockProvider) ActiveIntermediate() (string, error) { + ret := _m.Called() + + var r0 string + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func() error); ok { + r1 = rf() + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ActiveRoot provides a mock function with given fields: +func (_m *MockProvider) ActiveRoot() (string, error) { + ret := _m.Called() + + var r0 string + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func() error); ok { + r1 = rf() + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// Cleanup provides a mock function with given fields: +func (_m *MockProvider) Cleanup() error { + ret := _m.Called() + + var r0 error + if rf, ok := ret.Get(0).(func() error); ok { + r0 = rf() + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// Configure provides a mock function with given fields: clusterId, isRoot, rawConfig +func (_m *MockProvider) Configure(clusterId string, isRoot bool, rawConfig map[string]interface{}) error { + ret := _m.Called(clusterId, isRoot, rawConfig) + + var r0 error + if rf, ok := ret.Get(0).(func(string, bool, map[string]interface{}) error); ok { + r0 = rf(clusterId, isRoot, rawConfig) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// CrossSignCA provides a mock function with given fields: _a0 +func (_m *MockProvider) CrossSignCA(_a0 *x509.Certificate) (string, error) { + ret := _m.Called(_a0) + + var r0 string + if rf, ok := ret.Get(0).(func(*x509.Certificate) string); ok { + r0 = rf(_a0) + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func(*x509.Certificate) error); ok { + r1 = rf(_a0) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GenerateIntermediate provides a mock function with given fields: +func (_m *MockProvider) GenerateIntermediate() (string, error) { + ret := _m.Called() + + var r0 string + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func() error); ok { + r1 = rf() + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GenerateIntermediateCSR provides a mock function with given fields: +func (_m *MockProvider) GenerateIntermediateCSR() (string, error) { + ret := _m.Called() + + var r0 string + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func() error); ok { + r1 = rf() + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GenerateRoot provides a mock function with given fields: +func (_m *MockProvider) GenerateRoot() error { + ret := _m.Called() + + var r0 error + if rf, ok := ret.Get(0).(func() error); ok { + r0 = rf() + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// SetIntermediate provides a mock function with given fields: intermediatePEM, rootPEM +func (_m *MockProvider) SetIntermediate(intermediatePEM string, rootPEM string) error { + ret := _m.Called(intermediatePEM, rootPEM) + + var r0 error + if rf, ok := ret.Get(0).(func(string, string) error); ok { + r0 = rf(intermediatePEM, rootPEM) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// Sign provides a mock function with given fields: _a0 +func (_m *MockProvider) Sign(_a0 *x509.CertificateRequest) (string, error) { + ret := _m.Called(_a0) + + var r0 string + if rf, ok := ret.Get(0).(func(*x509.CertificateRequest) string); ok { + r0 = rf(_a0) + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func(*x509.CertificateRequest) error); ok { + r1 = rf(_a0) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// SignIntermediate provides a mock function with given fields: _a0 +func (_m *MockProvider) SignIntermediate(_a0 *x509.CertificateRequest) (string, error) { + ret := _m.Called(_a0) + + var r0 string + if rf, ok := ret.Get(0).(func(*x509.CertificateRequest) string); ok { + r0 = rf(_a0) + } else { + r0 = ret.Get(0).(string) + } + + var r1 error + if rf, ok := ret.Get(1).(func(*x509.CertificateRequest) error); ok { + r1 = rf(_a0) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} diff --git a/agent/connect/ca/plugin/client.go b/agent/connect/ca/plugin/client.go new file mode 100644 index 0000000000..1cdc25c6eb --- /dev/null +++ b/agent/connect/ca/plugin/client.go @@ -0,0 +1,18 @@ +package plugin + +import ( + "github.com/hashicorp/go-plugin" +) + +// ClientConfig returns a base *plugin.ClientConfig that is configured to +// be able to dispense CA provider plugins. The returned value should be +// modified with additional options prior to execution (such as Cmd, Managed, +// etc.) +func ClientConfig() *plugin.ClientConfig { + return &plugin.ClientConfig{ + HandshakeConfig: handshakeConfig, + Plugins: map[string]plugin.Plugin{ + Name: &ProviderPlugin{}, + }, + } +} diff --git a/agent/connect/ca/plugin/plugin.go b/agent/connect/ca/plugin/plugin.go new file mode 100644 index 0000000000..1e32bda602 --- /dev/null +++ b/agent/connect/ca/plugin/plugin.go @@ -0,0 +1,41 @@ +package plugin + +import ( + "context" + "net/rpc" + + "github.com/hashicorp/consul/agent/connect/ca" + "github.com/hashicorp/go-plugin" + "google.golang.org/grpc" +) + +// ProviderPlugin implements plugin.Plugin for initializing a plugin +// server and client for both net/rpc and gRPC. +type ProviderPlugin struct { + Impl ca.Provider +} + +func (p ProviderPlugin) Server(*plugin.MuxBroker) (interface{}, error) { + return &providerPluginRPCServer{impl: p.Impl}, nil +} + +func (ProviderPlugin) Client(b *plugin.MuxBroker, c *rpc.Client) (interface{}, error) { + return &providerPluginRPCClient{client: c}, nil +} + +func (p ProviderPlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { + RegisterCAServer(s, &providerPluginGRPCServer{impl: p.Impl}) + return nil +} + +func (ProviderPlugin) GRPCClient(doneCtx context.Context, _ *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { + return &providerPluginGRPCClient{ + client: NewCAClient(c), + clientConn: c, + doneCtx: doneCtx, + }, nil +} + +// Verification +var _ plugin.Plugin = ProviderPlugin{} +var _ plugin.GRPCPlugin = ProviderPlugin{} diff --git a/agent/connect/ca/plugin/plugin_test.go b/agent/connect/ca/plugin/plugin_test.go new file mode 100644 index 0000000000..f4c100c288 --- /dev/null +++ b/agent/connect/ca/plugin/plugin_test.go @@ -0,0 +1,311 @@ +package plugin + +import ( + "crypto/x509" + "encoding/pem" + "errors" + "testing" + + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/connect/ca" + "github.com/hashicorp/go-plugin" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" +) + +func TestProvider_Configure(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Basic configure + m.On("Configure", "foo", false, map[string]interface{}{ + "string": "bar", + "number": float64(42), // because json + }).Once().Return(nil) + require.NoError(p.Configure("foo", false, map[string]interface{}{ + "string": "bar", + "number": float64(42), + })) + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("Configure", "foo", false, map[string]interface{}{}).Once().Return(errors.New("hello world")) + err := p.Configure("foo", false, map[string]interface{}{}) + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_GenerateRoot(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("GenerateRoot").Once().Return(nil) + require.NoError(p.GenerateRoot()) + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("GenerateRoot").Once().Return(errors.New("hello world")) + err := p.GenerateRoot() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_ActiveRoot(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("ActiveRoot").Once().Return("foo", nil) + actual, err := p.ActiveRoot() + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("ActiveRoot").Once().Return("", errors.New("hello world")) + actual, err = p.ActiveRoot() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_GenerateIntermediateCSR(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("GenerateIntermediateCSR").Once().Return("foo", nil) + actual, err := p.GenerateIntermediateCSR() + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("GenerateIntermediateCSR").Once().Return("", errors.New("hello world")) + actual, err = p.GenerateIntermediateCSR() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_SetIntermediate(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("SetIntermediate", "foo", "bar").Once().Return(nil) + err := p.SetIntermediate("foo", "bar") + require.NoError(err) + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("SetIntermediate", "foo", "bar").Once().Return(errors.New("hello world")) + err = p.SetIntermediate("foo", "bar") + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_ActiveIntermediate(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("ActiveIntermediate").Once().Return("foo", nil) + actual, err := p.ActiveIntermediate() + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("ActiveIntermediate").Once().Return("", errors.New("hello world")) + actual, err = p.ActiveIntermediate() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_GenerateIntermediate(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("GenerateIntermediate").Once().Return("foo", nil) + actual, err := p.GenerateIntermediate() + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("GenerateIntermediate").Once().Return("", errors.New("hello world")) + actual, err = p.GenerateIntermediate() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_Sign(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Create a CSR + csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + block, _ := pem.Decode([]byte(csrPEM)) + csr, err := x509.ParseCertificateRequest(block.Bytes) + require.NoError(err) + require.NoError(csr.CheckSignature()) + + // No error + m.On("Sign", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { + csr := args.Get(0).(*x509.CertificateRequest) + require.NoError(csr.CheckSignature()) + }) + actual, err := p.Sign(csr) + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("Sign", mock.Anything).Once().Return("", errors.New("hello world")) + actual, err = p.Sign(csr) + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_SignIntermediate(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Create a CSR + csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) + block, _ := pem.Decode([]byte(csrPEM)) + csr, err := x509.ParseCertificateRequest(block.Bytes) + require.NoError(err) + require.NoError(csr.CheckSignature()) + + // No error + m.On("SignIntermediate", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { + csr := args.Get(0).(*x509.CertificateRequest) + require.NoError(csr.CheckSignature()) + }) + actual, err := p.SignIntermediate(csr) + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("SignIntermediate", mock.Anything).Once().Return("", errors.New("hello world")) + actual, err = p.SignIntermediate(csr) + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_CrossSignCA(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Create a CSR + root := connect.TestCA(t, nil) + block, _ := pem.Decode([]byte(root.RootCert)) + crt, err := x509.ParseCertificate(block.Bytes) + require.NoError(err) + + // No error + m.On("CrossSignCA", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { + actual := args.Get(0).(*x509.Certificate) + require.True(crt.Equal(actual)) + }) + actual, err := p.CrossSignCA(crt) + require.NoError(err) + require.Equal(actual, "foo") + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("CrossSignCA", mock.Anything).Once().Return("", errors.New("hello world")) + actual, err = p.CrossSignCA(crt) + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +func TestProvider_Cleanup(t *testing.T) { + testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { + require := require.New(t) + + // Try cleanup with no error + m.On("Cleanup").Once().Return(nil) + require.NoError(p.Cleanup()) + m.AssertExpectations(t) + + // Try with an error + m.Mock = mock.Mock{} + m.On("Cleanup").Once().Return(errors.New("hello world")) + err := p.Cleanup() + require.Error(err) + require.Contains(err.Error(), "hello") + m.AssertExpectations(t) + }) +} + +// testPlugin runs the given test function callback for all supported +// transports of the plugin RPC layer. +func testPlugin(t *testing.T, f func(t *testing.T, m *ca.MockProvider, actual ca.Provider)) { + t.Run("net/rpc", func(t *testing.T) { + // Create a mock provider + mockP := new(ca.MockProvider) + client, _ := plugin.TestPluginRPCConn(t, map[string]plugin.Plugin{ + Name: &ProviderPlugin{Impl: mockP}, + }, nil) + defer client.Close() + + // Request the provider + raw, err := client.Dispense(Name) + require.NoError(t, err) + provider := raw.(ca.Provider) + + // Call the test function + f(t, mockP, provider) + }) + + t.Run("gRPC", func(t *testing.T) { + // Create a mock provider + mockP := new(ca.MockProvider) + client, _ := plugin.TestPluginGRPCConn(t, map[string]plugin.Plugin{ + Name: &ProviderPlugin{Impl: mockP}, + }) + defer client.Close() + + // Request the provider + raw, err := client.Dispense(Name) + require.NoError(t, err) + provider := raw.(ca.Provider) + + // Call the test function + f(t, mockP, provider) + }) +} diff --git a/agent/connect/ca/plugin/provider.pb.go b/agent/connect/ca/plugin/provider.pb.go new file mode 100644 index 0000000000..8c15dcdc07 --- /dev/null +++ b/agent/connect/ca/plugin/provider.pb.go @@ -0,0 +1,2923 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: agent/connect/ca/plugin/provider.proto + +package plugin // import "github.com/hashicorp/consul/agent/connect/ca/plugin" + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" + +import ( + context "golang.org/x/net/context" + grpc "google.golang.org/grpc" +) + +import io "io" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +type ConfigureRequest struct { + ClusterId string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` + IsRoot bool `protobuf:"varint,2,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"` + Config []byte `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ConfigureRequest) Reset() { *m = ConfigureRequest{} } +func (m *ConfigureRequest) String() string { return proto.CompactTextString(m) } +func (*ConfigureRequest) ProtoMessage() {} +func (*ConfigureRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{0} +} +func (m *ConfigureRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ConfigureRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ConfigureRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *ConfigureRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ConfigureRequest.Merge(dst, src) +} +func (m *ConfigureRequest) XXX_Size() int { + return m.Size() +} +func (m *ConfigureRequest) XXX_DiscardUnknown() { + xxx_messageInfo_ConfigureRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_ConfigureRequest proto.InternalMessageInfo + +func (m *ConfigureRequest) GetClusterId() string { + if m != nil { + return m.ClusterId + } + return "" +} + +func (m *ConfigureRequest) GetIsRoot() bool { + if m != nil { + return m.IsRoot + } + return false +} + +func (m *ConfigureRequest) GetConfig() []byte { + if m != nil { + return m.Config + } + return nil +} + +type SetIntermediateRequest struct { + IntermediatePem string `protobuf:"bytes,1,opt,name=intermediate_pem,json=intermediatePem,proto3" json:"intermediate_pem,omitempty"` + RootPem string `protobuf:"bytes,2,opt,name=root_pem,json=rootPem,proto3" json:"root_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SetIntermediateRequest) Reset() { *m = SetIntermediateRequest{} } +func (m *SetIntermediateRequest) String() string { return proto.CompactTextString(m) } +func (*SetIntermediateRequest) ProtoMessage() {} +func (*SetIntermediateRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{1} +} +func (m *SetIntermediateRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SetIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SetIntermediateRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SetIntermediateRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SetIntermediateRequest.Merge(dst, src) +} +func (m *SetIntermediateRequest) XXX_Size() int { + return m.Size() +} +func (m *SetIntermediateRequest) XXX_DiscardUnknown() { + xxx_messageInfo_SetIntermediateRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_SetIntermediateRequest proto.InternalMessageInfo + +func (m *SetIntermediateRequest) GetIntermediatePem() string { + if m != nil { + return m.IntermediatePem + } + return "" +} + +func (m *SetIntermediateRequest) GetRootPem() string { + if m != nil { + return m.RootPem + } + return "" +} + +type SignRequest struct { + Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SignRequest) Reset() { *m = SignRequest{} } +func (m *SignRequest) String() string { return proto.CompactTextString(m) } +func (*SignRequest) ProtoMessage() {} +func (*SignRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{2} +} +func (m *SignRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SignRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SignRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SignRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignRequest.Merge(dst, src) +} +func (m *SignRequest) XXX_Size() int { + return m.Size() +} +func (m *SignRequest) XXX_DiscardUnknown() { + xxx_messageInfo_SignRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_SignRequest proto.InternalMessageInfo + +func (m *SignRequest) GetCsr() []byte { + if m != nil { + return m.Csr + } + return nil +} + +type SignIntermediateRequest struct { + Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SignIntermediateRequest) Reset() { *m = SignIntermediateRequest{} } +func (m *SignIntermediateRequest) String() string { return proto.CompactTextString(m) } +func (*SignIntermediateRequest) ProtoMessage() {} +func (*SignIntermediateRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{3} +} +func (m *SignIntermediateRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SignIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SignIntermediateRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SignIntermediateRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignIntermediateRequest.Merge(dst, src) +} +func (m *SignIntermediateRequest) XXX_Size() int { + return m.Size() +} +func (m *SignIntermediateRequest) XXX_DiscardUnknown() { + xxx_messageInfo_SignIntermediateRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_SignIntermediateRequest proto.InternalMessageInfo + +func (m *SignIntermediateRequest) GetCsr() []byte { + if m != nil { + return m.Csr + } + return nil +} + +type CrossSignCARequest struct { + Crt []byte `protobuf:"bytes,1,opt,name=crt,proto3" json:"crt,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *CrossSignCARequest) Reset() { *m = CrossSignCARequest{} } +func (m *CrossSignCARequest) String() string { return proto.CompactTextString(m) } +func (*CrossSignCARequest) ProtoMessage() {} +func (*CrossSignCARequest) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{4} +} +func (m *CrossSignCARequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CrossSignCARequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_CrossSignCARequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *CrossSignCARequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_CrossSignCARequest.Merge(dst, src) +} +func (m *CrossSignCARequest) XXX_Size() int { + return m.Size() +} +func (m *CrossSignCARequest) XXX_DiscardUnknown() { + xxx_messageInfo_CrossSignCARequest.DiscardUnknown(m) +} + +var xxx_messageInfo_CrossSignCARequest proto.InternalMessageInfo + +func (m *CrossSignCARequest) GetCrt() []byte { + if m != nil { + return m.Crt + } + return nil +} + +type ActiveRootResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ActiveRootResponse) Reset() { *m = ActiveRootResponse{} } +func (m *ActiveRootResponse) String() string { return proto.CompactTextString(m) } +func (*ActiveRootResponse) ProtoMessage() {} +func (*ActiveRootResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{5} +} +func (m *ActiveRootResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ActiveRootResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ActiveRootResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *ActiveRootResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_ActiveRootResponse.Merge(dst, src) +} +func (m *ActiveRootResponse) XXX_Size() int { + return m.Size() +} +func (m *ActiveRootResponse) XXX_DiscardUnknown() { + xxx_messageInfo_ActiveRootResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_ActiveRootResponse proto.InternalMessageInfo + +func (m *ActiveRootResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type GenerateIntermediateCSRResponse struct { + CsrPem string `protobuf:"bytes,1,opt,name=csr_pem,json=csrPem,proto3" json:"csr_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *GenerateIntermediateCSRResponse) Reset() { *m = GenerateIntermediateCSRResponse{} } +func (m *GenerateIntermediateCSRResponse) String() string { return proto.CompactTextString(m) } +func (*GenerateIntermediateCSRResponse) ProtoMessage() {} +func (*GenerateIntermediateCSRResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{6} +} +func (m *GenerateIntermediateCSRResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GenerateIntermediateCSRResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GenerateIntermediateCSRResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *GenerateIntermediateCSRResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_GenerateIntermediateCSRResponse.Merge(dst, src) +} +func (m *GenerateIntermediateCSRResponse) XXX_Size() int { + return m.Size() +} +func (m *GenerateIntermediateCSRResponse) XXX_DiscardUnknown() { + xxx_messageInfo_GenerateIntermediateCSRResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_GenerateIntermediateCSRResponse proto.InternalMessageInfo + +func (m *GenerateIntermediateCSRResponse) GetCsrPem() string { + if m != nil { + return m.CsrPem + } + return "" +} + +type ActiveIntermediateResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ActiveIntermediateResponse) Reset() { *m = ActiveIntermediateResponse{} } +func (m *ActiveIntermediateResponse) String() string { return proto.CompactTextString(m) } +func (*ActiveIntermediateResponse) ProtoMessage() {} +func (*ActiveIntermediateResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{7} +} +func (m *ActiveIntermediateResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ActiveIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ActiveIntermediateResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *ActiveIntermediateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_ActiveIntermediateResponse.Merge(dst, src) +} +func (m *ActiveIntermediateResponse) XXX_Size() int { + return m.Size() +} +func (m *ActiveIntermediateResponse) XXX_DiscardUnknown() { + xxx_messageInfo_ActiveIntermediateResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_ActiveIntermediateResponse proto.InternalMessageInfo + +func (m *ActiveIntermediateResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type GenerateIntermediateResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *GenerateIntermediateResponse) Reset() { *m = GenerateIntermediateResponse{} } +func (m *GenerateIntermediateResponse) String() string { return proto.CompactTextString(m) } +func (*GenerateIntermediateResponse) ProtoMessage() {} +func (*GenerateIntermediateResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{8} +} +func (m *GenerateIntermediateResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GenerateIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GenerateIntermediateResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *GenerateIntermediateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_GenerateIntermediateResponse.Merge(dst, src) +} +func (m *GenerateIntermediateResponse) XXX_Size() int { + return m.Size() +} +func (m *GenerateIntermediateResponse) XXX_DiscardUnknown() { + xxx_messageInfo_GenerateIntermediateResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_GenerateIntermediateResponse proto.InternalMessageInfo + +func (m *GenerateIntermediateResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type SignResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SignResponse) Reset() { *m = SignResponse{} } +func (m *SignResponse) String() string { return proto.CompactTextString(m) } +func (*SignResponse) ProtoMessage() {} +func (*SignResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{9} +} +func (m *SignResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SignResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SignResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SignResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignResponse.Merge(dst, src) +} +func (m *SignResponse) XXX_Size() int { + return m.Size() +} +func (m *SignResponse) XXX_DiscardUnknown() { + xxx_messageInfo_SignResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_SignResponse proto.InternalMessageInfo + +func (m *SignResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type SignIntermediateResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SignIntermediateResponse) Reset() { *m = SignIntermediateResponse{} } +func (m *SignIntermediateResponse) String() string { return proto.CompactTextString(m) } +func (*SignIntermediateResponse) ProtoMessage() {} +func (*SignIntermediateResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{10} +} +func (m *SignIntermediateResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SignIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SignIntermediateResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *SignIntermediateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignIntermediateResponse.Merge(dst, src) +} +func (m *SignIntermediateResponse) XXX_Size() int { + return m.Size() +} +func (m *SignIntermediateResponse) XXX_DiscardUnknown() { + xxx_messageInfo_SignIntermediateResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_SignIntermediateResponse proto.InternalMessageInfo + +func (m *SignIntermediateResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +type CrossSignCAResponse struct { + CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *CrossSignCAResponse) Reset() { *m = CrossSignCAResponse{} } +func (m *CrossSignCAResponse) String() string { return proto.CompactTextString(m) } +func (*CrossSignCAResponse) ProtoMessage() {} +func (*CrossSignCAResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{11} +} +func (m *CrossSignCAResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CrossSignCAResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_CrossSignCAResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *CrossSignCAResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_CrossSignCAResponse.Merge(dst, src) +} +func (m *CrossSignCAResponse) XXX_Size() int { + return m.Size() +} +func (m *CrossSignCAResponse) XXX_DiscardUnknown() { + xxx_messageInfo_CrossSignCAResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_CrossSignCAResponse proto.InternalMessageInfo + +func (m *CrossSignCAResponse) GetCrtPem() string { + if m != nil { + return m.CrtPem + } + return "" +} + +// Protobufs doesn't allow no req/resp so in the cases where there are +// no arguments we use the Empty message. +type Empty struct { + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *Empty) Reset() { *m = Empty{} } +func (m *Empty) String() string { return proto.CompactTextString(m) } +func (*Empty) ProtoMessage() {} +func (*Empty) Descriptor() ([]byte, []int) { + return fileDescriptor_provider_8ff2d2670790989c, []int{12} +} +func (m *Empty) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_Empty.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalTo(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (dst *Empty) XXX_Merge(src proto.Message) { + xxx_messageInfo_Empty.Merge(dst, src) +} +func (m *Empty) XXX_Size() int { + return m.Size() +} +func (m *Empty) XXX_DiscardUnknown() { + xxx_messageInfo_Empty.DiscardUnknown(m) +} + +var xxx_messageInfo_Empty proto.InternalMessageInfo + +func init() { + proto.RegisterType((*ConfigureRequest)(nil), "plugin.ConfigureRequest") + proto.RegisterType((*SetIntermediateRequest)(nil), "plugin.SetIntermediateRequest") + proto.RegisterType((*SignRequest)(nil), "plugin.SignRequest") + proto.RegisterType((*SignIntermediateRequest)(nil), "plugin.SignIntermediateRequest") + proto.RegisterType((*CrossSignCARequest)(nil), "plugin.CrossSignCARequest") + proto.RegisterType((*ActiveRootResponse)(nil), "plugin.ActiveRootResponse") + proto.RegisterType((*GenerateIntermediateCSRResponse)(nil), "plugin.GenerateIntermediateCSRResponse") + proto.RegisterType((*ActiveIntermediateResponse)(nil), "plugin.ActiveIntermediateResponse") + proto.RegisterType((*GenerateIntermediateResponse)(nil), "plugin.GenerateIntermediateResponse") + proto.RegisterType((*SignResponse)(nil), "plugin.SignResponse") + proto.RegisterType((*SignIntermediateResponse)(nil), "plugin.SignIntermediateResponse") + proto.RegisterType((*CrossSignCAResponse)(nil), "plugin.CrossSignCAResponse") + proto.RegisterType((*Empty)(nil), "plugin.Empty") +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 + +// CAClient is the client API for CA service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type CAClient interface { + Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*Empty, error) + GenerateRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) + ActiveRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveRootResponse, error) + GenerateIntermediateCSR(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateCSRResponse, error) + SetIntermediate(ctx context.Context, in *SetIntermediateRequest, opts ...grpc.CallOption) (*Empty, error) + ActiveIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveIntermediateResponse, error) + GenerateIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateResponse, error) + Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) + SignIntermediate(ctx context.Context, in *SignIntermediateRequest, opts ...grpc.CallOption) (*SignIntermediateResponse, error) + CrossSignCA(ctx context.Context, in *CrossSignCARequest, opts ...grpc.CallOption) (*CrossSignCAResponse, error) + Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) +} + +type cAClient struct { + cc *grpc.ClientConn +} + +func NewCAClient(cc *grpc.ClientConn) CAClient { + return &cAClient{cc} +} + +func (c *cAClient) Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/plugin.CA/Configure", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) GenerateRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/plugin.CA/GenerateRoot", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) ActiveRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveRootResponse, error) { + out := new(ActiveRootResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/ActiveRoot", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) GenerateIntermediateCSR(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateCSRResponse, error) { + out := new(GenerateIntermediateCSRResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/GenerateIntermediateCSR", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) SetIntermediate(ctx context.Context, in *SetIntermediateRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/plugin.CA/SetIntermediate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) ActiveIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveIntermediateResponse, error) { + out := new(ActiveIntermediateResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/ActiveIntermediate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) GenerateIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateResponse, error) { + out := new(GenerateIntermediateResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/GenerateIntermediate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) { + out := new(SignResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/Sign", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) SignIntermediate(ctx context.Context, in *SignIntermediateRequest, opts ...grpc.CallOption) (*SignIntermediateResponse, error) { + out := new(SignIntermediateResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/SignIntermediate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) CrossSignCA(ctx context.Context, in *CrossSignCARequest, opts ...grpc.CallOption) (*CrossSignCAResponse, error) { + out := new(CrossSignCAResponse) + err := c.cc.Invoke(ctx, "/plugin.CA/CrossSignCA", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cAClient) Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/plugin.CA/Cleanup", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CAServer is the server API for CA service. +type CAServer interface { + Configure(context.Context, *ConfigureRequest) (*Empty, error) + GenerateRoot(context.Context, *Empty) (*Empty, error) + ActiveRoot(context.Context, *Empty) (*ActiveRootResponse, error) + GenerateIntermediateCSR(context.Context, *Empty) (*GenerateIntermediateCSRResponse, error) + SetIntermediate(context.Context, *SetIntermediateRequest) (*Empty, error) + ActiveIntermediate(context.Context, *Empty) (*ActiveIntermediateResponse, error) + GenerateIntermediate(context.Context, *Empty) (*GenerateIntermediateResponse, error) + Sign(context.Context, *SignRequest) (*SignResponse, error) + SignIntermediate(context.Context, *SignIntermediateRequest) (*SignIntermediateResponse, error) + CrossSignCA(context.Context, *CrossSignCARequest) (*CrossSignCAResponse, error) + Cleanup(context.Context, *Empty) (*Empty, error) +} + +func RegisterCAServer(s *grpc.Server, srv CAServer) { + s.RegisterService(&_CA_serviceDesc, srv) +} + +func _CA_Configure_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ConfigureRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).Configure(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/Configure", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).Configure(ctx, req.(*ConfigureRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_GenerateRoot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).GenerateRoot(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/GenerateRoot", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).GenerateRoot(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_ActiveRoot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).ActiveRoot(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/ActiveRoot", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).ActiveRoot(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_GenerateIntermediateCSR_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).GenerateIntermediateCSR(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/GenerateIntermediateCSR", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).GenerateIntermediateCSR(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_SetIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SetIntermediateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).SetIntermediate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/SetIntermediate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).SetIntermediate(ctx, req.(*SetIntermediateRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_ActiveIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).ActiveIntermediate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/ActiveIntermediate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).ActiveIntermediate(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_GenerateIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).GenerateIntermediate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/GenerateIntermediate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).GenerateIntermediate(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SignRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).Sign(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/Sign", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).Sign(ctx, req.(*SignRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_SignIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SignIntermediateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).SignIntermediate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/SignIntermediate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).SignIntermediate(ctx, req.(*SignIntermediateRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_CrossSignCA_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CrossSignCARequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).CrossSignCA(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/CrossSignCA", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).CrossSignCA(ctx, req.(*CrossSignCARequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CA_Cleanup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CAServer).Cleanup(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.CA/Cleanup", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CAServer).Cleanup(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +var _CA_serviceDesc = grpc.ServiceDesc{ + ServiceName: "plugin.CA", + HandlerType: (*CAServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Configure", + Handler: _CA_Configure_Handler, + }, + { + MethodName: "GenerateRoot", + Handler: _CA_GenerateRoot_Handler, + }, + { + MethodName: "ActiveRoot", + Handler: _CA_ActiveRoot_Handler, + }, + { + MethodName: "GenerateIntermediateCSR", + Handler: _CA_GenerateIntermediateCSR_Handler, + }, + { + MethodName: "SetIntermediate", + Handler: _CA_SetIntermediate_Handler, + }, + { + MethodName: "ActiveIntermediate", + Handler: _CA_ActiveIntermediate_Handler, + }, + { + MethodName: "GenerateIntermediate", + Handler: _CA_GenerateIntermediate_Handler, + }, + { + MethodName: "Sign", + Handler: _CA_Sign_Handler, + }, + { + MethodName: "SignIntermediate", + Handler: _CA_SignIntermediate_Handler, + }, + { + MethodName: "CrossSignCA", + Handler: _CA_CrossSignCA_Handler, + }, + { + MethodName: "Cleanup", + Handler: _CA_Cleanup_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "agent/connect/ca/plugin/provider.proto", +} + +func (m *ConfigureRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ConfigureRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.ClusterId) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.ClusterId))) + i += copy(dAtA[i:], m.ClusterId) + } + if m.IsRoot { + dAtA[i] = 0x10 + i++ + if m.IsRoot { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i++ + } + if len(m.Config) > 0 { + dAtA[i] = 0x1a + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.Config))) + i += copy(dAtA[i:], m.Config) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SetIntermediateRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SetIntermediateRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.IntermediatePem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.IntermediatePem))) + i += copy(dAtA[i:], m.IntermediatePem) + } + if len(m.RootPem) > 0 { + dAtA[i] = 0x12 + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.RootPem))) + i += copy(dAtA[i:], m.RootPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SignRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SignRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Csr) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.Csr))) + i += copy(dAtA[i:], m.Csr) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SignIntermediateRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SignIntermediateRequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Csr) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.Csr))) + i += copy(dAtA[i:], m.Csr) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *CrossSignCARequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CrossSignCARequest) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Crt) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.Crt))) + i += copy(dAtA[i:], m.Crt) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *ActiveRootResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ActiveRootResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *GenerateIntermediateCSRResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GenerateIntermediateCSRResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CsrPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CsrPem))) + i += copy(dAtA[i:], m.CsrPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *ActiveIntermediateResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ActiveIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *GenerateIntermediateResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GenerateIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SignResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SignResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *SignIntermediateResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SignIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *CrossSignCAResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CrossSignCAResponse) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.CrtPem) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) + i += copy(dAtA[i:], m.CrtPem) + } + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func (m *Empty) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Empty) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i += copy(dAtA[i:], m.XXX_unrecognized) + } + return i, nil +} + +func encodeVarintProvider(dAtA []byte, offset int, v uint64) int { + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return offset + 1 +} +func (m *ConfigureRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ClusterId) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.IsRoot { + n += 2 + } + l = len(m.Config) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SetIntermediateRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.IntermediatePem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + l = len(m.RootPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SignRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Csr) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SignIntermediateRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Csr) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *CrossSignCARequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Crt) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ActiveRootResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GenerateIntermediateCSRResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CsrPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ActiveIntermediateResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GenerateIntermediateResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SignResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SignIntermediateResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *CrossSignCAResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.CrtPem) + if l > 0 { + n += 1 + l + sovProvider(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *Empty) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func sovProvider(x uint64) (n int) { + for { + n++ + x >>= 7 + if x == 0 { + break + } + } + return n +} +func sozProvider(x uint64) (n int) { + return sovProvider(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ConfigureRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ConfigureRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ClusterId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field IsRoot", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + m.IsRoot = bool(v != 0) + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Config = append(m.Config[:0], dAtA[iNdEx:postIndex]...) + if m.Config == nil { + m.Config = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SetIntermediateRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SetIntermediateRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field IntermediatePem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.IntermediatePem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RootPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RootPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SignRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SignRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SignRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Csr", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Csr = append(m.Csr[:0], dAtA[iNdEx:postIndex]...) + if m.Csr == nil { + m.Csr = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SignIntermediateRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SignIntermediateRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Csr", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Csr = append(m.Csr[:0], dAtA[iNdEx:postIndex]...) + if m.Csr == nil { + m.Csr = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CrossSignCARequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CrossSignCARequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Crt", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + byteLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Crt = append(m.Crt[:0], dAtA[iNdEx:postIndex]...) + if m.Crt == nil { + m.Crt = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ActiveRootResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ActiveRootResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GenerateIntermediateCSRResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GenerateIntermediateCSRResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CsrPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CsrPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ActiveIntermediateResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ActiveIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GenerateIntermediateResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GenerateIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SignResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SignResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SignResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SignIntermediateResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SignIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CrossSignCAResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CrossSignCAResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProvider + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrtPem = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Empty) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProvider + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Empty: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Empty: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipProvider(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthProvider + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipProvider(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowProvider + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowProvider + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + return iNdEx, nil + case 1: + iNdEx += 8 + return iNdEx, nil + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowProvider + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + iNdEx += length + if length < 0 { + return 0, ErrInvalidLengthProvider + } + return iNdEx, nil + case 3: + for { + var innerWire uint64 + var start int = iNdEx + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowProvider + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + innerWire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + innerWireType := int(innerWire & 0x7) + if innerWireType == 4 { + break + } + next, err := skipProvider(dAtA[start:]) + if err != nil { + return 0, err + } + iNdEx = start + next + } + return iNdEx, nil + case 4: + return iNdEx, nil + case 5: + iNdEx += 4 + return iNdEx, nil + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + } + panic("unreachable") +} + +var ( + ErrInvalidLengthProvider = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowProvider = fmt.Errorf("proto: integer overflow") +) + +func init() { + proto.RegisterFile("agent/connect/ca/plugin/provider.proto", fileDescriptor_provider_8ff2d2670790989c) +} + +var fileDescriptor_provider_8ff2d2670790989c = []byte{ + // 566 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0xdf, 0x6e, 0xd3, 0x3e, + 0x18, 0xfd, 0xa5, 0xfb, 0xad, 0x5d, 0xbf, 0x15, 0xad, 0xf2, 0xa6, 0xb5, 0x14, 0x68, 0xab, 0x08, + 0xad, 0x45, 0x40, 0x23, 0x28, 0x68, 0x12, 0x57, 0x94, 0x68, 0x4c, 0x13, 0x37, 0x23, 0x15, 0x37, + 0x5c, 0x50, 0xa5, 0xae, 0x49, 0x2d, 0x35, 0x71, 0xb0, 0x9d, 0x49, 0xbc, 0x09, 0x6f, 0x04, 0x97, + 0x3c, 0x02, 0x2a, 0x2f, 0x82, 0x9c, 0x26, 0x59, 0x92, 0xa6, 0xcb, 0x5d, 0xfc, 0xe5, 0x9c, 0xf3, + 0xfd, 0x3b, 0x36, 0x9c, 0xd9, 0x0e, 0xf1, 0xa4, 0x81, 0x99, 0xe7, 0x11, 0x2c, 0x0d, 0x6c, 0x1b, + 0xfe, 0x2a, 0x70, 0xa8, 0x67, 0xf8, 0x9c, 0xdd, 0xd0, 0x05, 0xe1, 0x23, 0x9f, 0x33, 0xc9, 0x50, + 0x75, 0x13, 0xd6, 0xe7, 0xd0, 0x34, 0x99, 0xf7, 0x95, 0x3a, 0x01, 0x27, 0x16, 0xf9, 0x16, 0x10, + 0x21, 0xd1, 0x23, 0x00, 0xbc, 0x0a, 0x84, 0x24, 0x7c, 0x46, 0x17, 0x6d, 0xad, 0xaf, 0x0d, 0xeb, + 0x56, 0x3d, 0x8a, 0x5c, 0x2d, 0x50, 0x0b, 0x6a, 0x54, 0xcc, 0x38, 0x63, 0xb2, 0x5d, 0xe9, 0x6b, + 0xc3, 0x03, 0xab, 0x4a, 0x85, 0xc5, 0x98, 0x44, 0xa7, 0x50, 0xc5, 0xa1, 0x56, 0x7b, 0xaf, 0xaf, + 0x0d, 0x1b, 0x56, 0x74, 0xd2, 0xbf, 0xc0, 0xe9, 0x94, 0xc8, 0x2b, 0x4f, 0x12, 0xee, 0x92, 0x05, + 0xb5, 0x65, 0x92, 0xe9, 0x09, 0x34, 0x69, 0x2a, 0x3c, 0xf3, 0x89, 0x1b, 0xe5, 0x3b, 0x4a, 0xc7, + 0xaf, 0x89, 0x8b, 0xee, 0xc3, 0x81, 0x4a, 0x19, 0x42, 0x2a, 0x21, 0xa4, 0xa6, 0xce, 0xd7, 0xc4, + 0xd5, 0x7b, 0x70, 0x38, 0xa5, 0x8e, 0x17, 0x8b, 0x36, 0x61, 0x0f, 0x0b, 0x1e, 0xea, 0x34, 0x2c, + 0xf5, 0xa9, 0x3f, 0x85, 0x96, 0x02, 0x14, 0x55, 0xb0, 0x0d, 0x3e, 0x03, 0x64, 0x72, 0x26, 0x84, + 0x62, 0x98, 0x93, 0x34, 0x8e, 0xcb, 0x04, 0xc7, 0xa5, 0xfe, 0x1c, 0xd0, 0x04, 0x4b, 0x7a, 0x43, + 0x54, 0xef, 0x16, 0x11, 0x3e, 0xf3, 0x04, 0x51, 0xc3, 0xc1, 0x5c, 0xa6, 0x1a, 0xa9, 0x62, 0x1e, + 0x16, 0xf9, 0x06, 0x7a, 0x97, 0xc4, 0x23, 0xdc, 0x96, 0x24, 0x5d, 0x87, 0x39, 0xb5, 0x32, 0x5c, + 0xc1, 0x33, 0x5c, 0xc1, 0x15, 0xf7, 0x35, 0x74, 0x36, 0xa9, 0xb2, 0x1d, 0x94, 0xa5, 0x3c, 0x87, + 0x87, 0x45, 0x29, 0xcb, 0x89, 0x03, 0x68, 0x6c, 0x06, 0x5a, 0x06, 0x1c, 0x43, 0x7b, 0x7b, 0xb0, + 0x65, 0xa4, 0x11, 0x1c, 0x67, 0x06, 0x5c, 0x86, 0xaf, 0xc1, 0xfe, 0x85, 0xeb, 0xcb, 0xef, 0x2f, + 0x7f, 0xee, 0x43, 0xc5, 0x9c, 0xa0, 0x57, 0x50, 0x4f, 0x2c, 0x8b, 0xda, 0xa3, 0x8d, 0x91, 0x47, + 0x79, 0x17, 0x77, 0xee, 0xc5, 0x7f, 0x42, 0x32, 0x7a, 0x06, 0x8d, 0x78, 0x18, 0xa1, 0x59, 0xb3, + 0xbf, 0xf3, 0xe8, 0x73, 0x80, 0xdb, 0xe5, 0xe6, 0xb1, 0x9d, 0xf8, 0x58, 0xb0, 0xff, 0x8f, 0xd0, + 0xda, 0xb1, 0xe6, 0xbc, 0xca, 0x20, 0x3e, 0x96, 0xd9, 0xe2, 0x2d, 0x1c, 0xe5, 0xae, 0x0f, 0xea, + 0xc6, 0xdc, 0xe2, 0x7b, 0x95, 0xef, 0xe6, 0x32, 0xb6, 0x6a, 0x46, 0x24, 0x57, 0x8f, 0x9e, 0xed, + 0xaa, 0x70, 0xa7, 0x1f, 0xe0, 0xa4, 0xa8, 0xda, 0xbc, 0xd4, 0xe3, 0xbb, 0x5a, 0x4b, 0xc4, 0x5e, + 0xc0, 0xff, 0xca, 0x02, 0xe8, 0x38, 0x69, 0xe6, 0xf6, 0x12, 0x77, 0x4e, 0xb2, 0xc1, 0x88, 0xf2, + 0x09, 0x9a, 0x79, 0xbf, 0xa1, 0x5e, 0x1a, 0x59, 0x34, 0x8c, 0xfe, 0x6e, 0x40, 0x24, 0xfb, 0x1e, + 0x0e, 0x53, 0x8e, 0x44, 0xc9, 0x7e, 0xb7, 0xdf, 0x81, 0xce, 0x83, 0xc2, 0x7f, 0x91, 0xce, 0x00, + 0x6a, 0xe6, 0x8a, 0xd8, 0x5e, 0xe0, 0xdf, 0x6d, 0xaf, 0x77, 0x17, 0xbf, 0xd6, 0x5d, 0xed, 0xf7, + 0xba, 0xab, 0xfd, 0x59, 0x77, 0xb5, 0x1f, 0x7f, 0xbb, 0xff, 0x7d, 0x1e, 0x3b, 0x54, 0x2e, 0x83, + 0xf9, 0x08, 0x33, 0xd7, 0x58, 0xda, 0x62, 0x49, 0x31, 0xe3, 0xbe, 0x7a, 0xc6, 0x45, 0xb0, 0x32, + 0x76, 0xbc, 0xe9, 0xf3, 0x6a, 0xf8, 0x96, 0x8f, 0xff, 0x05, 0x00, 0x00, 0xff, 0xff, 0x7b, 0x20, + 0xb4, 0xe4, 0xf5, 0x05, 0x00, 0x00, +} diff --git a/agent/connect/ca/plugin/provider.proto b/agent/connect/ca/plugin/provider.proto new file mode 100644 index 0000000000..6ca9cf88f5 --- /dev/null +++ b/agent/connect/ca/plugin/provider.proto @@ -0,0 +1,84 @@ +/* This proto file contains the service and structures for implementing + * a Consul CA provider plugin. For clearer documentation on what each + * RPC method should do, please refer to the Go interface documentation + * for `agent/connect/ca.Provider`. + * + * After implementing this service, the plugin must also output the proper + * format to stdout for the plugin handshake. Please refer to the Consul + * documentation for more information. + */ + +syntax = "proto3"; + +option go_package = "github.com/hashicorp/consul/agent/connect/ca/plugin"; + +package plugin; + +service CA { + rpc Configure(ConfigureRequest) returns (Empty); + rpc GenerateRoot(Empty) returns (Empty); + rpc ActiveRoot(Empty) returns (ActiveRootResponse); + rpc GenerateIntermediateCSR(Empty) returns (GenerateIntermediateCSRResponse); + rpc SetIntermediate(SetIntermediateRequest) returns (Empty); + rpc ActiveIntermediate(Empty) returns (ActiveIntermediateResponse); + rpc GenerateIntermediate(Empty) returns (GenerateIntermediateResponse); + rpc Sign(SignRequest) returns (SignResponse); + rpc SignIntermediate(SignIntermediateRequest) returns (SignIntermediateResponse); + rpc CrossSignCA(CrossSignCARequest) returns (CrossSignCAResponse); + rpc Cleanup(Empty) returns (Empty); +} + +message ConfigureRequest { + string cluster_id = 1; + bool is_root = 2; + bytes config = 3; // JSON-encoded structure +} + +message SetIntermediateRequest { + string intermediate_pem = 1; + string root_pem = 2; +} + +message SignRequest { + bytes csr = 1; +} + +message SignIntermediateRequest { + bytes csr = 1; +} + +message CrossSignCARequest { + bytes crt = 1; +} + +message ActiveRootResponse { + string crt_pem = 1; +} + +message GenerateIntermediateCSRResponse { + string csr_pem = 1; +} + +message ActiveIntermediateResponse { + string crt_pem = 1; +} + +message GenerateIntermediateResponse { + string crt_pem = 1; +} + +message SignResponse { + string crt_pem = 1; +} + +message SignIntermediateResponse { + string crt_pem = 1; +} + +message CrossSignCAResponse { + string crt_pem = 1; +} + +// Protobufs doesn't allow no req/resp so in the cases where there are +// no arguments we use the Empty message. +message Empty {} diff --git a/agent/connect/ca/plugin/serve.go b/agent/connect/ca/plugin/serve.go new file mode 100644 index 0000000000..94bc04425c --- /dev/null +++ b/agent/connect/ca/plugin/serve.go @@ -0,0 +1,33 @@ +package plugin + +import ( + "github.com/hashicorp/consul/agent/connect/ca" + "github.com/hashicorp/go-plugin" +) + +// Name is the name of the plugin that users of the package should use +// with *plugin.Client.Dispense to get the proper plugin instance. +const Name = "consul-connect-ca" + +// handshakeConfig is the HandshakeConfig used to configure clients and servers. +var handshakeConfig = plugin.HandshakeConfig{ + // The ProtocolVersion is the version that must match between Consul + // and CA plugins. This should be bumped whenever a change happens in + // one or the other that makes it so that they can't safely communicate. + ProtocolVersion: 1, + + // The magic cookie values should NEVER be changed. + MagicCookieKey: "CONSUL_PLUGIN_MAGIC_COOKIE", + MagicCookieValue: "f31f63b28fa82a3cdb30a6284cb1e50e3a13b7e60ba105a2c91219da319d216c", +} + +// Serve serves a CA plugin. This function never returns and should be the +// final function called in the main function of the plugin. +func Serve(p ca.Provider) { + plugin.Serve(&plugin.ServeConfig{ + HandshakeConfig: handshakeConfig, + Plugins: map[string]plugin.Plugin{ + Name: &ProviderPlugin{Impl: p}, + }, + }) +} diff --git a/agent/connect/ca/plugin/transport_grpc.go b/agent/connect/ca/plugin/transport_grpc.go new file mode 100644 index 0000000000..cb21e559cd --- /dev/null +++ b/agent/connect/ca/plugin/transport_grpc.go @@ -0,0 +1,210 @@ +package plugin + +import ( + "context" + "crypto/x509" + "encoding/json" + + "github.com/hashicorp/consul/agent/connect/ca" + "google.golang.org/grpc" +) + +// providerPluginGRPCServer implements the CAServer interface for gRPC. +type providerPluginGRPCServer struct { + impl ca.Provider +} + +func (p *providerPluginGRPCServer) Configure(_ context.Context, req *ConfigureRequest) (*Empty, error) { + var rawConfig map[string]interface{} + if err := json.Unmarshal(req.Config, &rawConfig); err != nil { + return nil, err + } + + return &Empty{}, p.impl.Configure(req.ClusterId, req.IsRoot, rawConfig) +} + +func (p *providerPluginGRPCServer) GenerateRoot(context.Context, *Empty) (*Empty, error) { + return &Empty{}, p.impl.GenerateRoot() +} + +func (p *providerPluginGRPCServer) ActiveRoot(context.Context, *Empty) (*ActiveRootResponse, error) { + pem, err := p.impl.ActiveRoot() + return &ActiveRootResponse{CrtPem: pem}, err +} + +func (p *providerPluginGRPCServer) GenerateIntermediateCSR(context.Context, *Empty) (*GenerateIntermediateCSRResponse, error) { + pem, err := p.impl.GenerateIntermediateCSR() + return &GenerateIntermediateCSRResponse{CsrPem: pem}, err +} + +func (p *providerPluginGRPCServer) SetIntermediate(_ context.Context, req *SetIntermediateRequest) (*Empty, error) { + return &Empty{}, p.impl.SetIntermediate(req.IntermediatePem, req.RootPem) +} + +func (p *providerPluginGRPCServer) ActiveIntermediate(context.Context, *Empty) (*ActiveIntermediateResponse, error) { + pem, err := p.impl.ActiveIntermediate() + return &ActiveIntermediateResponse{CrtPem: pem}, err +} + +func (p *providerPluginGRPCServer) GenerateIntermediate(context.Context, *Empty) (*GenerateIntermediateResponse, error) { + pem, err := p.impl.GenerateIntermediate() + return &GenerateIntermediateResponse{CrtPem: pem}, err +} + +func (p *providerPluginGRPCServer) Sign(_ context.Context, req *SignRequest) (*SignResponse, error) { + csr, err := x509.ParseCertificateRequest(req.Csr) + if err != nil { + return nil, err + } + + crtPEM, err := p.impl.Sign(csr) + return &SignResponse{CrtPem: crtPEM}, err +} + +func (p *providerPluginGRPCServer) SignIntermediate(_ context.Context, req *SignIntermediateRequest) (*SignIntermediateResponse, error) { + csr, err := x509.ParseCertificateRequest(req.Csr) + if err != nil { + return nil, err + } + + crtPEM, err := p.impl.SignIntermediate(csr) + return &SignIntermediateResponse{CrtPem: crtPEM}, err +} + +func (p *providerPluginGRPCServer) CrossSignCA(_ context.Context, req *CrossSignCARequest) (*CrossSignCAResponse, error) { + crt, err := x509.ParseCertificate(req.Crt) + if err != nil { + return nil, err + } + + crtPEM, err := p.impl.CrossSignCA(crt) + return &CrossSignCAResponse{CrtPem: crtPEM}, err +} + +func (p *providerPluginGRPCServer) Cleanup(context.Context, *Empty) (*Empty, error) { + return &Empty{}, p.impl.Cleanup() +} + +// providerPluginGRPCClient implements ca.Provider for acting as a client +// to a remote CA provider plugin over gRPC. +type providerPluginGRPCClient struct { + client CAClient + clientConn *grpc.ClientConn + doneCtx context.Context +} + +func (p *providerPluginGRPCClient) Configure( + clusterId string, + isRoot bool, + rawConfig map[string]interface{}) error { + config, err := json.Marshal(rawConfig) + if err != nil { + return err + } + + _, err = p.client.Configure(p.doneCtx, &ConfigureRequest{ + ClusterId: clusterId, + IsRoot: isRoot, + Config: config, + }) + return p.err(err) +} + +func (p *providerPluginGRPCClient) GenerateRoot() error { + _, err := p.client.GenerateRoot(p.doneCtx, &Empty{}) + return p.err(err) +} + +func (p *providerPluginGRPCClient) ActiveRoot() (string, error) { + resp, err := p.client.ActiveRoot(p.doneCtx, &Empty{}) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) GenerateIntermediateCSR() (string, error) { + resp, err := p.client.GenerateIntermediateCSR(p.doneCtx, &Empty{}) + if err != nil { + return "", p.err(err) + } + + return resp.CsrPem, nil +} + +func (p *providerPluginGRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error { + _, err := p.client.SetIntermediate(p.doneCtx, &SetIntermediateRequest{ + IntermediatePem: intermediatePEM, + RootPem: rootPEM, + }) + return p.err(err) +} + +func (p *providerPluginGRPCClient) ActiveIntermediate() (string, error) { + resp, err := p.client.ActiveIntermediate(p.doneCtx, &Empty{}) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) GenerateIntermediate() (string, error) { + resp, err := p.client.GenerateIntermediate(p.doneCtx, &Empty{}) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) Sign(csr *x509.CertificateRequest) (string, error) { + resp, err := p.client.Sign(p.doneCtx, &SignRequest{ + Csr: csr.Raw, + }) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) { + resp, err := p.client.SignIntermediate(p.doneCtx, &SignIntermediateRequest{ + Csr: csr.Raw, + }) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) { + resp, err := p.client.CrossSignCA(p.doneCtx, &CrossSignCARequest{ + Crt: crt.Raw, + }) + if err != nil { + return "", p.err(err) + } + + return resp.CrtPem, nil +} + +func (p *providerPluginGRPCClient) Cleanup() error { + _, err := p.client.Cleanup(p.doneCtx, &Empty{}) + return p.err(err) +} + +func (p *providerPluginGRPCClient) err(err error) error { + if err := p.doneCtx.Err(); err != nil { + return err + } + + return err +} + +// Verification +var _ CAServer = &providerPluginGRPCServer{} +var _ ca.Provider = &providerPluginGRPCClient{} diff --git a/agent/connect/ca/plugin/transport_netrpc.go b/agent/connect/ca/plugin/transport_netrpc.go new file mode 100644 index 0000000000..8186e1d00c --- /dev/null +++ b/agent/connect/ca/plugin/transport_netrpc.go @@ -0,0 +1,185 @@ +package plugin + +import ( + "crypto/x509" + "net/rpc" + + "github.com/hashicorp/consul/agent/connect/ca" +) + +// providerPluginRPCServer implements a net/rpc backed transport for +// an underlying implementation of a ca.Provider. The server side is the +// plugin binary itself. +type providerPluginRPCServer struct { + impl ca.Provider +} + +func (p *providerPluginRPCServer) Configure(args *ConfigureRPCRequest, _ *struct{}) error { + return p.impl.Configure(args.ClusterId, args.IsRoot, args.RawConfig) +} + +func (p *providerPluginRPCServer) GenerateRoot(struct{}, *struct{}) error { + return p.impl.GenerateRoot() +} + +func (p *providerPluginRPCServer) ActiveRoot(_ struct{}, resp *ActiveRootResponse) error { + var err error + resp.CrtPem, err = p.impl.ActiveRoot() + return err +} + +func (p *providerPluginRPCServer) GenerateIntermediateCSR(_ struct{}, resp *GenerateIntermediateCSRResponse) error { + var err error + resp.CsrPem, err = p.impl.GenerateIntermediateCSR() + return err +} + +func (p *providerPluginRPCServer) SetIntermediate(args *SetIntermediateRPCRequest, _ *struct{}) error { + return p.impl.SetIntermediate(args.IntermediatePEM, args.RootPEM) +} + +func (p *providerPluginRPCServer) ActiveIntermediate(_ struct{}, resp *ActiveIntermediateResponse) error { + var err error + resp.CrtPem, err = p.impl.ActiveIntermediate() + return err +} + +func (p *providerPluginRPCServer) GenerateIntermediate(_ struct{}, resp *GenerateIntermediateResponse) error { + var err error + resp.CrtPem, err = p.impl.GenerateIntermediate() + return err +} + +func (p *providerPluginRPCServer) Sign(args *SignRequest, resp *SignResponse) error { + csr, err := x509.ParseCertificateRequest(args.Csr) + if err != nil { + return err + } + + resp.CrtPem, err = p.impl.Sign(csr) + return err +} + +func (p *providerPluginRPCServer) SignIntermediate(args *SignIntermediateRequest, resp *SignIntermediateResponse) error { + csr, err := x509.ParseCertificateRequest(args.Csr) + if err != nil { + return err + } + + resp.CrtPem, err = p.impl.SignIntermediate(csr) + return err +} + +func (p *providerPluginRPCServer) CrossSignCA(args *CrossSignCARequest, resp *CrossSignCAResponse) error { + crt, err := x509.ParseCertificate(args.Crt) + if err != nil { + return err + } + + resp.CrtPem, err = p.impl.CrossSignCA(crt) + return err +} + +func (p *providerPluginRPCServer) Cleanup(struct{}, *struct{}) error { + return p.impl.Cleanup() +} + +// providerPluginRPCClient implements a net/rpc backed transport for +// an underlying implementation of a ca.Provider. The client side is the +// software calling into the plugin binary over rpc. +// +// This implements ca.Provider. +type providerPluginRPCClient struct { + client *rpc.Client +} + +func (p *providerPluginRPCClient) Configure( + clusterId string, + isRoot bool, + rawConfig map[string]interface{}) error { + return p.client.Call("Plugin.Configure", &ConfigureRPCRequest{ + ClusterId: clusterId, + IsRoot: isRoot, + RawConfig: rawConfig, + }, &struct{}{}) +} + +func (p *providerPluginRPCClient) GenerateRoot() error { + return p.client.Call("Plugin.GenerateRoot", struct{}{}, &struct{}{}) +} + +func (p *providerPluginRPCClient) ActiveRoot() (string, error) { + var resp ActiveRootResponse + err := p.client.Call("Plugin.ActiveRoot", struct{}{}, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) GenerateIntermediateCSR() (string, error) { + var resp GenerateIntermediateCSRResponse + err := p.client.Call("Plugin.GenerateIntermediateCSR", struct{}{}, &resp) + return resp.CsrPem, err +} + +func (p *providerPluginRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error { + return p.client.Call("Plugin.SetIntermediate", &SetIntermediateRPCRequest{ + IntermediatePEM: intermediatePEM, + RootPEM: rootPEM, + }, &struct{}{}) +} + +func (p *providerPluginRPCClient) ActiveIntermediate() (string, error) { + var resp ActiveIntermediateResponse + err := p.client.Call("Plugin.ActiveIntermediate", struct{}{}, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) GenerateIntermediate() (string, error) { + var resp GenerateIntermediateResponse + err := p.client.Call("Plugin.GenerateIntermediate", struct{}{}, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) Sign(csr *x509.CertificateRequest) (string, error) { + var resp SignResponse + err := p.client.Call("Plugin.Sign", &SignRequest{ + Csr: csr.Raw, + }, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) { + var resp SignIntermediateResponse + err := p.client.Call("Plugin.SignIntermediate", &SignIntermediateRequest{ + Csr: csr.Raw, + }, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) { + var resp CrossSignCAResponse + err := p.client.Call("Plugin.CrossSignCA", &CrossSignCARequest{ + Crt: crt.Raw, + }, &resp) + return resp.CrtPem, err +} + +func (p *providerPluginRPCClient) Cleanup() error { + return p.client.Call("Plugin.Cleanup", struct{}{}, &struct{}{}) +} + +// Verification +var _ ca.Provider = &providerPluginRPCClient{} + +//------------------------------------------------------------------- +// Structs for net/rpc request and response + +type ConfigureRPCRequest struct { + ClusterId string + IsRoot bool + RawConfig map[string]interface{} +} + +type SetIntermediateRPCRequest struct { + IntermediatePEM string + RootPEM string +} diff --git a/agent/connect/ca/provider.go b/agent/connect/ca/provider.go index 0a1df39dec..1a89d6492c 100644 --- a/agent/connect/ca/provider.go +++ b/agent/connect/ca/provider.go @@ -4,6 +4,8 @@ import ( "crypto/x509" ) +//go:generate mockery -name Provider -inpkg + // Provider is the interface for Consul to interact with // an external CA that provides leaf certificate signing for // given SpiffeIDServices.