mirror of
https://github.com/certbot/certbot.git
synced 2026-04-26 00:30:15 -04:00
b8d3aab7a5
Shuffle files around in an initial attempt of creating trustify, trustify.protocol and trustify.client Python modules. The reference implemntation of the server remains where it was for now.
109 lines
3.6 KiB
Protocol Buffer
109 lines
3.6 KiB
Protocol Buffer
message chocolatemessage {
|
|
|
|
/* Definitions of message data types. */
|
|
|
|
message SigningRequest {
|
|
required int64 timestamp = 2;
|
|
required string recipient = 3;
|
|
required string csr = 4; /* Use only \n for EOL, not \r\n. */
|
|
required bytes sig = 5;
|
|
optional string clientpuzzle = 6;
|
|
/* server can specify difficulty somehow? */
|
|
}
|
|
|
|
enum FailureReason {
|
|
UnsupportedVersion = 0;
|
|
AbandonedRequest = 1;
|
|
ServerOutage = 2;
|
|
ServerGone = 3;
|
|
StaleRequest = 4;
|
|
BadSignature = 5;
|
|
BadCSR = 6;
|
|
BadRequest = 7;
|
|
NeedClientPuzzle = 8;
|
|
CannotIssueThatName = 9;
|
|
ExistingCertificate = 10;
|
|
UnsafeKey = 11;
|
|
ChallengeFailed = 12;
|
|
ChallengeTimeout = 13;
|
|
}
|
|
|
|
message Failure {
|
|
required FailureReason cause = 1;
|
|
optional string URI = 2; /* for more human-readable information */
|
|
}
|
|
|
|
message Proceed {
|
|
required int64 timestamp = 1;
|
|
optional int32 polldelay = 2;
|
|
}
|
|
|
|
enum ChallengeType {
|
|
DomainValidateSNI = 0;
|
|
DomainValidateTLSExt = 1;
|
|
EmailValidate = 2;
|
|
Payment = 3;
|
|
}
|
|
|
|
message Challenge {
|
|
required ChallengeType type = 1;
|
|
optional string name = 2;
|
|
repeated bytes data = 3; /* Each challenge type must define
|
|
a particular number of data fields
|
|
to be used, their order, and their
|
|
semantics. Changing these details
|
|
requires creating a NEW challenge
|
|
type. */
|
|
optional string URI = 4;
|
|
optional bool succeeded = 5;
|
|
/* from server: true if server ACK success,
|
|
false if server NAK success,
|
|
omit if server doesn't know if client
|
|
has attempted yet.
|
|
|
|
from client: true if claiming to be done,
|
|
false if unable,
|
|
omit if client hasn't attempted yet. */
|
|
}
|
|
|
|
message Success {
|
|
required string certificate = 1;
|
|
optional string chain = 2;
|
|
}
|
|
|
|
|
|
/* Beginning of protocol fields. */
|
|
|
|
/* Sent by CLIENT and SERVER to identify the protocol version. */
|
|
required int32 chocolateversion = 1;
|
|
|
|
/* Sent by CLIENT and SERVER to identify the session. Set to
|
|
empty string by client at beginning of new session. */
|
|
required string session = 2; /* 64 hex digits chosen by the server */
|
|
|
|
/* Sent by CLIENT at beginning of session */
|
|
optional SigningRequest request = 3; /* There should just be one request and the request
|
|
must use subject alternate names for every name that
|
|
we want to have signed. There could still be multiple
|
|
challenges in response -- one or more challenges per
|
|
name. */
|
|
|
|
/* Sent by CLIENT or SERVER to abandon a session */
|
|
optional Failure failure = 4; /* Each failure is completely fatal to the protocol, requiring it
|
|
to be restarted from the beginning. */
|
|
|
|
/* Sent by SERVER to request the client to check back later */
|
|
optional Proceed proceed = 5;
|
|
|
|
/* Sent by SERVER to announce challenges or update the client
|
|
on whether the server believes the client has successfully
|
|
completed them */
|
|
repeated Challenge challenge = 6;
|
|
|
|
/* Sent by CLIENT to announce that the client believes it has
|
|
successfully completed a challenge */
|
|
repeated Challenge completedchallenge = 7;
|
|
|
|
/* Sent by SERVER to issue the requested certificate */
|
|
optional Success success = 8;
|
|
}
|