package sa

Get desktop application:
View/edit binary Protocol Buffers messages

StorageAuthority provides full read/write access to the database.

• rpc CountInvalidAuthorizations2 (CountInvalidAuthorizationsRequest, Count)

  sa.proto:48

  Getters: this list must be identical to the StorageAuthorityReadOnly rpcs.

• rpc CountPendingAuthorizations2 (RegistrationID, Count)

  sa.proto:49

• rpc FQDNSetExists (FQDNSetExistsRequest, Exists)

  sa.proto:50

• rpc FQDNSetTimestampsForWindow (CountFQDNSetsRequest, Timestamps)

  sa.proto:51

• rpc GetAuthorization2 (AuthorizationID2, core.Authorization)

  sa.proto:52

• rpc GetAuthorizations2 (GetAuthorizationsRequest, Authorizations)

  sa.proto:53

• rpc GetCertificate (Serial, core.Certificate)

  sa.proto:54

• rpc GetLintPrecertificate (Serial, core.Certificate)

  sa.proto:55

• rpc GetCertificateStatus (Serial, core.CertificateStatus)

  sa.proto:56

• rpc GetMaxExpiration (google.protobuf.Empty, google.protobuf.Timestamp)

  sa.proto:57

• rpc GetOrder (OrderRequest, core.Order)

  sa.proto:58

• rpc GetOrderForNames (GetOrderForNamesRequest, core.Order)

  sa.proto:59

• rpc GetRegistration (RegistrationID, core.Registration)

  sa.proto:60

• rpc GetRegistrationByKey (JSONWebKey, core.Registration)

  sa.proto:61

• rpc GetRevocationStatus (Serial, RevocationStatus)

  sa.proto:62

• rpc GetRevokedCerts (GetRevokedCertsRequest, stream core.CRLEntry)

  sa.proto:63

• rpc GetRevokedCertsByShard (GetRevokedCertsByShardRequest, stream core.CRLEntry)

  sa.proto:64

• rpc GetSerialMetadata (Serial, SerialMetadata)

  sa.proto:65

• rpc GetSerialsByAccount (RegistrationID, stream Serial)

  sa.proto:66

• rpc GetSerialsByKey (SPKIHash, stream Serial)

  sa.proto:67

• rpc GetValidAuthorizations2 (GetValidAuthorizationsRequest, Authorizations)

  sa.proto:68

• rpc GetValidOrderAuthorizations2 (GetValidOrderAuthorizationsRequest, Authorizations)

  sa.proto:69

• rpc IncidentsForSerial (Serial, Incidents)

  sa.proto:70

• rpc KeyBlocked (SPKIHash, Exists)

  sa.proto:71

• rpc ReplacementOrderExists (Serial, Exists)

  sa.proto:72

• rpc SerialsForIncident (SerialsForIncidentRequest, stream IncidentSerial)

  sa.proto:73

• rpc CheckIdentifiersPaused (PauseRequest, Identifiers)

  sa.proto:74

• rpc GetPausedIdentifiers (RegistrationID, Identifiers)

  sa.proto:75

• rpc GetRateLimitOverride (GetRateLimitOverrideRequest, RateLimitOverrideResponse)

  sa.proto:76

• rpc GetEnabledRateLimitOverrides (google.protobuf.Empty, stream RateLimitOverride)

  sa.proto:77

• rpc AddBlockedKey (AddBlockedKeyRequest, google.protobuf.Empty)

  sa.proto:80

  Adders

  message AddBlockedKeyRequest

  sa.proto:340

  • bytes keyHash = 1

    Next unused field number: 7

  • optional google.protobuf.Timestamp added = 6

  • string source = 3

  • string comment = 4

  • int64 revokedBy = 5

• rpc AddCertificate (AddCertificateRequest, google.protobuf.Empty)

  sa.proto:81

• rpc AddPrecertificate (AddCertificateRequest, google.protobuf.Empty)

  sa.proto:82

• rpc SetCertificateStatusReady (Serial, google.protobuf.Empty)

  sa.proto:83

• rpc AddSerial (AddSerialRequest, google.protobuf.Empty)

  sa.proto:84

  message AddSerialRequest

  sa.proto:188

  • int64 regID = 1

    Next unused field number: 7

  • string serial = 2

  • optional google.protobuf.Timestamp created = 5

  • optional google.protobuf.Timestamp expires = 6

• rpc DeactivateAuthorization2 (AuthorizationID2, google.protobuf.Empty)

  sa.proto:85

• rpc DeactivateRegistration (RegistrationID, core.Registration)

  sa.proto:86

• rpc FinalizeAuthorization2 (FinalizeAuthorizationRequest, google.protobuf.Empty)

  sa.proto:87

  message FinalizeAuthorizationRequest

  sa.proto:327

  • int64 id = 1

    Next unused field number: 10

  • string status = 2

  • optional google.protobuf.Timestamp expires = 8

  • string attempted = 4

  • repeated core.ValidationRecord validationRecords = 5

  • optional core.ProblemDetails validationError = 6

  • optional google.protobuf.Timestamp attemptedAt = 9

• rpc FinalizeOrder (FinalizeOrderRequest, google.protobuf.Empty)

  sa.proto:88

  message FinalizeOrderRequest

  sa.proto:287

  • int64 id = 1

  • string certificateSerial = 2

• rpc NewOrderAndAuthzs (NewOrderAndAuthzsRequest, core.Order)

  sa.proto:89

  message NewOrderAndAuthzsRequest

  sa.proto:265

  • optional NewOrderRequest newOrder = 1

  • repeated NewAuthzRequest newAuthzs = 2

• rpc NewRegistration (core.Registration, core.Registration)

  sa.proto:90

• rpc RevokeCertificate (RevokeCertificateRequest, google.protobuf.Empty)

  sa.proto:91

• rpc SetOrderError (SetOrderErrorRequest, google.protobuf.Empty)

  sa.proto:92

  message SetOrderErrorRequest

  sa.proto:270

  • int64 id = 1

  • optional core.ProblemDetails error = 2

• rpc SetOrderProcessing (OrderRequest, google.protobuf.Empty)

  sa.proto:93

• rpc UpdateRegistrationContact (UpdateRegistrationContactRequest, core.Registration)

  sa.proto:94

  message UpdateRegistrationContactRequest

  sa.proto:439

  • int64 registrationID = 1

  • repeated string contacts = 2

• rpc UpdateRegistrationKey (UpdateRegistrationKeyRequest, core.Registration)

  sa.proto:95

  message UpdateRegistrationKeyRequest

  sa.proto:444

  • int64 registrationID = 1

  • bytes jwk = 2

• rpc UpdateRevokedCertificate (RevokeCertificateRequest, google.protobuf.Empty)

  sa.proto:96

• rpc LeaseCRLShard (LeaseCRLShardRequest, LeaseCRLShardResponse)

  sa.proto:97

  message LeaseCRLShardRequest

  sa.proto:406

  • int64 issuerNameID = 1

  • int64 minShardIdx = 2

  • int64 maxShardIdx = 3

  • optional google.protobuf.Timestamp until = 4

  message LeaseCRLShardResponse

  sa.proto:413

  • int64 issuerNameID = 1

  • int64 shardIdx = 2

• rpc UpdateCRLShard (UpdateCRLShardRequest, google.protobuf.Empty)

  sa.proto:98

  message UpdateCRLShardRequest

  sa.proto:418

  • int64 issuerNameID = 1

  • int64 shardIdx = 2

  • optional google.protobuf.Timestamp thisUpdate = 3

  • optional google.protobuf.Timestamp nextUpdate = 4

• rpc PauseIdentifiers (PauseRequest, PauseIdentifiersResponse)

  sa.proto:99

  message PauseIdentifiersResponse

  sa.proto:434

  • int64 paused = 1

  • int64 repaused = 2

• rpc UnpauseAccount (RegistrationID, Count)

  sa.proto:100

• rpc AddRateLimitOverride (AddRateLimitOverrideRequest, AddRateLimitOverrideResponse)

  sa.proto:101

  message AddRateLimitOverrideRequest

  sa.proto:458

  • optional RateLimitOverride override = 1

  message AddRateLimitOverrideResponse

  sa.proto:462

  • bool inserted = 1

  • bool enabled = 2

• rpc DisableRateLimitOverride (DisableRateLimitOverrideRequest, google.protobuf.Empty)

  sa.proto:102

  message DisableRateLimitOverrideRequest

  sa.proto:472

  • int64 limitEnum = 1

  • string bucketKey = 2

• rpc EnableRateLimitOverride (EnableRateLimitOverrideRequest, google.protobuf.Empty)

  sa.proto:103

  message EnableRateLimitOverrideRequest

  sa.proto:467

  • int64 limitEnum = 1

  • string bucketKey = 2

StorageAuthorityReadOnly exposes only those SA methods which are read-only.

• rpc CountInvalidAuthorizations2 (CountInvalidAuthorizationsRequest, Count)

  sa.proto:13

• rpc CountPendingAuthorizations2 (RegistrationID, Count)

  sa.proto:14

• rpc FQDNSetExists (FQDNSetExistsRequest, Exists)

  sa.proto:15

• rpc FQDNSetTimestampsForWindow (CountFQDNSetsRequest, Timestamps)

  sa.proto:16

• rpc GetAuthorization2 (AuthorizationID2, core.Authorization)

  sa.proto:17

• rpc GetAuthorizations2 (GetAuthorizationsRequest, Authorizations)

  sa.proto:18

• rpc GetCertificate (Serial, core.Certificate)

  sa.proto:19

• rpc GetLintPrecertificate (Serial, core.Certificate)

  sa.proto:20

• rpc GetCertificateStatus (Serial, core.CertificateStatus)

  sa.proto:21

• rpc GetMaxExpiration (google.protobuf.Empty, google.protobuf.Timestamp)

  sa.proto:22

• rpc GetOrder (OrderRequest, core.Order)

  sa.proto:23

• rpc GetOrderForNames (GetOrderForNamesRequest, core.Order)

  sa.proto:24

• rpc GetRegistration (RegistrationID, core.Registration)

  sa.proto:25

• rpc GetRegistrationByKey (JSONWebKey, core.Registration)

  sa.proto:26

• rpc GetRevocationStatus (Serial, RevocationStatus)

  sa.proto:27

• rpc GetRevokedCerts (GetRevokedCertsRequest, stream core.CRLEntry)

  sa.proto:28

• rpc GetRevokedCertsByShard (GetRevokedCertsByShardRequest, stream core.CRLEntry)

  sa.proto:29

• rpc GetSerialMetadata (Serial, SerialMetadata)

  sa.proto:30

• rpc GetSerialsByAccount (RegistrationID, stream Serial)

  sa.proto:31

• rpc GetSerialsByKey (SPKIHash, stream Serial)

  sa.proto:32

• rpc GetValidAuthorizations2 (GetValidAuthorizationsRequest, Authorizations)

  sa.proto:33

• rpc GetValidOrderAuthorizations2 (GetValidOrderAuthorizationsRequest, Authorizations)

  sa.proto:34

• rpc IncidentsForSerial (Serial, Incidents)

  sa.proto:35

• rpc KeyBlocked (SPKIHash, Exists)

  sa.proto:36

• rpc ReplacementOrderExists (Serial, Exists)

  sa.proto:37

• rpc SerialsForIncident (SerialsForIncidentRequest, stream IncidentSerial)

  sa.proto:38

• rpc CheckIdentifiersPaused (PauseRequest, Identifiers)

  sa.proto:39

• rpc GetPausedIdentifiers (RegistrationID, Identifiers)

  sa.proto:40

• rpc GetRateLimitOverride (GetRateLimitOverrideRequest, RateLimitOverrideResponse)

  sa.proto:41

• rpc GetEnabledRateLimitOverrides (google.protobuf.Empty, stream RateLimitOverride)

  sa.proto:42

Used as request type in: StorageAuthority.AddCertificate, StorageAuthority.AddPrecertificate

• bytes der = 1

  Next unused field number: 8

• int64 regID = 2

• optional google.protobuf.Timestamp issued = 7

• int64 issuerNameID = 5

  https://pkg.go.dev/github.com/letsencrypt/boulder/issuance#IssuerNameID

• bool ocspNotReady = 6

  If this is set to true, the certificateStatus.status column will be set to "wait", which will cause us to serve internalError responses with OCSP is queried. This allows us to meet the BRs requirement: If the OCSP responder receives a request for the status of a certificate serial number that is “unused”, then ... the responder MUST NOT respond with a “good” status for such requests. Paraphrasing, a certificate serial number is unused if neither a Certificate nor a Precertificate has been issued with it. So when we write a linting certificate to the precertificates table, we want to make sure we never give a "good" response for that serial until the precertificate is actually issued.

• string id = 1

Used as request type in: StorageAuthority.DeactivateAuthorization2, StorageAuthority.GetAuthorization2, StorageAuthorityReadOnly.GetAuthorization2

• int64 id = 1

• repeated string ids = 1

Used as response type in: StorageAuthority.GetAuthorizations2, StorageAuthority.GetValidAuthorizations2, StorageAuthority.GetValidOrderAuthorizations2, StorageAuthorityReadOnly.GetAuthorizations2, StorageAuthorityReadOnly.GetValidAuthorizations2, StorageAuthorityReadOnly.GetValidOrderAuthorizations2

• repeated core.Authorization authzs = 2

Used as response type in: StorageAuthority.CountInvalidAuthorizations2, StorageAuthority.CountPendingAuthorizations2, StorageAuthority.UnpauseAccount, StorageAuthorityReadOnly.CountInvalidAuthorizations2, StorageAuthorityReadOnly.CountPendingAuthorizations2

• int64 count = 1

Used as request type in: StorageAuthority.FQDNSetTimestampsForWindow, StorageAuthorityReadOnly.FQDNSetTimestampsForWindow

• repeated core.Identifier identifiers = 5

• optional google.protobuf.Duration window = 3

• int64 limit = 4

Used as request type in: StorageAuthority.CountInvalidAuthorizations2, StorageAuthorityReadOnly.CountInvalidAuthorizations2

• int64 registrationID = 1

  Next unused field number: 5

• optional core.Identifier identifier = 4

• optional Range range = 3

  Count authorizations that expire in this range.

Used as response type in: StorageAuthority.FQDNSetExists, StorageAuthority.KeyBlocked, StorageAuthority.ReplacementOrderExists, StorageAuthorityReadOnly.FQDNSetExists, StorageAuthorityReadOnly.KeyBlocked, StorageAuthorityReadOnly.ReplacementOrderExists

• bool exists = 1

Used as request type in: StorageAuthority.FQDNSetExists, StorageAuthorityReadOnly.FQDNSetExists

• repeated core.Identifier identifiers = 2

Used as request type in: StorageAuthority.GetAuthorizations2, StorageAuthorityReadOnly.GetAuthorizations2

• int64 registrationID = 1

  Next unused field number: 7

• repeated core.Identifier identifiers = 6

• optional google.protobuf.Timestamp validUntil = 4

• string profile = 5

Used as request type in: StorageAuthority.GetOrderForNames, StorageAuthorityReadOnly.GetOrderForNames

• int64 acctID = 1

  Next unused field number: 4

• repeated core.Identifier identifiers = 3

Used as request type in: StorageAuthority.GetRateLimitOverride, StorageAuthorityReadOnly.GetRateLimitOverride

• int64 limitEnum = 1

• string bucketKey = 2

Used as request type in: StorageAuthority.GetRevokedCertsByShard, StorageAuthorityReadOnly.GetRevokedCertsByShard

• int64 issuerNameID = 1

• optional google.protobuf.Timestamp revokedBefore = 2

• optional google.protobuf.Timestamp expiresAfter = 3

• int64 shardIdx = 4

Used as request type in: StorageAuthority.GetRevokedCerts, StorageAuthorityReadOnly.GetRevokedCerts

• int64 issuerNameID = 1

  Next unused field number: 9

• optional google.protobuf.Timestamp expiresAfter = 6

  inclusive

• optional google.protobuf.Timestamp expiresBefore = 7

  exclusive

• optional google.protobuf.Timestamp revokedBefore = 8

Used as request type in: StorageAuthority.GetValidAuthorizations2, StorageAuthorityReadOnly.GetValidAuthorizations2

• int64 registrationID = 1

  Next unused field number: 7

• repeated core.Identifier identifiers = 6

• optional google.protobuf.Timestamp validUntil = 4

• string profile = 5

Used as request type in: StorageAuthority.GetValidOrderAuthorizations2, StorageAuthorityReadOnly.GetValidOrderAuthorizations2

• int64 id = 1

• int64 acctID = 2

Used as response type in: StorageAuthority.CheckIdentifiersPaused, StorageAuthority.GetPausedIdentifiers, StorageAuthorityReadOnly.CheckIdentifiersPaused, StorageAuthorityReadOnly.GetPausedIdentifiers

• repeated core.Identifier identifiers = 1

Used in: Incidents

• int64 id = 1

  Next unused field number: 7

• string serialTable = 2

• string url = 3

• optional google.protobuf.Timestamp renewBy = 6

• bool enabled = 5

Used as response type in: StorageAuthority.SerialsForIncident, StorageAuthorityReadOnly.SerialsForIncident

• string serial = 1

  Next unused field number: 6

• int64 registrationID = 2

  May be 0 (NULL)

• int64 orderID = 3

  May be 0 (NULL)

• optional google.protobuf.Timestamp lastNoticeSent = 5

Used as response type in: StorageAuthority.IncidentsForSerial, StorageAuthorityReadOnly.IncidentsForSerial

• repeated Incident incidents = 1

Used as request type in: StorageAuthority.GetRegistrationByKey, StorageAuthorityReadOnly.GetRegistrationByKey

• bytes jwk = 1

NewAuthzRequest starts with all the same fields as corepb.Authorization, because it is replacing that type in NewOrderAndAuthzsRequest, and then improves from there.

Used in: NewOrderAndAuthzsRequest

• optional core.Identifier identifier = 12

• int64 registrationID = 3

• optional google.protobuf.Timestamp expires = 9

• repeated string challengeTypes = 10

• string token = 11

Used in: NewOrderAndAuthzsRequest

• int64 registrationID = 1

  Next unused field number: 10

• optional google.protobuf.Timestamp expires = 5

• repeated core.Identifier identifiers = 9

• repeated int64 v2Authorizations = 4

• string certificateProfileName = 7

• string replaces = 8

  Replaces is the ARI certificate Id that this order replaces.

• string replacesSerial = 6

  ReplacesSerial is the serial number of the certificate that this order replaces.

Used as request type in: StorageAuthority.GetOrder, StorageAuthority.SetOrderProcessing, StorageAuthorityReadOnly.GetOrder

• int64 id = 1

Used as request type in: StorageAuthority.CheckIdentifiersPaused, StorageAuthority.PauseIdentifiers, StorageAuthorityReadOnly.CheckIdentifiersPaused

• int64 registrationID = 1

• repeated core.Identifier identifiers = 2

Used in: CountInvalidAuthorizationsRequest

• optional google.protobuf.Timestamp earliest = 3

• optional google.protobuf.Timestamp latest = 4

Used as response type in: StorageAuthority.GetEnabledRateLimitOverrides, StorageAuthorityReadOnly.GetEnabledRateLimitOverrides

Used as field type in: AddRateLimitOverrideRequest, RateLimitOverrideResponse

• int64 limitEnum = 1

• string bucketKey = 2

• string comment = 3

• optional google.protobuf.Duration period = 4

• int64 count = 5

• int64 burst = 6

Used as response type in: StorageAuthority.GetRateLimitOverride, StorageAuthorityReadOnly.GetRateLimitOverride

• optional RateLimitOverride override = 1

• bool enabled = 2

• optional google.protobuf.Timestamp updatedAt = 3

Used as request type in: StorageAuthority.CountPendingAuthorizations2, StorageAuthority.DeactivateRegistration, StorageAuthority.GetPausedIdentifiers, StorageAuthority.GetRegistration, StorageAuthority.GetSerialsByAccount, StorageAuthority.UnpauseAccount, StorageAuthorityReadOnly.CountPendingAuthorizations2, StorageAuthorityReadOnly.GetPausedIdentifiers, StorageAuthorityReadOnly.GetRegistration, StorageAuthorityReadOnly.GetSerialsByAccount

• int64 id = 1

Used as response type in: StorageAuthority.GetRevocationStatus, StorageAuthorityReadOnly.GetRevocationStatus

• int64 status = 1

• int64 revokedReason = 2

• optional google.protobuf.Timestamp revokedDate = 3

  Unix timestamp (nanoseconds)

Used as request type in: StorageAuthority.RevokeCertificate, StorageAuthority.UpdateRevokedCertificate

• string serial = 1

  Next unused field number: 10

• int64 reason = 2

• optional google.protobuf.Timestamp date = 8

• optional google.protobuf.Timestamp backdate = 9

• bytes response = 4

• int64 issuerID = 6

• int64 shardIdx = 7

Used as request type in: StorageAuthority.GetSerialsByKey, StorageAuthority.KeyBlocked, StorageAuthorityReadOnly.GetSerialsByKey, StorageAuthorityReadOnly.KeyBlocked

• bytes keyHash = 1

Used as request type in: StorageAuthority.GetCertificate, StorageAuthority.GetCertificateStatus, StorageAuthority.GetLintPrecertificate, StorageAuthority.GetRevocationStatus, StorageAuthority.GetSerialMetadata, StorageAuthority.IncidentsForSerial, StorageAuthority.ReplacementOrderExists, StorageAuthority.SetCertificateStatusReady, StorageAuthorityReadOnly.GetCertificate, StorageAuthorityReadOnly.GetCertificateStatus, StorageAuthorityReadOnly.GetLintPrecertificate, StorageAuthorityReadOnly.GetRevocationStatus, StorageAuthorityReadOnly.GetSerialMetadata, StorageAuthorityReadOnly.IncidentsForSerial, StorageAuthorityReadOnly.ReplacementOrderExists

Used as response type in: StorageAuthority.GetSerialsByAccount, StorageAuthority.GetSerialsByKey, StorageAuthorityReadOnly.GetSerialsByAccount, StorageAuthorityReadOnly.GetSerialsByKey

• string serial = 1

Used as response type in: StorageAuthority.GetSerialMetadata, StorageAuthorityReadOnly.GetSerialMetadata

• string serial = 1

  Next unused field number: 7

• int64 registrationID = 2

• optional google.protobuf.Timestamp created = 5

• optional google.protobuf.Timestamp expires = 6

Used as request type in: StorageAuthority.SerialsForIncident, StorageAuthorityReadOnly.SerialsForIncident

• string incidentTable = 1

Used as response type in: StorageAuthority.FQDNSetTimestampsForWindow, StorageAuthorityReadOnly.FQDNSetTimestampsForWindow

• repeated google.protobuf.Timestamp timestamps = 2