diff --git a/cmd/boulder-ra/main.go b/cmd/boulder-ra/main.go index e71cbb37bc8..e0b2e3e915b 100644 --- a/cmd/boulder-ra/main.go +++ b/cmd/boulder-ra/main.go @@ -34,7 +34,8 @@ type Config struct { cmd.ServiceConfig cmd.HostnamePolicyConfig - RateLimitPoliciesFilename string `validate:"required"` + // RateLimitPoliciesFilename is deprecated. + RateLimitPoliciesFilename string MaxContactsPerRegistration int @@ -297,8 +298,6 @@ func main() { ) defer rai.Drain() - policyErr := rai.LoadRateLimitPoliciesFile(c.RA.RateLimitPoliciesFilename) - cmd.FailOnError(policyErr, "Couldn't load rate limit policies file") rai.PA = pa rai.VA = va.RemoteClients{ diff --git a/db/map_test.go b/db/map_test.go index c426343847e..a65a54d084a 100644 --- a/db/map_test.go +++ b/db/map_test.go @@ -10,6 +10,7 @@ import ( "github.com/letsencrypt/borp" "github.com/go-sql-driver/mysql" + "github.com/letsencrypt/boulder/core" "github.com/letsencrypt/boulder/test" "github.com/letsencrypt/boulder/test/vars" @@ -185,10 +186,6 @@ func TestTableFromQuery(t *testing.T) { query: "insert into `certificates` (`registrationID`,`serial`,`digest`,`der`,`issued`,`expires`) values (?,?,?,?,?,?);", expectedTable: "`certificates`", }, - { - query: "INSERT INTO certificatesPerName (eTLDPlusOne, time, count) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE count=count+1;", - expectedTable: "certificatesPerName", - }, { query: "insert into `fqdnSets` (`ID`,`SetHash`,`Serial`,`Issued`,`Expires`) values (null,?,?,?,?);", expectedTable: "`fqdnSets`", diff --git a/features/features.go b/features/features.go index 3a7f1369096..3a13e835202 100644 --- a/features/features.go +++ b/features/features.go @@ -16,7 +16,9 @@ import ( // package's global Config. type Config struct { // Deprecated flags. - IncrementRateLimits bool + IncrementRateLimits bool + UseKvLimitsForNewOrder bool + DisableLegacyLimitWrites bool // ServeRenewalInfo exposes the renewalInfo endpoint in the directory and for // GET requests. WARNING: This feature is a draft and highly unstable. @@ -67,21 +69,6 @@ type Config struct { // until the paused identifiers are unpaused and the order is resubmitted. CheckIdentifiersPaused bool - // UseKvLimitsForNewOrder when enabled, causes the key-value rate limiter to - // be the authoritative source of rate limiting information for new-order - // callers and disables the legacy rate limiting checks. - // - // Note: this flag does not disable writes to the certificatesPerName or - // fqdnSets tables at Finalize time. - UseKvLimitsForNewOrder bool - - // DisableLegacyLimitWrites when enabled, disables writes to: - // - the newOrdersRL table at new-order time, and - // - the certificatesPerName table at finalize time. - // - // This flag should only be used in conjunction with UseKvLimitsForNewOrder. - DisableLegacyLimitWrites bool - // PropagateCancels controls whether the WFE and ocsp-responder allows // cancellation of an inbound request to cancel downstream gRPC and other // queries. In practice, cancellation of an inbound request is achieved by diff --git a/mocks/sa.go b/mocks/sa.go index fd91e13b5c6..e98c57c1054 100644 --- a/mocks/sa.go +++ b/mocks/sa.go @@ -311,16 +311,6 @@ func (sa *StorageAuthorityReadOnly) FQDNSetExists(_ context.Context, _ *sapb.FQD return &sapb.Exists{Exists: false}, nil } -// CountCertificatesByNames is a mock -func (sa *StorageAuthorityReadOnly) CountCertificatesByNames(_ context.Context, _ *sapb.CountCertificatesByNamesRequest, _ ...grpc.CallOption) (*sapb.CountByNames, error) { - return &sapb.CountByNames{}, nil -} - -// CountOrders is a mock -func (sa *StorageAuthorityReadOnly) CountOrders(_ context.Context, _ *sapb.CountOrdersRequest, _ ...grpc.CallOption) (*sapb.Count, error) { - return &sapb.Count{}, nil -} - // DeactivateRegistration is a mock func (sa *StorageAuthority) DeactivateRegistration(_ context.Context, _ *sapb.RegistrationID, _ ...grpc.CallOption) (*emptypb.Empty, error) { return &emptypb.Empty{}, nil diff --git a/ra/ra.go b/ra/ra.go index bf882e5a834..0ab5128cc23 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -11,7 +11,6 @@ import ( "math/big" "net" "net/url" - "os" "slices" "sort" "strconv" @@ -24,7 +23,6 @@ import ( "github.com/prometheus/client_golang/prometheus" "golang.org/x/crypto/ocsp" "google.golang.org/protobuf/proto" - "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/emptypb" "google.golang.org/protobuf/types/known/timestamppb" @@ -47,7 +45,6 @@ import ( "github.com/letsencrypt/boulder/probs" pubpb "github.com/letsencrypt/boulder/publisher/proto" rapb "github.com/letsencrypt/boulder/ra/proto" - "github.com/letsencrypt/boulder/ratelimit" "github.com/letsencrypt/boulder/ratelimits" "github.com/letsencrypt/boulder/revocation" sapb "github.com/letsencrypt/boulder/sa/proto" @@ -87,7 +84,6 @@ type RegistrationAuthorityImpl struct { // How long before a newly created authorization expires. authorizationLifetime time.Duration pendingAuthorizationLifetime time.Duration - rlPolicies ratelimit.Limits maxContactsPerReg int limiter *ratelimits.Limiter txnBuilder *ratelimits.TransactionBuilder @@ -248,7 +244,6 @@ func NewRegistrationAuthorityImpl( log: logger, authorizationLifetime: authorizationLifetime, pendingAuthorizationLifetime: pendingAuthorizationLifetime, - rlPolicies: ratelimit.New(), maxContactsPerReg: maxContactsPerReg, keyPolicy: keyPolicy, limiter: limiter, @@ -277,19 +272,6 @@ func NewRegistrationAuthorityImpl( return ra } -func (ra *RegistrationAuthorityImpl) LoadRateLimitPoliciesFile(filename string) error { - configBytes, err := os.ReadFile(filename) - if err != nil { - return err - } - err = ra.rlPolicies.LoadPolicies(configBytes) - if err != nil { - return err - } - - return nil -} - // certificateRequestAuthz is a struct for holding information about a valid // authz referenced during a certificateRequestEvent. It holds both the // authorization ID and the challenge type that made the authorization valid. We @@ -485,109 +467,6 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error { return nil } -func (ra *RegistrationAuthorityImpl) checkPendingAuthorizationLimit(ctx context.Context, regID int64, limit ratelimit.RateLimitPolicy) error { - // This rate limit's threshold can only be overridden on a per-regID basis, - // not based on any other key. - threshold, overrideKey := limit.GetThreshold("", regID) - if threshold == -1 { - return nil - } - countPB, err := ra.SA.CountPendingAuthorizations2(ctx, &sapb.RegistrationID{ - Id: regID, - }) - if err != nil { - return err - } - if countPB.Count >= threshold { - ra.log.Infof("Rate limit exceeded, PendingAuthorizationsByRegID, regID: %d", regID) - return berrors.RateLimitError(0, "too many currently pending authorizations: %d", countPB.Count) - } - if overrideKey != "" { - utilization := float64(countPB.Count) / float64(threshold) - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.PendingAuthorizationsPerAccount, overrideKey).Set(utilization) - } - return nil -} - -// checkInvalidAuthorizationLimits checks the failed validation limit for each -// of the provided hostnames. It returns the first error. -func (ra *RegistrationAuthorityImpl) checkInvalidAuthorizationLimits(ctx context.Context, regID int64, hostnames []string, limits ratelimit.RateLimitPolicy) error { - results := make(chan error, len(hostnames)) - for _, hostname := range hostnames { - go func(hostname string) { - results <- ra.checkInvalidAuthorizationLimit(ctx, regID, hostname, limits) - }(hostname) - } - // We don't have to wait for all of the goroutines to finish because there's - // enough capacity in the chan for them all to write their result even if - // nothing is reading off the chan anymore. - for range len(hostnames) { - err := <-results - if err != nil { - return err - } - } - return nil -} - -func (ra *RegistrationAuthorityImpl) checkInvalidAuthorizationLimit(ctx context.Context, regID int64, hostname string, limit ratelimit.RateLimitPolicy) error { - latest := ra.clk.Now().Add(ra.pendingAuthorizationLifetime) - earliest := latest.Add(-limit.Window.Duration) - req := &sapb.CountInvalidAuthorizationsRequest{ - RegistrationID: regID, - DnsName: hostname, - Range: &sapb.Range{ - Earliest: timestamppb.New(earliest), - Latest: timestamppb.New(latest), - }, - } - count, err := ra.SA.CountInvalidAuthorizations2(ctx, req) - if err != nil { - return err - } - // Most rate limits have a key for overrides, but there is no meaningful key - // here. - noKey := "" - threshold, overrideKey := limit.GetThreshold(noKey, regID) - if count.Count >= threshold { - ra.log.Infof("Rate limit exceeded, InvalidAuthorizationsByRegID, regID: %d", regID) - return berrors.FailedAuthorizationsPerDomainPerAccountError(0, "too many failed authorizations recently") - } - if overrideKey != "" { - utilization := float64(count.Count) / float64(threshold) - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.InvalidAuthorizationsPerAccount, overrideKey).Set(utilization) - } - return nil -} - -// checkNewOrdersPerAccountLimit enforces the rlPolicies `NewOrdersPerAccount` -// rate limit. This rate limit ensures a client can not create more than the -// specified threshold of new orders within the specified time window. -func (ra *RegistrationAuthorityImpl) checkNewOrdersPerAccountLimit(ctx context.Context, acctID int64, limit ratelimit.RateLimitPolicy) error { - now := ra.clk.Now() - count, err := ra.SA.CountOrders(ctx, &sapb.CountOrdersRequest{ - AccountID: acctID, - Range: &sapb.Range{ - Earliest: timestamppb.New(now.Add(-limit.Window.Duration)), - Latest: timestamppb.New(now), - }, - }) - if err != nil { - return err - } - // There is no meaningful override key to use for this rate limit - noKey := "" - threshold, overrideKey := limit.GetThreshold(noKey, acctID) - if count.Count >= threshold { - return berrors.NewOrdersPerAccountError(0, "too many new orders recently") - } - if overrideKey != "" { - utilization := float64(count.Count+1) / float64(threshold) - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.NewOrdersPerAccount, overrideKey).Set(utilization) - } - return nil -} - // matchesCSR tests the contents of a generated certificate to make sure // that the PublicKey, CommonName, and DNSNames match those provided in // the CSR that was used to generate the certificate. It also checks the @@ -1189,11 +1068,6 @@ func (ra *RegistrationAuthorityImpl) issueCertificateOuter( // errors from this function to the Subscriber, spends against these limit are // best effort. func (ra *RegistrationAuthorityImpl) countCertificateIssued(ctx context.Context, regId int64, orderDomains []string, isRenewal bool) { - if ra.limiter == nil || ra.txnBuilder == nil { - // Limiter is disabled. - return - } - var transactions []ratelimits.Transaction if !isRenewal { txns, err := ra.txnBuilder.CertificatesPerDomainSpendOnlyTransactions(regId, orderDomains) @@ -1354,226 +1228,6 @@ func (ra *RegistrationAuthorityImpl) getSCTs(ctx context.Context, cert []byte, e return scts, nil } -// enforceNameCounts uses the provided count RPC to find a count of certificates -// for each of the names. If the count for any of the names exceeds the limit -// for the given registration then the names out of policy are returned to be -// used for a rate limit error. -func (ra *RegistrationAuthorityImpl) enforceNameCounts(ctx context.Context, names []string, limit ratelimit.RateLimitPolicy, regID int64) ([]string, time.Time, error) { - now := ra.clk.Now() - req := &sapb.CountCertificatesByNamesRequest{ - DnsNames: names, - Range: &sapb.Range{ - Earliest: timestamppb.New(limit.WindowBegin(now)), - Latest: timestamppb.New(now), - }, - } - - response, err := ra.SA.CountCertificatesByNames(ctx, req) - if err != nil { - return nil, time.Time{}, err - } - - if len(response.Counts) == 0 { - return nil, time.Time{}, errIncompleteGRPCResponse - } - - var badNames []string - var metricsData []struct { - overrideKey string - utilization float64 - } - - // Find the names that have counts at or over the threshold. Range - // over the names slice input to ensure the order of badNames will - // return the badNames in the same order they were input. - for _, name := range names { - threshold, overrideKey := limit.GetThreshold(name, regID) - if response.Counts[name] >= threshold { - badNames = append(badNames, name) - } - if overrideKey != "" { - // Name is under threshold due to an override. - utilization := float64(response.Counts[name]+1) / float64(threshold) - metricsData = append(metricsData, struct { - overrideKey string - utilization float64 - }{overrideKey, utilization}) - } - } - - if len(badNames) == 0 { - // All names were under the threshold, emit override utilization metrics. - for _, data := range metricsData { - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.CertificatesPerName, data.overrideKey).Set(data.utilization) - } - } - return badNames, response.Earliest.AsTime(), nil -} - -func (ra *RegistrationAuthorityImpl) checkCertificatesPerNameLimit(ctx context.Context, names []string, limit ratelimit.RateLimitPolicy, regID int64) error { - tldNames := ratelimits.FQDNsToETLDsPlusOne(names) - namesOutOfLimit, earliest, err := ra.enforceNameCounts(ctx, tldNames, limit, regID) - if err != nil { - return fmt.Errorf("checking certificates per name limit for %q: %s", - names, err) - } - - if len(namesOutOfLimit) > 0 { - // Determine the amount of time until the earliest event would fall out - // of the window. - retryAfter := earliest.Add(limit.Window.Duration).Sub(ra.clk.Now()) - retryString := earliest.Add(limit.Window.Duration).Format(time.RFC3339) - - ra.log.Infof("Rate limit exceeded, CertificatesForDomain, regID: %d, domains: %s", regID, strings.Join(namesOutOfLimit, ", ")) - if len(namesOutOfLimit) > 1 { - var subErrors []berrors.SubBoulderError - for _, name := range namesOutOfLimit { - subErrors = append(subErrors, berrors.SubBoulderError{ - Identifier: identifier.NewDNS(name), - BoulderError: berrors.NewOrdersPerAccountError(retryAfter, "too many certificates already issued. Retry after %s", retryString).(*berrors.BoulderError), - }) - } - return berrors.NewOrdersPerAccountError(retryAfter, "too many certificates already issued for multiple names (%q and %d others). Retry after %s", namesOutOfLimit[0], len(namesOutOfLimit), retryString).(*berrors.BoulderError).WithSubErrors(subErrors) - } - return berrors.NewOrdersPerAccountError(retryAfter, "too many certificates already issued for %q. Retry after %s", namesOutOfLimit[0], retryString) - } - - return nil -} - -func (ra *RegistrationAuthorityImpl) checkCertificatesPerFQDNSetLimit(ctx context.Context, names []string, limit ratelimit.RateLimitPolicy, regID int64) error { - names = core.UniqueLowerNames(names) - threshold, overrideKey := limit.GetThreshold(strings.Join(names, ","), regID) - if threshold <= 0 { - // No limit configured. - return nil - } - - prevIssuances, err := ra.SA.FQDNSetTimestampsForWindow(ctx, &sapb.CountFQDNSetsRequest{ - DnsNames: names, - Window: durationpb.New(limit.Window.Duration), - }) - if err != nil { - return fmt.Errorf("checking duplicate certificate limit for %q: %s", names, err) - } - - if overrideKey != "" { - utilization := float64(len(prevIssuances.Timestamps)) / float64(threshold) - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.CertificatesPerFQDNSet, overrideKey).Set(utilization) - } - - issuanceCount := int64(len(prevIssuances.Timestamps)) - if issuanceCount < threshold { - // Issuance in window is below the threshold, no need to limit. - if overrideKey != "" { - utilization := float64(issuanceCount+1) / float64(threshold) - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.CertificatesPerFQDNSet, overrideKey).Set(utilization) - } - return nil - } else { - // Evaluate the rate limit using a token bucket algorithm. The bucket - // has a capacity of threshold and is refilled at a rate of 1 token per - // limit.Window/threshold from the time of each issuance timestamp. The - // timestamps start from the most recent issuance and go back in time. - now := ra.clk.Now() - nsPerToken := limit.Window.Nanoseconds() / threshold - for i, timestamp := range prevIssuances.Timestamps { - tokensGeneratedSince := now.Add(-time.Duration(int64(i+1) * nsPerToken)) - if timestamp.AsTime().Before(tokensGeneratedSince) { - // We know `i+1` tokens were generated since `tokenGeneratedSince`, - // and only `i` certificates were issued, so there's room to allow - // for an additional issuance. - if overrideKey != "" { - utilization := float64(issuanceCount) / float64(threshold) - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.CertificatesPerFQDNSet, overrideKey).Set(utilization) - } - return nil - } - } - retryTime := prevIssuances.Timestamps[0].AsTime().Add(time.Duration(nsPerToken)) - retryAfter := retryTime.Sub(now) - return berrors.CertificatesPerFQDNSetError( - retryAfter, - "too many certificates (%d) already issued for this exact set of domains in the last %.0f hours: %s, retry after %s", - threshold, limit.Window.Duration.Hours(), strings.Join(names, ","), retryTime.Format(time.RFC3339), - ) - } -} - -func (ra *RegistrationAuthorityImpl) checkNewOrderLimits(ctx context.Context, names []string, regID int64, isRenewal bool) error { - newOrdersPerAccountLimits := ra.rlPolicies.NewOrdersPerAccount() - if newOrdersPerAccountLimits.Enabled() && !isRenewal { - started := ra.clk.Now() - err := ra.checkNewOrdersPerAccountLimit(ctx, regID, newOrdersPerAccountLimits) - elapsed := ra.clk.Since(started) - if err != nil { - if errors.Is(err, berrors.RateLimit) { - ra.rlCheckLatency.WithLabelValues(ratelimit.NewOrdersPerAccount, ratelimits.Denied).Observe(elapsed.Seconds()) - } - return err - } - ra.rlCheckLatency.WithLabelValues(ratelimit.NewOrdersPerAccount, ratelimits.Allowed).Observe(elapsed.Seconds()) - } - - certNameLimits := ra.rlPolicies.CertificatesPerName() - if certNameLimits.Enabled() && !isRenewal { - started := ra.clk.Now() - err := ra.checkCertificatesPerNameLimit(ctx, names, certNameLimits, regID) - elapsed := ra.clk.Since(started) - if err != nil { - if errors.Is(err, berrors.RateLimit) { - ra.rlCheckLatency.WithLabelValues(ratelimit.CertificatesPerName, ratelimits.Denied).Observe(elapsed.Seconds()) - } - return err - } - ra.rlCheckLatency.WithLabelValues(ratelimit.CertificatesPerName, ratelimits.Allowed).Observe(elapsed.Seconds()) - } - - fqdnLimitsFast := ra.rlPolicies.CertificatesPerFQDNSetFast() - if fqdnLimitsFast.Enabled() { - started := ra.clk.Now() - err := ra.checkCertificatesPerFQDNSetLimit(ctx, names, fqdnLimitsFast, regID) - elapsed := ra.clk.Since(started) - if err != nil { - if errors.Is(err, berrors.RateLimit) { - ra.rlCheckLatency.WithLabelValues(ratelimit.CertificatesPerFQDNSetFast, ratelimits.Denied).Observe(elapsed.Seconds()) - } - return err - } - ra.rlCheckLatency.WithLabelValues(ratelimit.CertificatesPerFQDNSetFast, ratelimits.Allowed).Observe(elapsed.Seconds()) - } - - fqdnLimits := ra.rlPolicies.CertificatesPerFQDNSet() - if fqdnLimits.Enabled() { - started := ra.clk.Now() - err := ra.checkCertificatesPerFQDNSetLimit(ctx, names, fqdnLimits, regID) - elapsed := ra.clk.Since(started) - if err != nil { - if errors.Is(err, berrors.RateLimit) { - ra.rlCheckLatency.WithLabelValues(ratelimit.CertificatesPerFQDNSet, ratelimits.Denied).Observe(elapsed.Seconds()) - } - return err - } - ra.rlCheckLatency.WithLabelValues(ratelimit.CertificatesPerFQDNSet, ratelimits.Allowed).Observe(elapsed.Seconds()) - } - - invalidAuthzPerAccountLimits := ra.rlPolicies.InvalidAuthorizationsPerAccount() - if invalidAuthzPerAccountLimits.Enabled() { - started := ra.clk.Now() - err := ra.checkInvalidAuthorizationLimits(ctx, regID, names, invalidAuthzPerAccountLimits) - elapsed := ra.clk.Since(started) - if err != nil { - if errors.Is(err, berrors.RateLimit) { - ra.rlCheckLatency.WithLabelValues(ratelimit.InvalidAuthorizationsPerAccount, ratelimits.Denied).Observe(elapsed.Seconds()) - } - return err - } - ra.rlCheckLatency.WithLabelValues(ratelimit.InvalidAuthorizationsPerAccount, ratelimits.Allowed).Observe(elapsed.Seconds()) - } - - return nil -} - // UpdateRegistration updates an existing Registration with new values. Caller // is responsible for making sure that update.Key is only different from base.Key // if it is being called from the WFE key change endpoint. @@ -1768,11 +1422,6 @@ func (ra *RegistrationAuthorityImpl) recordValidation(ctx context.Context, authI // countFailedValidations increments the FailedAuthorizationsPerDomainPerAccount limit. // and the FailedAuthorizationsForPausingPerDomainPerAccountTransaction limit. func (ra *RegistrationAuthorityImpl) countFailedValidations(ctx context.Context, regId int64, ident identifier.ACMEIdentifier) error { - if ra.limiter == nil || ra.txnBuilder == nil { - // Limiter is disabled. - return nil - } - txn, err := ra.txnBuilder.FailedAuthorizationsPerDomainPerAccountSpendOnlyTransaction(regId, ident.Value) if err != nil { return fmt.Errorf("building rate limit transaction for the %s rate limit: %w", ratelimits.FailedAuthorizationsPerDomainPerAccount, err) @@ -2581,15 +2230,6 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New } } - // Renewal orders, indicated by ARI, are exempt from NewOrder rate limits. - if !req.IsARIRenewal && !features.Get().UseKvLimitsForNewOrder { - // Check if there is rate limit space for issuing a certificate. - err = ra.checkNewOrderLimits(ctx, newOrder.DnsNames, newOrder.RegistrationID, req.IsRenewal) - if err != nil { - return nil, err - } - } - // An order's lifetime is effectively bound by the shortest remaining lifetime // of its associated authorizations. For that reason it would be Uncool if // `sa.GetAuthorizations` returned an authorization that was very close to @@ -2670,25 +2310,6 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New missingAuthzIdents = append(missingAuthzIdents, ident) } - // Renewal orders, indicated by ARI, are exempt from NewOrder rate limits. - if len(missingAuthzIdents) > 0 && !req.IsARIRenewal && !features.Get().UseKvLimitsForNewOrder { - pendingAuthzLimits := ra.rlPolicies.PendingAuthorizationsPerAccount() - if pendingAuthzLimits.Enabled() { - // The order isn't fully authorized we need to check that the client - // has rate limit room for more pending authorizations. - started := ra.clk.Now() - err := ra.checkPendingAuthorizationLimit(ctx, newOrder.RegistrationID, pendingAuthzLimits) - elapsed := ra.clk.Since(started) - if err != nil { - if errors.Is(err, berrors.RateLimit) { - ra.rlCheckLatency.WithLabelValues(ratelimit.PendingAuthorizationsPerAccount, ratelimits.Denied).Observe(elapsed.Seconds()) - } - return nil, err - } - ra.rlCheckLatency.WithLabelValues(ratelimit.PendingAuthorizationsPerAccount, ratelimits.Allowed).Observe(elapsed.Seconds()) - } - } - // Loop through each of the names missing authzs and create a new pending // authorization for each. var newAuthzs []*sapb.NewAuthzRequest diff --git a/ra/ra_test.go b/ra/ra_test.go index 143178e4ead..ca59ab9b559 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -7,7 +7,6 @@ import ( "crypto/elliptic" "crypto/rand" "crypto/rsa" - "crypto/sha256" "crypto/x509" "crypto/x509/pkix" "encoding/json" @@ -30,7 +29,6 @@ import ( ctpkix "github.com/google/certificate-transparency-go/x509/pkix" "github.com/jmhodges/clock" "github.com/prometheus/client_golang/prometheus" - "github.com/weppos/publicsuffix-go/publicsuffix" "golang.org/x/crypto/ocsp" "google.golang.org/grpc" "google.golang.org/grpc/codes" @@ -57,7 +55,6 @@ import ( "github.com/letsencrypt/boulder/policy" pubpb "github.com/letsencrypt/boulder/publisher/proto" rapb "github.com/letsencrypt/boulder/ra/proto" - "github.com/letsencrypt/boulder/ratelimit" "github.com/letsencrypt/boulder/ratelimits" "github.com/letsencrypt/boulder/sa" sapb "github.com/letsencrypt/boulder/sa/proto" @@ -1012,261 +1009,6 @@ func TestCertificateKeyNotEqualAccountKey(t *testing.T) { test.AssertEquals(t, err.Error(), "certificate public key must be different than account key") } -// mockInvalidAuthorizationsAuthority is a mock which claims that the given -// domain has one invalid authorization. -type mockInvalidAuthorizationsAuthority struct { - sapb.StorageAuthorityClient - domainWithFailures string -} - -func (sa *mockInvalidAuthorizationsAuthority) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest, _ ...grpc.CallOption) (*sapb.Count, error) { - if req.DnsName == sa.domainWithFailures { - return &sapb.Count{Count: 1}, nil - } else { - return &sapb.Count{}, nil - } -} - -func TestAuthzFailedRateLimitingNewOrder(t *testing.T) { - _, _, ra, _, _, cleanUp := initAuthorities(t) - defer cleanUp() - - txnBuilder, err := ratelimits.NewTransactionBuilder(ratelimits.LimitConfigs{ - ratelimits.FailedAuthorizationsForPausingPerDomainPerAccount.String(): &ratelimits.LimitConfig{ - Burst: 1, - Count: 1, - Period: config.Duration{Duration: time.Hour * 1}}, - }) - test.AssertNotError(t, err, "making transaction composer") - ra.txnBuilder = txnBuilder - - limit := ra.rlPolicies.InvalidAuthorizationsPerAccount() - ra.SA = &mockInvalidAuthorizationsAuthority{domainWithFailures: "all.i.do.is.lose.com"} - err = ra.checkInvalidAuthorizationLimits(ctx, Registration.Id, - []string{"charlie.brown.com", "all.i.do.is.lose.com"}, limit) - test.AssertError(t, err, "checkInvalidAuthorizationLimits did not encounter expected rate limit error") - test.AssertEquals(t, err.Error(), "too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/#authorization-failures-per-hostname-per-account") -} - -type mockSAWithNameCounts struct { - sapb.StorageAuthorityClient - nameCounts *sapb.CountByNames - t *testing.T - clk clock.FakeClock -} - -func (m *mockSAWithNameCounts) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest, _ ...grpc.CallOption) (*sapb.CountByNames, error) { - expectedLatest := m.clk.Now() - if req.Range.Latest.AsTime() != expectedLatest { - m.t.Errorf("incorrect latest: got '%v', expected '%v'", req.Range.Latest.AsTime(), expectedLatest) - } - expectedEarliest := m.clk.Now().Add(-23 * time.Hour) - if req.Range.Earliest.AsTime() != expectedEarliest { - m.t.Errorf("incorrect earliest: got '%v', expected '%v'", req.Range.Earliest.AsTime(), expectedEarliest) - } - counts := make(map[string]int64) - for _, name := range req.DnsNames { - if count, ok := m.nameCounts.Counts[name]; ok { - counts[name] = count - } - } - return &sapb.CountByNames{Counts: counts}, nil -} - -// FQDNSetExists is a mock which always returns false, so the test requests -// aren't considered to be renewals. -func (m *mockSAWithNameCounts) FQDNSetExists(ctx context.Context, req *sapb.FQDNSetExistsRequest, _ ...grpc.CallOption) (*sapb.Exists, error) { - return &sapb.Exists{Exists: false}, nil -} - -func TestCheckCertificatesPerNameLimit(t *testing.T) { - _, _, ra, _, fc, cleanUp := initAuthorities(t) - defer cleanUp() - - rlp := ratelimit.RateLimitPolicy{ - Threshold: 3, - Window: config.Duration{Duration: 23 * time.Hour}, - Overrides: map[string]int64{ - "bigissuer.com": 100, - "smallissuer.co.uk": 1, - }, - } - - mockSA := &mockSAWithNameCounts{ - nameCounts: &sapb.CountByNames{Counts: map[string]int64{"example.com": 1}}, - clk: fc, - t: t, - } - - ra.SA = mockSA - - // One base domain, below threshold - err := ra.checkCertificatesPerNameLimit(ctx, []string{"www.example.com", "example.com"}, rlp, 99) - test.AssertNotError(t, err, "rate limited example.com incorrectly") - - // Two base domains, one above threshold, one below - mockSA.nameCounts.Counts["example.com"] = 10 - mockSA.nameCounts.Counts["good-example.com"] = 1 - err = ra.checkCertificatesPerNameLimit(ctx, []string{"www.example.com", "example.com", "good-example.com"}, rlp, 99) - test.AssertError(t, err, "incorrectly failed to rate limit example.com") - test.AssertErrorIs(t, err, berrors.RateLimit) - // There are no overrides for "example.com", so the override usage gauge - // should contain 0 entries with labels matching it. - test.AssertMetricWithLabelsEquals(t, ra.rlOverrideUsageGauge, prometheus.Labels{"limit": ratelimit.CertificatesPerName, "override_key": "example.com"}, 0) - // Verify it has no sub errors as there is only one bad name - test.AssertEquals(t, err.Error(), "too many certificates already issued for \"example.com\". Retry after 1970-01-01T23:00:00Z: see https://letsencrypt.org/docs/rate-limits/#new-orders-per-account") - var bErr *berrors.BoulderError - test.AssertErrorWraps(t, err, &bErr) - test.AssertEquals(t, len(bErr.SubErrors), 0) - - // Three base domains, two above threshold, one below - mockSA.nameCounts.Counts["example.com"] = 10 - mockSA.nameCounts.Counts["other-example.com"] = 10 - mockSA.nameCounts.Counts["good-example.com"] = 1 - err = ra.checkCertificatesPerNameLimit(ctx, []string{"example.com", "other-example.com", "good-example.com"}, rlp, 99) - test.AssertError(t, err, "incorrectly failed to rate limit example.com, other-example.com") - test.AssertErrorIs(t, err, berrors.RateLimit) - // Verify it has two sub errors as there are two bad names - test.AssertEquals(t, err.Error(), "too many certificates already issued for multiple names (\"example.com\" and 2 others). Retry after 1970-01-01T23:00:00Z: see https://letsencrypt.org/docs/rate-limits/#new-orders-per-account") - test.AssertErrorWraps(t, err, &bErr) - test.AssertEquals(t, len(bErr.SubErrors), 2) - - // SA misbehaved and didn't send back a count for every input name - err = ra.checkCertificatesPerNameLimit(ctx, []string{"zombo.com", "www.example.com", "example.com"}, rlp, 99) - test.AssertError(t, err, "incorrectly failed to error on misbehaving SA") - - // Two base domains, one above threshold but with an override. - mockSA.nameCounts.Counts["example.com"] = 0 - mockSA.nameCounts.Counts["bigissuer.com"] = 50 - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.CertificatesPerName, "bigissuer.com").Set(.5) - err = ra.checkCertificatesPerNameLimit(ctx, []string{"www.example.com", "subdomain.bigissuer.com"}, rlp, 99) - test.AssertNotError(t, err, "incorrectly rate limited bigissuer") - // "bigissuer.com" has an override of 100 and they've issued 50. Accounting - // for the anticipated issuance, we expect to see 51% utilization. - test.AssertMetricWithLabelsEquals(t, ra.rlOverrideUsageGauge, prometheus.Labels{"limit": ratelimit.CertificatesPerName, "override_key": "bigissuer.com"}, .51) - - // Two base domains, one above its override - mockSA.nameCounts.Counts["example.com"] = 10 - mockSA.nameCounts.Counts["bigissuer.com"] = 100 - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.CertificatesPerName, "bigissuer.com").Set(1) - err = ra.checkCertificatesPerNameLimit(ctx, []string{"www.example.com", "subdomain.bigissuer.com"}, rlp, 99) - test.AssertError(t, err, "incorrectly failed to rate limit bigissuer") - test.AssertErrorIs(t, err, berrors.RateLimit) - // "bigissuer.com" has an override of 100 and they've issued 100. They're - // already at 100% utilization, so we expect to see 100% utilization. - test.AssertMetricWithLabelsEquals(t, ra.rlOverrideUsageGauge, prometheus.Labels{"limit": ratelimit.CertificatesPerName, "override_key": "bigissuer.com"}, 1) - - // One base domain, above its override (which is below threshold) - mockSA.nameCounts.Counts["smallissuer.co.uk"] = 1 - ra.rlOverrideUsageGauge.WithLabelValues(ratelimit.CertificatesPerName, "smallissuer.co.uk").Set(1) - err = ra.checkCertificatesPerNameLimit(ctx, []string{"www.smallissuer.co.uk"}, rlp, 99) - test.AssertError(t, err, "incorrectly failed to rate limit smallissuer") - test.AssertErrorIs(t, err, berrors.RateLimit) - // "smallissuer.co.uk" has an override of 1 and they've issued 1. They're - // already at 100% utilization, so we expect to see 100% utilization. - test.AssertMetricWithLabelsEquals(t, ra.rlOverrideUsageGauge, prometheus.Labels{"limit": ratelimit.CertificatesPerName, "override_key": "smallissuer.co.uk"}, 1) -} - -// TestCheckExactCertificateLimit tests that the duplicate certificate limit -// applied to FQDN sets is respected. -func TestCheckExactCertificateLimit(t *testing.T) { - _, _, ra, _, _, cleanUp := initAuthorities(t) - defer cleanUp() - - // Create a rate limit with a small threshold - const dupeCertLimit = 3 - rlp := ratelimit.RateLimitPolicy{ - Threshold: dupeCertLimit, - Window: config.Duration{Duration: 24 * time.Hour}, - } - - // Create a mock SA that has a count of already issued certificates for some - // test names - firstIssuanceTimestamp := ra.clk.Now().Add(-rlp.Window.Duration) - fITS2 := firstIssuanceTimestamp.Add(time.Hour * 23) - fITS3 := firstIssuanceTimestamp.Add(time.Hour * 16) - fITS4 := firstIssuanceTimestamp.Add(time.Hour * 8) - issuanceTimestampsNS := []int64{ - fITS2.UnixNano(), - fITS3.UnixNano(), - fITS4.UnixNano(), - firstIssuanceTimestamp.UnixNano(), - } - issuanceTimestamps := []*timestamppb.Timestamp{ - timestamppb.New(fITS2), - timestamppb.New(fITS3), - timestamppb.New(fITS4), - timestamppb.New(firstIssuanceTimestamp), - } - // Our window is 24 hours and our threshold is 3 issuance. If our most - // recent issuance was 1 hour ago, we expect the next token to be available - // 8 hours from issuance time or 7 hours from now. - expectRetryAfterNS := time.Unix(0, issuanceTimestampsNS[0]).Add(time.Hour * 8).Format(time.RFC3339) - expectRetryAfter := issuanceTimestamps[0].AsTime().Add(time.Hour * 8).Format(time.RFC3339) - test.AssertEquals(t, expectRetryAfterNS, expectRetryAfter) - ra.SA = &mockSAWithFQDNSet{ - issuanceTimestamps: map[string]*sapb.Timestamps{ - "none.example.com": {Timestamps: []*timestamppb.Timestamp{}}, - "under.example.com": {Timestamps: issuanceTimestamps[3:3]}, - "equalbutvalid.example.com": {Timestamps: issuanceTimestamps[1:3]}, - "over.example.com": {Timestamps: issuanceTimestamps[0:3]}, - }, - t: t, - } - - testCases := []struct { - Name string - Domain string - ExpectedErr error - }{ - { - Name: "FQDN set issuances none", - Domain: "none.example.com", - ExpectedErr: nil, - }, - { - Name: "FQDN set issuances less than limit", - Domain: "under.example.com", - ExpectedErr: nil, - }, - { - Name: "FQDN set issuances equal to limit", - Domain: "equalbutvalid.example.com", - ExpectedErr: nil, - }, - { - Name: "FQDN set issuances above limit NS", - Domain: "over.example.com", - ExpectedErr: fmt.Errorf( - "too many certificates (3) already issued for this exact set of domains in the last 24 hours: over.example.com, retry after %s: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames", - expectRetryAfterNS, - ), - }, - { - Name: "FQDN set issuances above limit", - Domain: "over.example.com", - ExpectedErr: fmt.Errorf( - "too many certificates (3) already issued for this exact set of domains in the last 24 hours: over.example.com, retry after %s: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames", - expectRetryAfter, - ), - }, - } - - // For each test case we check that the certificatesPerFQDNSetLimit is applied - // as we expect - for _, tc := range testCases { - t.Run(tc.Name, func(t *testing.T) { - result := ra.checkCertificatesPerFQDNSetLimit(ctx, []string{tc.Domain}, rlp, 0) - if tc.ExpectedErr == nil { - test.AssertNotError(t, result, fmt.Sprintf("Expected no error for %q", tc.Domain)) - } else { - test.AssertError(t, result, fmt.Sprintf("Expected error for %q", tc.Domain)) - test.AssertEquals(t, result.Error(), tc.ExpectedErr.Error()) - } - }) - } -} - func TestRegistrationUpdate(t *testing.T) { oldURL := "http://old.invalid" newURL := "http://new.invalid" @@ -1356,108 +1098,6 @@ func TestRegistrationKeyUpdate(t *testing.T) { test.AssertByteEquals(t, res.Key, update.Key) } -// A mockSAWithFQDNSet is a mock StorageAuthority that supports -// CountCertificatesByName as well as FQDNSetExists. This allows testing -// checkCertificatesPerNameRateLimit's FQDN exemption logic. -type mockSAWithFQDNSet struct { - sapb.StorageAuthorityClient - fqdnSet map[string]bool - issuanceTimestamps map[string]*sapb.Timestamps - - t *testing.T -} - -// Construct the FQDN Set key the same way as the SA (by using -// `core.UniqueLowerNames`, joining the names with a `,` and hashing them) -// but return a string so it can be used as a key in m.fqdnSet. -func (m mockSAWithFQDNSet) hashNames(names []string) string { - names = core.UniqueLowerNames(names) - hash := sha256.Sum256([]byte(strings.Join(names, ","))) - return string(hash[:]) -} - -// Search for a set of domain names in the FQDN set map -func (m mockSAWithFQDNSet) FQDNSetExists(_ context.Context, req *sapb.FQDNSetExistsRequest, _ ...grpc.CallOption) (*sapb.Exists, error) { - hash := m.hashNames(req.DnsNames) - if _, exists := m.fqdnSet[hash]; exists { - return &sapb.Exists{Exists: true}, nil - } - return &sapb.Exists{Exists: false}, nil -} - -// Return a map of domain -> certificate count. -func (m mockSAWithFQDNSet) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest, _ ...grpc.CallOption) (*sapb.CountByNames, error) { - counts := make(map[string]int64) - for _, name := range req.DnsNames { - entry, ok := m.issuanceTimestamps[name] - if ok { - counts[name] = int64(len(entry.Timestamps)) - } - } - return &sapb.CountByNames{Counts: counts}, nil -} - -func (m mockSAWithFQDNSet) FQDNSetTimestampsForWindow(_ context.Context, req *sapb.CountFQDNSetsRequest, _ ...grpc.CallOption) (*sapb.Timestamps, error) { - if len(req.DnsNames) == 1 { - return m.issuanceTimestamps[req.DnsNames[0]], nil - } else { - return nil, fmt.Errorf("FQDNSetTimestampsForWindow mock only supports a single domain") - } -} - -// TestExactPublicSuffixCertLimit tests the behaviour of issue #2681. -// See https://github.com/letsencrypt/boulder/issues/2681 -func TestExactPublicSuffixCertLimit(t *testing.T) { - _, _, ra, _, fc, cleanUp := initAuthorities(t) - defer cleanUp() - - // Simple policy that only allows 2 certificates per name. - certsPerNamePolicy := ratelimit.RateLimitPolicy{ - Threshold: 2, - Window: config.Duration{Duration: 23 * time.Hour}, - } - - // We use "dedyn.io" and "dynv6.net" domains for the test on the implicit - // assumption that both domains are present on the public suffix list. - // Quickly verify that this is true before continuing with the rest of the test. - _, err := publicsuffix.Domain("dedyn.io") - test.AssertError(t, err, "dedyn.io was not on the public suffix list, invaliding the test") - _, err = publicsuffix.Domain("dynv6.net") - test.AssertError(t, err, "dynv6.net was not on the public suffix list, invaliding the test") - - // Back the mock SA with counts as if so far we have issued the following - // certificates for the following domains: - // - test.dedyn.io (once) - // - test2.dedyn.io (once) - // - dynv6.net (twice) - mockSA := &mockSAWithNameCounts{ - nameCounts: &sapb.CountByNames{ - Counts: map[string]int64{ - "test.dedyn.io": 1, - "test2.dedyn.io": 1, - "test3.dedyn.io": 0, - "dedyn.io": 0, - "dynv6.net": 2, - }, - }, - clk: fc, - t: t, - } - ra.SA = mockSA - - // Trying to issue for "test3.dedyn.io" and "dedyn.io" should succeed because - // test3.dedyn.io has no certificates and "dedyn.io" is an exact public suffix - // match with no certificates issued for it. - err = ra.checkCertificatesPerNameLimit(ctx, []string{"test3.dedyn.io", "dedyn.io"}, certsPerNamePolicy, 99) - test.AssertNotError(t, err, "certificate per name rate limit not applied correctly") - - // Trying to issue for "test3.dedyn.io" and "dynv6.net" should fail because - // "dynv6.net" is an exact public suffix match with 2 certificates issued for - // it. - err = ra.checkCertificatesPerNameLimit(ctx, []string{"test3.dedyn.io", "dynv6.net"}, certsPerNamePolicy, 99) - test.AssertError(t, err, "certificate per name rate limit not applied correctly") -} - func TestDeactivateAuthorization(t *testing.T) { _, sa, ra, _, _, cleanUp := initAuthorities(t) defer cleanUp() diff --git a/ratelimit/rate-limits.go b/ratelimit/rate-limits.go deleted file mode 100644 index 812b723b208..00000000000 --- a/ratelimit/rate-limits.go +++ /dev/null @@ -1,237 +0,0 @@ -package ratelimit - -import ( - "strconv" - "time" - - "github.com/letsencrypt/boulder/config" - "github.com/letsencrypt/boulder/strictyaml" -) - -const ( - // CertificatesPerName is the name of the CertificatesPerName rate limit - // when referenced in metric labels. - CertificatesPerName = "certificates_per_domain" - - // RegistrationsPerIP is the name of the RegistrationsPerIP rate limit when - // referenced in metric labels. - RegistrationsPerIP = "registrations_per_ip" - - // RegistrationsPerIPRange is the name of the RegistrationsPerIPRange rate - // limit when referenced in metric labels. - RegistrationsPerIPRange = "registrations_per_ipv6_range" - - // PendingAuthorizationsPerAccount is the name of the - // PendingAuthorizationsPerAccount rate limit when referenced in metric - // labels. - PendingAuthorizationsPerAccount = "pending_authorizations_per_account" - - // InvalidAuthorizationsPerAccount is the name of the - // InvalidAuthorizationsPerAccount rate limit when referenced in metric - // labels. - InvalidAuthorizationsPerAccount = "failed_authorizations_per_account" - - // CertificatesPerFQDNSet is the name of the CertificatesPerFQDNSet rate - // limit when referenced in metric labels. - CertificatesPerFQDNSet = "certificates_per_fqdn_set" - - // CertificatesPerFQDNSetFast is the name of the CertificatesPerFQDNSetFast - // rate limit when referenced in metric labels. - CertificatesPerFQDNSetFast = "certificates_per_fqdn_set_fast" - - // NewOrdersPerAccount is the name of the NewOrdersPerAccount rate limit - // when referenced in metric labels. - NewOrdersPerAccount = "new_orders_per_account" -) - -// Limits is defined to allow mock implementations be provided during unit -// testing -type Limits interface { - CertificatesPerName() RateLimitPolicy - RegistrationsPerIP() RateLimitPolicy - RegistrationsPerIPRange() RateLimitPolicy - PendingAuthorizationsPerAccount() RateLimitPolicy - InvalidAuthorizationsPerAccount() RateLimitPolicy - CertificatesPerFQDNSet() RateLimitPolicy - CertificatesPerFQDNSetFast() RateLimitPolicy - NewOrdersPerAccount() RateLimitPolicy - LoadPolicies(contents []byte) error -} - -// limitsImpl is an unexported implementation of the Limits interface. It acts -// as a container for a rateLimitConfig. -type limitsImpl struct { - rlPolicy *rateLimitConfig -} - -func (r *limitsImpl) CertificatesPerName() RateLimitPolicy { - if r.rlPolicy == nil { - return RateLimitPolicy{} - } - return r.rlPolicy.CertificatesPerName -} - -func (r *limitsImpl) RegistrationsPerIP() RateLimitPolicy { - if r.rlPolicy == nil { - return RateLimitPolicy{} - } - return r.rlPolicy.RegistrationsPerIP -} - -func (r *limitsImpl) RegistrationsPerIPRange() RateLimitPolicy { - if r.rlPolicy == nil { - return RateLimitPolicy{} - } - return r.rlPolicy.RegistrationsPerIPRange -} - -func (r *limitsImpl) PendingAuthorizationsPerAccount() RateLimitPolicy { - if r.rlPolicy == nil { - return RateLimitPolicy{} - } - return r.rlPolicy.PendingAuthorizationsPerAccount -} - -func (r *limitsImpl) InvalidAuthorizationsPerAccount() RateLimitPolicy { - if r.rlPolicy == nil { - return RateLimitPolicy{} - } - return r.rlPolicy.InvalidAuthorizationsPerAccount -} - -func (r *limitsImpl) CertificatesPerFQDNSet() RateLimitPolicy { - if r.rlPolicy == nil { - return RateLimitPolicy{} - } - return r.rlPolicy.CertificatesPerFQDNSet -} - -func (r *limitsImpl) CertificatesPerFQDNSetFast() RateLimitPolicy { - if r.rlPolicy == nil { - return RateLimitPolicy{} - } - return r.rlPolicy.CertificatesPerFQDNSetFast -} - -func (r *limitsImpl) NewOrdersPerAccount() RateLimitPolicy { - if r.rlPolicy == nil { - return RateLimitPolicy{} - } - return r.rlPolicy.NewOrdersPerAccount -} - -// LoadPolicies loads various rate limiting policies from a byte array of -// YAML configuration. -func (r *limitsImpl) LoadPolicies(contents []byte) error { - var newPolicy rateLimitConfig - err := strictyaml.Unmarshal(contents, &newPolicy) - if err != nil { - return err - } - r.rlPolicy = &newPolicy - return nil -} - -func New() Limits { - return &limitsImpl{} -} - -// rateLimitConfig contains all application layer rate limiting policies. It is -// unexported and clients are expected to use the exported container struct -type rateLimitConfig struct { - // Number of certificates that can be extant containing any given name. - // These are counted by "base domain" aka eTLD+1, so any entries in the - // overrides section must be an eTLD+1 according to the publicsuffix package. - CertificatesPerName RateLimitPolicy `yaml:"certificatesPerName"` - // Number of registrations that can be created per IP. - // Note: Since this is checked before a registration is created, setting a - // RegistrationOverride on it has no effect. - RegistrationsPerIP RateLimitPolicy `yaml:"registrationsPerIP"` - // Number of registrations that can be created per fuzzy IP range. Unlike - // RegistrationsPerIP this will apply to a /48 for IPv6 addresses to help curb - // abuse from easily obtained IPv6 ranges. - // Note: Like RegistrationsPerIP, setting a RegistrationOverride has no - // effect here. - RegistrationsPerIPRange RateLimitPolicy `yaml:"registrationsPerIPRange"` - // Number of pending authorizations that can exist per account. Overrides by - // key are not applied, but overrides by registration are. - PendingAuthorizationsPerAccount RateLimitPolicy `yaml:"pendingAuthorizationsPerAccount"` - // Number of invalid authorizations that can be failed per account within the - // given window. Overrides by key are not applied, but overrides by registration are. - // Note that this limit is actually "per account, per hostname," but that - // is too long for the variable name. - InvalidAuthorizationsPerAccount RateLimitPolicy `yaml:"invalidAuthorizationsPerAccount"` - // Number of new orders that can be created per account within the given - // window. Overrides by key are not applied, but overrides by registration are. - NewOrdersPerAccount RateLimitPolicy `yaml:"newOrdersPerAccount"` - // Number of certificates that can be extant containing a specific set - // of DNS names. - CertificatesPerFQDNSet RateLimitPolicy `yaml:"certificatesPerFQDNSet"` - // Same as above, but intended to both trigger and reset faster (i.e. a - // lower threshold and smaller window), so that clients don't have to wait - // a long time after a small burst of accidental duplicate issuance. - CertificatesPerFQDNSetFast RateLimitPolicy `yaml:"certificatesPerFQDNSetFast"` -} - -// RateLimitPolicy describes a general limiting policy -type RateLimitPolicy struct { - // How long to count items for - Window config.Duration `yaml:"window"` - // The max number of items that can be present before triggering the rate - // limit. Zero means "no limit." - Threshold int64 `yaml:"threshold"` - // A per-key override setting different limits than the default (higher or lower). - // The key is defined on a per-limit basis and should match the key it counts on. - // For instance, a rate limit on the number of certificates per name uses name as - // a key, while a rate limit on the number of registrations per IP subnet would - // use subnet as a key. Note that a zero entry in the overrides map does not - // mean "no limit," it means a limit of zero. An entry of -1 means - // "no limit", only for the pending authorizations rate limit. - Overrides map[string]int64 `yaml:"overrides"` - // A per-registration override setting. This can be used, e.g. if there are - // hosting providers that we would like to grant a higher rate of issuance - // than the default. If both key-based and registration-based overrides are - // available, whichever is larger takes priority. Note that a zero entry in - // the overrides map does not mean "no limit", it means a limit of zero. - RegistrationOverrides map[int64]int64 `yaml:"registrationOverrides"` -} - -// Enabled returns true iff the RateLimitPolicy is enabled. -func (rlp *RateLimitPolicy) Enabled() bool { - return rlp.Threshold != 0 -} - -// GetThreshold returns the threshold for this rate limit and the override -// Id/Key if that threshold is the result of an override for the default limit, -// empty-string otherwise. The threshold returned takes into account any -// overrides for `key` or `regID`. If both `key` and `regID` have an override -// the largest of the two will be used. -func (rlp *RateLimitPolicy) GetThreshold(key string, regID int64) (int64, string) { - regOverride, regOverrideExists := rlp.RegistrationOverrides[regID] - keyOverride, keyOverrideExists := rlp.Overrides[key] - - if regOverrideExists && !keyOverrideExists { - // If there is a regOverride and no keyOverride use the regOverride - return regOverride, strconv.FormatInt(regID, 10) - } else if !regOverrideExists && keyOverrideExists { - // If there is a keyOverride and no regOverride use the keyOverride - return keyOverride, key - } else if regOverrideExists && keyOverrideExists { - // If there is both a regOverride and a keyOverride use whichever is larger. - if regOverride > keyOverride { - return regOverride, strconv.FormatInt(regID, 10) - } else { - return keyOverride, key - } - } - - // Otherwise there was no regOverride and no keyOverride, use the base - // Threshold - return rlp.Threshold, "" -} - -// WindowBegin returns the time that a RateLimitPolicy's window begins, given a -// particular end time (typically the current time). -func (rlp *RateLimitPolicy) WindowBegin(windowEnd time.Time) time.Time { - return windowEnd.Add(-1 * rlp.Window.Duration) -} diff --git a/ratelimit/rate-limits_test.go b/ratelimit/rate-limits_test.go deleted file mode 100644 index d264e14286b..00000000000 --- a/ratelimit/rate-limits_test.go +++ /dev/null @@ -1,187 +0,0 @@ -package ratelimit - -import ( - "os" - "testing" - "time" - - "github.com/letsencrypt/boulder/config" - "github.com/letsencrypt/boulder/test" -) - -func TestEnabled(t *testing.T) { - policy := RateLimitPolicy{ - Threshold: 10, - } - if !policy.Enabled() { - t.Errorf("Policy should have been enabled.") - } -} - -func TestNotEnabled(t *testing.T) { - policy := RateLimitPolicy{ - Threshold: 0, - } - if policy.Enabled() { - t.Errorf("Policy should not have been enabled.") - } -} - -func TestGetThreshold(t *testing.T) { - policy := RateLimitPolicy{ - Threshold: 1, - Overrides: map[string]int64{ - "key": 2, - "baz": 99, - }, - RegistrationOverrides: map[int64]int64{ - 101: 3, - }, - } - - testCases := []struct { - Name string - Key string - RegID int64 - Expected int64 - }{ - - { - Name: "No key or reg overrides", - Key: "foo", - RegID: 11, - Expected: 1, - }, - { - Name: "Key override, no reg override", - Key: "key", - RegID: 11, - Expected: 2, - }, - { - Name: "No key override, reg override", - Key: "foo", - RegID: 101, - Expected: 3, - }, - { - Name: "Key override, larger reg override", - Key: "foo", - RegID: 101, - Expected: 3, - }, - { - Name: "Key override, smaller reg override", - Key: "baz", - RegID: 101, - Expected: 99, - }, - } - - for _, tc := range testCases { - t.Run(tc.Name, func(t *testing.T) { - threshold, _ := policy.GetThreshold(tc.Key, tc.RegID) - test.AssertEquals(t, - threshold, - tc.Expected) - }) - } -} - -func TestWindowBegin(t *testing.T) { - policy := RateLimitPolicy{ - Window: config.Duration{Duration: 24 * time.Hour}, - } - now := time.Date(2015, 9, 22, 0, 0, 0, 0, time.UTC) - expected := time.Date(2015, 9, 21, 0, 0, 0, 0, time.UTC) - actual := policy.WindowBegin(now) - if actual != expected { - t.Errorf("Incorrect WindowBegin: %s, expected %s", actual, expected) - } -} - -func TestLoadPolicies(t *testing.T) { - policy := New() - - policyContent, readErr := os.ReadFile("../test/rate-limit-policies.yml") - test.AssertNotError(t, readErr, "Failed to load rate-limit-policies.yml") - - // Test that loading a good policy from YAML doesn't error - err := policy.LoadPolicies(policyContent) - test.AssertNotError(t, err, "Failed to parse rate-limit-policies.yml") - - // Test that the CertificatesPerName section parsed correctly - certsPerName := policy.CertificatesPerName() - test.AssertEquals(t, certsPerName.Threshold, int64(2)) - test.AssertDeepEquals(t, certsPerName.Overrides, map[string]int64{ - "ratelimit.me": 1, - "lim.it": 0, - "le.wtf": 10000, - "le1.wtf": 10000, - "le2.wtf": 10000, - "le3.wtf": 10000, - "nginx.wtf": 10000, - "good-caa-reserved.com": 10000, - "bad-caa-reserved.com": 10000, - "ecdsa.le.wtf": 10000, - "must-staple.le.wtf": 10000, - }) - test.AssertDeepEquals(t, certsPerName.RegistrationOverrides, map[int64]int64{ - 101: 1000, - }) - - // Test that the RegistrationsPerIP section parsed correctly - regsPerIP := policy.RegistrationsPerIP() - test.AssertEquals(t, regsPerIP.Threshold, int64(10000)) - test.AssertDeepEquals(t, regsPerIP.Overrides, map[string]int64{ - "127.0.0.1": 1000000, - }) - test.AssertEquals(t, len(regsPerIP.RegistrationOverrides), 0) - - // Test that the PendingAuthorizationsPerAccount section parsed correctly - pendingAuthsPerAcct := policy.PendingAuthorizationsPerAccount() - test.AssertEquals(t, pendingAuthsPerAcct.Threshold, int64(150)) - test.AssertEquals(t, len(pendingAuthsPerAcct.Overrides), 0) - test.AssertEquals(t, len(pendingAuthsPerAcct.RegistrationOverrides), 0) - - // Test that the CertificatesPerFQDN section parsed correctly - certsPerFQDN := policy.CertificatesPerFQDNSet() - test.AssertEquals(t, certsPerFQDN.Threshold, int64(6)) - test.AssertDeepEquals(t, certsPerFQDN.Overrides, map[string]int64{ - "le.wtf": 10000, - "le1.wtf": 10000, - "le2.wtf": 10000, - "le3.wtf": 10000, - "le.wtf,le1.wtf": 10000, - "good-caa-reserved.com": 10000, - "nginx.wtf": 10000, - "ecdsa.le.wtf": 10000, - "must-staple.le.wtf": 10000, - }) - test.AssertEquals(t, len(certsPerFQDN.RegistrationOverrides), 0) - certsPerFQDNFast := policy.CertificatesPerFQDNSetFast() - test.AssertEquals(t, certsPerFQDNFast.Threshold, int64(2)) - test.AssertDeepEquals(t, certsPerFQDNFast.Overrides, map[string]int64{ - "le.wtf": 100, - }) - test.AssertEquals(t, len(certsPerFQDNFast.RegistrationOverrides), 0) - - // Test that loading invalid YAML generates an error - err = policy.LoadPolicies([]byte("err")) - test.AssertError(t, err, "Failed to generate error loading invalid yaml policy file") - // Re-check a field of policy to make sure a LoadPolicies error doesn't - // corrupt the existing policies - test.AssertDeepEquals(t, policy.RegistrationsPerIP().Overrides, map[string]int64{ - "127.0.0.1": 1000000, - }) - - // Test that the RateLimitConfig accessors do not panic when there has been no - // `LoadPolicy` call, and instead return empty RateLimitPolicy objects with default - // values. - emptyPolicy := New() - test.AssertEquals(t, emptyPolicy.CertificatesPerName().Threshold, int64(0)) - test.AssertEquals(t, emptyPolicy.RegistrationsPerIP().Threshold, int64(0)) - test.AssertEquals(t, emptyPolicy.RegistrationsPerIP().Threshold, int64(0)) - test.AssertEquals(t, emptyPolicy.PendingAuthorizationsPerAccount().Threshold, int64(0)) - test.AssertEquals(t, emptyPolicy.CertificatesPerFQDNSet().Threshold, int64(0)) -} diff --git a/sa/db-next/boulder_sa/20241218000000_RemoveOldRateLimitTables.sql b/sa/db-next/boulder_sa/20241218000000_RemoveOldRateLimitTables.sql new file mode 100644 index 00000000000..efd9cc9616f --- /dev/null +++ b/sa/db-next/boulder_sa/20241218000000_RemoveOldRateLimitTables.sql @@ -0,0 +1,27 @@ +-- +migrate Up + +DROP TABLE certificatesPerName; +DROP TABLE newOrdersRL; + +-- +migrate Down + +DROP TABLE certificatesPerName; +DROP TABLE newOrdersRL; + +CREATE TABLE `certificatesPerName` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `eTLDPlusOne` varchar(255) NOT NULL, + `time` datetime NOT NULL, + `count` int(11) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `eTLDPlusOne_time_idx` (`eTLDPlusOne`,`time`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +CREATE TABLE `newOrdersRL` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `regID` bigint(20) NOT NULL, + `time` datetime NOT NULL, + `count` int(11) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `regID_time_idx` (`regID`,`time`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; diff --git a/sa/db-users/boulder_sa.sql b/sa/db-users/boulder_sa.sql index 544f526204e..396aa1aa0d7 100644 --- a/sa/db-users/boulder_sa.sql +++ b/sa/db-users/boulder_sa.sql @@ -18,7 +18,6 @@ CREATE USER IF NOT EXISTS 'proxysql'@'localhost'; GRANT SELECT,INSERT ON certificates TO 'sa'@'localhost'; GRANT SELECT,INSERT,UPDATE ON certificateStatus TO 'sa'@'localhost'; GRANT SELECT,INSERT ON issuedNames TO 'sa'@'localhost'; -GRANT SELECT,INSERT,UPDATE ON certificatesPerName TO 'sa'@'localhost'; GRANT SELECT,INSERT,UPDATE ON registrations TO 'sa'@'localhost'; GRANT SELECT,INSERT on fqdnSets TO 'sa'@'localhost'; GRANT SELECT,INSERT,UPDATE ON orders TO 'sa'@'localhost'; @@ -29,7 +28,6 @@ GRANT INSERT,SELECT ON serials TO 'sa'@'localhost'; GRANT SELECT,INSERT ON precertificates TO 'sa'@'localhost'; GRANT SELECT,INSERT ON keyHashToSerial TO 'sa'@'localhost'; GRANT SELECT,INSERT ON blockedKeys TO 'sa'@'localhost'; -GRANT SELECT,INSERT,UPDATE ON newOrdersRL TO 'sa'@'localhost'; GRANT SELECT ON incidents TO 'sa'@'localhost'; GRANT SELECT,INSERT,UPDATE ON crlShards TO 'sa'@'localhost'; GRANT SELECT,INSERT,UPDATE ON revokedCertificates TO 'sa'@'localhost'; @@ -40,7 +38,6 @@ GRANT SELECT,INSERT,UPDATE,DROP ON paused TO 'sa'@'localhost'; GRANT SELECT ON certificates TO 'sa_ro'@'localhost'; GRANT SELECT ON certificateStatus TO 'sa_ro'@'localhost'; GRANT SELECT ON issuedNames TO 'sa_ro'@'localhost'; -GRANT SELECT ON certificatesPerName TO 'sa_ro'@'localhost'; GRANT SELECT ON registrations TO 'sa_ro'@'localhost'; GRANT SELECT on fqdnSets TO 'sa_ro'@'localhost'; GRANT SELECT ON orders TO 'sa_ro'@'localhost'; @@ -51,7 +48,6 @@ GRANT SELECT ON serials TO 'sa_ro'@'localhost'; GRANT SELECT ON precertificates TO 'sa_ro'@'localhost'; GRANT SELECT ON keyHashToSerial TO 'sa_ro'@'localhost'; GRANT SELECT ON blockedKeys TO 'sa_ro'@'localhost'; -GRANT SELECT ON newOrdersRL TO 'sa_ro'@'localhost'; GRANT SELECT ON incidents TO 'sa_ro'@'localhost'; GRANT SELECT ON crlShards TO 'sa_ro'@'localhost'; GRANT SELECT ON revokedCertificates TO 'sa_ro'@'localhost'; diff --git a/sa/proto/sa.pb.go b/sa/proto/sa.pb.go index c8b42859f3e..1997a91a1b5 100644 --- a/sa/proto/sa.pb.go +++ b/sa/proto/sa.pb.go @@ -497,116 +497,6 @@ func (x *Timestamps) GetTimestamps() []*timestamppb.Timestamp { return nil } -type CountCertificatesByNamesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Range *Range `protobuf:"bytes,1,opt,name=range,proto3" json:"range,omitempty"` - DnsNames []string `protobuf:"bytes,2,rep,name=dnsNames,proto3" json:"dnsNames,omitempty"` -} - -func (x *CountCertificatesByNamesRequest) Reset() { - *x = CountCertificatesByNamesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CountCertificatesByNamesRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CountCertificatesByNamesRequest) ProtoMessage() {} - -func (x *CountCertificatesByNamesRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CountCertificatesByNamesRequest.ProtoReflect.Descriptor instead. -func (*CountCertificatesByNamesRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{9} -} - -func (x *CountCertificatesByNamesRequest) GetRange() *Range { - if x != nil { - return x.Range - } - return nil -} - -func (x *CountCertificatesByNamesRequest) GetDnsNames() []string { - if x != nil { - return x.DnsNames - } - return nil -} - -type CountByNames struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Counts map[string]int64 `protobuf:"bytes,1,rep,name=counts,proto3" json:"counts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` - Earliest *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=earliest,proto3" json:"earliest,omitempty"` // Unix timestamp (nanoseconds) -} - -func (x *CountByNames) Reset() { - *x = CountByNames{} - if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CountByNames) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CountByNames) ProtoMessage() {} - -func (x *CountByNames) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CountByNames.ProtoReflect.Descriptor instead. -func (*CountByNames) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{10} -} - -func (x *CountByNames) GetCounts() map[string]int64 { - if x != nil { - return x.Counts - } - return nil -} - -func (x *CountByNames) GetEarliest() *timestamppb.Timestamp { - if x != nil { - return x.Earliest - } - return nil -} - type CountInvalidAuthorizationsRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -621,7 +511,7 @@ type CountInvalidAuthorizationsRequest struct { func (x *CountInvalidAuthorizationsRequest) Reset() { *x = CountInvalidAuthorizationsRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[11] + mi := &file_sa_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -634,7 +524,7 @@ func (x *CountInvalidAuthorizationsRequest) String() string { func (*CountInvalidAuthorizationsRequest) ProtoMessage() {} func (x *CountInvalidAuthorizationsRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[11] + mi := &file_sa_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -647,7 +537,7 @@ func (x *CountInvalidAuthorizationsRequest) ProtoReflect() protoreflect.Message // Deprecated: Use CountInvalidAuthorizationsRequest.ProtoReflect.Descriptor instead. func (*CountInvalidAuthorizationsRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{11} + return file_sa_proto_rawDescGZIP(), []int{9} } func (x *CountInvalidAuthorizationsRequest) GetRegistrationID() int64 { @@ -671,61 +561,6 @@ func (x *CountInvalidAuthorizationsRequest) GetRange() *Range { return nil } -type CountOrdersRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - AccountID int64 `protobuf:"varint,1,opt,name=accountID,proto3" json:"accountID,omitempty"` - Range *Range `protobuf:"bytes,2,opt,name=range,proto3" json:"range,omitempty"` -} - -func (x *CountOrdersRequest) Reset() { - *x = CountOrdersRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CountOrdersRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CountOrdersRequest) ProtoMessage() {} - -func (x *CountOrdersRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CountOrdersRequest.ProtoReflect.Descriptor instead. -func (*CountOrdersRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{12} -} - -func (x *CountOrdersRequest) GetAccountID() int64 { - if x != nil { - return x.AccountID - } - return 0 -} - -func (x *CountOrdersRequest) GetRange() *Range { - if x != nil { - return x.Range - } - return nil -} - type CountFQDNSetsRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -739,7 +574,7 @@ type CountFQDNSetsRequest struct { func (x *CountFQDNSetsRequest) Reset() { *x = CountFQDNSetsRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[13] + mi := &file_sa_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -752,7 +587,7 @@ func (x *CountFQDNSetsRequest) String() string { func (*CountFQDNSetsRequest) ProtoMessage() {} func (x *CountFQDNSetsRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[13] + mi := &file_sa_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -765,7 +600,7 @@ func (x *CountFQDNSetsRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CountFQDNSetsRequest.ProtoReflect.Descriptor instead. func (*CountFQDNSetsRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{13} + return file_sa_proto_rawDescGZIP(), []int{10} } func (x *CountFQDNSetsRequest) GetDnsNames() []string { @@ -800,7 +635,7 @@ type FQDNSetExistsRequest struct { func (x *FQDNSetExistsRequest) Reset() { *x = FQDNSetExistsRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[14] + mi := &file_sa_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -813,7 +648,7 @@ func (x *FQDNSetExistsRequest) String() string { func (*FQDNSetExistsRequest) ProtoMessage() {} func (x *FQDNSetExistsRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[14] + mi := &file_sa_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -826,7 +661,7 @@ func (x *FQDNSetExistsRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use FQDNSetExistsRequest.ProtoReflect.Descriptor instead. func (*FQDNSetExistsRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{14} + return file_sa_proto_rawDescGZIP(), []int{11} } func (x *FQDNSetExistsRequest) GetDnsNames() []string { @@ -847,7 +682,7 @@ type Exists struct { func (x *Exists) Reset() { *x = Exists{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[15] + mi := &file_sa_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -860,7 +695,7 @@ func (x *Exists) String() string { func (*Exists) ProtoMessage() {} func (x *Exists) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[15] + mi := &file_sa_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -873,7 +708,7 @@ func (x *Exists) ProtoReflect() protoreflect.Message { // Deprecated: Use Exists.ProtoReflect.Descriptor instead. func (*Exists) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{15} + return file_sa_proto_rawDescGZIP(), []int{12} } func (x *Exists) GetExists() bool { @@ -898,7 +733,7 @@ type AddSerialRequest struct { func (x *AddSerialRequest) Reset() { *x = AddSerialRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[16] + mi := &file_sa_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -911,7 +746,7 @@ func (x *AddSerialRequest) String() string { func (*AddSerialRequest) ProtoMessage() {} func (x *AddSerialRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[16] + mi := &file_sa_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -924,7 +759,7 @@ func (x *AddSerialRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use AddSerialRequest.ProtoReflect.Descriptor instead. func (*AddSerialRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{16} + return file_sa_proto_rawDescGZIP(), []int{13} } func (x *AddSerialRequest) GetRegID() int64 { @@ -984,7 +819,7 @@ type AddCertificateRequest struct { func (x *AddCertificateRequest) Reset() { *x = AddCertificateRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[17] + mi := &file_sa_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -997,7 +832,7 @@ func (x *AddCertificateRequest) String() string { func (*AddCertificateRequest) ProtoMessage() {} func (x *AddCertificateRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[17] + mi := &file_sa_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1010,7 +845,7 @@ func (x *AddCertificateRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use AddCertificateRequest.ProtoReflect.Descriptor instead. func (*AddCertificateRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{17} + return file_sa_proto_rawDescGZIP(), []int{14} } func (x *AddCertificateRequest) GetDer() []byte { @@ -1059,7 +894,7 @@ type OrderRequest struct { func (x *OrderRequest) Reset() { *x = OrderRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[18] + mi := &file_sa_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1072,7 +907,7 @@ func (x *OrderRequest) String() string { func (*OrderRequest) ProtoMessage() {} func (x *OrderRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[18] + mi := &file_sa_proto_msgTypes[15] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1085,7 +920,7 @@ func (x *OrderRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use OrderRequest.ProtoReflect.Descriptor instead. func (*OrderRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{18} + return file_sa_proto_rawDescGZIP(), []int{15} } func (x *OrderRequest) GetId() int64 { @@ -1112,7 +947,7 @@ type NewOrderRequest struct { func (x *NewOrderRequest) Reset() { *x = NewOrderRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[19] + mi := &file_sa_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1125,7 +960,7 @@ func (x *NewOrderRequest) String() string { func (*NewOrderRequest) ProtoMessage() {} func (x *NewOrderRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[19] + mi := &file_sa_proto_msgTypes[16] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1138,7 +973,7 @@ func (x *NewOrderRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use NewOrderRequest.ProtoReflect.Descriptor instead. func (*NewOrderRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{19} + return file_sa_proto_rawDescGZIP(), []int{16} } func (x *NewOrderRequest) GetRegistrationID() int64 { @@ -1201,7 +1036,7 @@ type NewAuthzRequest struct { func (x *NewAuthzRequest) Reset() { *x = NewAuthzRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[20] + mi := &file_sa_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1214,7 +1049,7 @@ func (x *NewAuthzRequest) String() string { func (*NewAuthzRequest) ProtoMessage() {} func (x *NewAuthzRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[20] + mi := &file_sa_proto_msgTypes[17] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1227,7 +1062,7 @@ func (x *NewAuthzRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use NewAuthzRequest.ProtoReflect.Descriptor instead. func (*NewAuthzRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{20} + return file_sa_proto_rawDescGZIP(), []int{17} } func (x *NewAuthzRequest) GetIdentifier() *proto.Identifier { @@ -1277,7 +1112,7 @@ type NewOrderAndAuthzsRequest struct { func (x *NewOrderAndAuthzsRequest) Reset() { *x = NewOrderAndAuthzsRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[21] + mi := &file_sa_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1290,7 +1125,7 @@ func (x *NewOrderAndAuthzsRequest) String() string { func (*NewOrderAndAuthzsRequest) ProtoMessage() {} func (x *NewOrderAndAuthzsRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[21] + mi := &file_sa_proto_msgTypes[18] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1303,7 +1138,7 @@ func (x *NewOrderAndAuthzsRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use NewOrderAndAuthzsRequest.ProtoReflect.Descriptor instead. func (*NewOrderAndAuthzsRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{21} + return file_sa_proto_rawDescGZIP(), []int{18} } func (x *NewOrderAndAuthzsRequest) GetNewOrder() *NewOrderRequest { @@ -1332,7 +1167,7 @@ type SetOrderErrorRequest struct { func (x *SetOrderErrorRequest) Reset() { *x = SetOrderErrorRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[22] + mi := &file_sa_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1345,7 +1180,7 @@ func (x *SetOrderErrorRequest) String() string { func (*SetOrderErrorRequest) ProtoMessage() {} func (x *SetOrderErrorRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[22] + mi := &file_sa_proto_msgTypes[19] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1358,7 +1193,7 @@ func (x *SetOrderErrorRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use SetOrderErrorRequest.ProtoReflect.Descriptor instead. func (*SetOrderErrorRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{22} + return file_sa_proto_rawDescGZIP(), []int{19} } func (x *SetOrderErrorRequest) GetId() int64 { @@ -1387,7 +1222,7 @@ type GetValidOrderAuthorizationsRequest struct { func (x *GetValidOrderAuthorizationsRequest) Reset() { *x = GetValidOrderAuthorizationsRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[23] + mi := &file_sa_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1400,7 +1235,7 @@ func (x *GetValidOrderAuthorizationsRequest) String() string { func (*GetValidOrderAuthorizationsRequest) ProtoMessage() {} func (x *GetValidOrderAuthorizationsRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[23] + mi := &file_sa_proto_msgTypes[20] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1413,7 +1248,7 @@ func (x *GetValidOrderAuthorizationsRequest) ProtoReflect() protoreflect.Message // Deprecated: Use GetValidOrderAuthorizationsRequest.ProtoReflect.Descriptor instead. func (*GetValidOrderAuthorizationsRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{23} + return file_sa_proto_rawDescGZIP(), []int{20} } func (x *GetValidOrderAuthorizationsRequest) GetId() int64 { @@ -1442,7 +1277,7 @@ type GetOrderForNamesRequest struct { func (x *GetOrderForNamesRequest) Reset() { *x = GetOrderForNamesRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[24] + mi := &file_sa_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1455,7 +1290,7 @@ func (x *GetOrderForNamesRequest) String() string { func (*GetOrderForNamesRequest) ProtoMessage() {} func (x *GetOrderForNamesRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[24] + mi := &file_sa_proto_msgTypes[21] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1468,7 +1303,7 @@ func (x *GetOrderForNamesRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetOrderForNamesRequest.ProtoReflect.Descriptor instead. func (*GetOrderForNamesRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{24} + return file_sa_proto_rawDescGZIP(), []int{21} } func (x *GetOrderForNamesRequest) GetAcctID() int64 { @@ -1497,7 +1332,7 @@ type FinalizeOrderRequest struct { func (x *FinalizeOrderRequest) Reset() { *x = FinalizeOrderRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[25] + mi := &file_sa_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1510,7 +1345,7 @@ func (x *FinalizeOrderRequest) String() string { func (*FinalizeOrderRequest) ProtoMessage() {} func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[25] + mi := &file_sa_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1523,7 +1358,7 @@ func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use FinalizeOrderRequest.ProtoReflect.Descriptor instead. func (*FinalizeOrderRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{25} + return file_sa_proto_rawDescGZIP(), []int{22} } func (x *FinalizeOrderRequest) GetId() int64 { @@ -1554,7 +1389,7 @@ type GetAuthorizationsRequest struct { func (x *GetAuthorizationsRequest) Reset() { *x = GetAuthorizationsRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[26] + mi := &file_sa_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1567,7 +1402,7 @@ func (x *GetAuthorizationsRequest) String() string { func (*GetAuthorizationsRequest) ProtoMessage() {} func (x *GetAuthorizationsRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[26] + mi := &file_sa_proto_msgTypes[23] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1580,7 +1415,7 @@ func (x *GetAuthorizationsRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetAuthorizationsRequest.ProtoReflect.Descriptor instead. func (*GetAuthorizationsRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{26} + return file_sa_proto_rawDescGZIP(), []int{23} } func (x *GetAuthorizationsRequest) GetRegistrationID() int64 { @@ -1615,7 +1450,7 @@ type Authorizations struct { func (x *Authorizations) Reset() { *x = Authorizations{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[27] + mi := &file_sa_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1628,7 +1463,7 @@ func (x *Authorizations) String() string { func (*Authorizations) ProtoMessage() {} func (x *Authorizations) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[27] + mi := &file_sa_proto_msgTypes[24] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1641,7 +1476,7 @@ func (x *Authorizations) ProtoReflect() protoreflect.Message { // Deprecated: Use Authorizations.ProtoReflect.Descriptor instead. func (*Authorizations) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{27} + return file_sa_proto_rawDescGZIP(), []int{24} } func (x *Authorizations) GetAuthzs() []*proto.Authorization { @@ -1662,7 +1497,7 @@ type AuthorizationIDs struct { func (x *AuthorizationIDs) Reset() { *x = AuthorizationIDs{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[28] + mi := &file_sa_proto_msgTypes[25] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1675,7 +1510,7 @@ func (x *AuthorizationIDs) String() string { func (*AuthorizationIDs) ProtoMessage() {} func (x *AuthorizationIDs) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[28] + mi := &file_sa_proto_msgTypes[25] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1688,7 +1523,7 @@ func (x *AuthorizationIDs) ProtoReflect() protoreflect.Message { // Deprecated: Use AuthorizationIDs.ProtoReflect.Descriptor instead. func (*AuthorizationIDs) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{28} + return file_sa_proto_rawDescGZIP(), []int{25} } func (x *AuthorizationIDs) GetIds() []string { @@ -1709,7 +1544,7 @@ type AuthorizationID2 struct { func (x *AuthorizationID2) Reset() { *x = AuthorizationID2{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[29] + mi := &file_sa_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1722,7 +1557,7 @@ func (x *AuthorizationID2) String() string { func (*AuthorizationID2) ProtoMessage() {} func (x *AuthorizationID2) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[29] + mi := &file_sa_proto_msgTypes[26] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1735,7 +1570,7 @@ func (x *AuthorizationID2) ProtoReflect() protoreflect.Message { // Deprecated: Use AuthorizationID2.ProtoReflect.Descriptor instead. func (*AuthorizationID2) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{29} + return file_sa_proto_rawDescGZIP(), []int{26} } func (x *AuthorizationID2) GetId() int64 { @@ -1763,7 +1598,7 @@ type RevokeCertificateRequest struct { func (x *RevokeCertificateRequest) Reset() { *x = RevokeCertificateRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[30] + mi := &file_sa_proto_msgTypes[27] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1776,7 +1611,7 @@ func (x *RevokeCertificateRequest) String() string { func (*RevokeCertificateRequest) ProtoMessage() {} func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[30] + mi := &file_sa_proto_msgTypes[27] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1789,7 +1624,7 @@ func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeCertificateRequest.ProtoReflect.Descriptor instead. func (*RevokeCertificateRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{30} + return file_sa_proto_rawDescGZIP(), []int{27} } func (x *RevokeCertificateRequest) GetSerial() string { @@ -1859,7 +1694,7 @@ type FinalizeAuthorizationRequest struct { func (x *FinalizeAuthorizationRequest) Reset() { *x = FinalizeAuthorizationRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[31] + mi := &file_sa_proto_msgTypes[28] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1872,7 +1707,7 @@ func (x *FinalizeAuthorizationRequest) String() string { func (*FinalizeAuthorizationRequest) ProtoMessage() {} func (x *FinalizeAuthorizationRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[31] + mi := &file_sa_proto_msgTypes[28] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1885,7 +1720,7 @@ func (x *FinalizeAuthorizationRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use FinalizeAuthorizationRequest.ProtoReflect.Descriptor instead. func (*FinalizeAuthorizationRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{31} + return file_sa_proto_rawDescGZIP(), []int{28} } func (x *FinalizeAuthorizationRequest) GetId() int64 { @@ -1953,7 +1788,7 @@ type AddBlockedKeyRequest struct { func (x *AddBlockedKeyRequest) Reset() { *x = AddBlockedKeyRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[32] + mi := &file_sa_proto_msgTypes[29] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1966,7 +1801,7 @@ func (x *AddBlockedKeyRequest) String() string { func (*AddBlockedKeyRequest) ProtoMessage() {} func (x *AddBlockedKeyRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[32] + mi := &file_sa_proto_msgTypes[29] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1979,7 +1814,7 @@ func (x *AddBlockedKeyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use AddBlockedKeyRequest.ProtoReflect.Descriptor instead. func (*AddBlockedKeyRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{32} + return file_sa_proto_rawDescGZIP(), []int{29} } func (x *AddBlockedKeyRequest) GetKeyHash() []byte { @@ -2028,7 +1863,7 @@ type SPKIHash struct { func (x *SPKIHash) Reset() { *x = SPKIHash{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[33] + mi := &file_sa_proto_msgTypes[30] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2041,7 +1876,7 @@ func (x *SPKIHash) String() string { func (*SPKIHash) ProtoMessage() {} func (x *SPKIHash) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[33] + mi := &file_sa_proto_msgTypes[30] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2054,7 +1889,7 @@ func (x *SPKIHash) ProtoReflect() protoreflect.Message { // Deprecated: Use SPKIHash.ProtoReflect.Descriptor instead. func (*SPKIHash) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{33} + return file_sa_proto_rawDescGZIP(), []int{30} } func (x *SPKIHash) GetKeyHash() []byte { @@ -2080,7 +1915,7 @@ type Incident struct { func (x *Incident) Reset() { *x = Incident{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[34] + mi := &file_sa_proto_msgTypes[31] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2093,7 +1928,7 @@ func (x *Incident) String() string { func (*Incident) ProtoMessage() {} func (x *Incident) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[34] + mi := &file_sa_proto_msgTypes[31] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2106,7 +1941,7 @@ func (x *Incident) ProtoReflect() protoreflect.Message { // Deprecated: Use Incident.ProtoReflect.Descriptor instead. func (*Incident) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{34} + return file_sa_proto_rawDescGZIP(), []int{31} } func (x *Incident) GetId() int64 { @@ -2155,7 +1990,7 @@ type Incidents struct { func (x *Incidents) Reset() { *x = Incidents{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[35] + mi := &file_sa_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2168,7 +2003,7 @@ func (x *Incidents) String() string { func (*Incidents) ProtoMessage() {} func (x *Incidents) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[35] + mi := &file_sa_proto_msgTypes[32] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2181,7 +2016,7 @@ func (x *Incidents) ProtoReflect() protoreflect.Message { // Deprecated: Use Incidents.ProtoReflect.Descriptor instead. func (*Incidents) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{35} + return file_sa_proto_rawDescGZIP(), []int{32} } func (x *Incidents) GetIncidents() []*Incident { @@ -2202,7 +2037,7 @@ type SerialsForIncidentRequest struct { func (x *SerialsForIncidentRequest) Reset() { *x = SerialsForIncidentRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[36] + mi := &file_sa_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2215,7 +2050,7 @@ func (x *SerialsForIncidentRequest) String() string { func (*SerialsForIncidentRequest) ProtoMessage() {} func (x *SerialsForIncidentRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[36] + mi := &file_sa_proto_msgTypes[33] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2228,7 +2063,7 @@ func (x *SerialsForIncidentRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use SerialsForIncidentRequest.ProtoReflect.Descriptor instead. func (*SerialsForIncidentRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{36} + return file_sa_proto_rawDescGZIP(), []int{33} } func (x *SerialsForIncidentRequest) GetIncidentTable() string { @@ -2253,7 +2088,7 @@ type IncidentSerial struct { func (x *IncidentSerial) Reset() { *x = IncidentSerial{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[37] + mi := &file_sa_proto_msgTypes[34] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2266,7 +2101,7 @@ func (x *IncidentSerial) String() string { func (*IncidentSerial) ProtoMessage() {} func (x *IncidentSerial) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[37] + mi := &file_sa_proto_msgTypes[34] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2279,7 +2114,7 @@ func (x *IncidentSerial) ProtoReflect() protoreflect.Message { // Deprecated: Use IncidentSerial.ProtoReflect.Descriptor instead. func (*IncidentSerial) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{37} + return file_sa_proto_rawDescGZIP(), []int{34} } func (x *IncidentSerial) GetSerial() string { @@ -2326,7 +2161,7 @@ type GetRevokedCertsRequest struct { func (x *GetRevokedCertsRequest) Reset() { *x = GetRevokedCertsRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[38] + mi := &file_sa_proto_msgTypes[35] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2339,7 +2174,7 @@ func (x *GetRevokedCertsRequest) String() string { func (*GetRevokedCertsRequest) ProtoMessage() {} func (x *GetRevokedCertsRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[38] + mi := &file_sa_proto_msgTypes[35] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2352,7 +2187,7 @@ func (x *GetRevokedCertsRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetRevokedCertsRequest.ProtoReflect.Descriptor instead. func (*GetRevokedCertsRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{38} + return file_sa_proto_rawDescGZIP(), []int{35} } func (x *GetRevokedCertsRequest) GetIssuerNameID() int64 { @@ -2403,7 +2238,7 @@ type RevocationStatus struct { func (x *RevocationStatus) Reset() { *x = RevocationStatus{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[39] + mi := &file_sa_proto_msgTypes[36] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2416,7 +2251,7 @@ func (x *RevocationStatus) String() string { func (*RevocationStatus) ProtoMessage() {} func (x *RevocationStatus) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[39] + mi := &file_sa_proto_msgTypes[36] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2429,7 +2264,7 @@ func (x *RevocationStatus) ProtoReflect() protoreflect.Message { // Deprecated: Use RevocationStatus.ProtoReflect.Descriptor instead. func (*RevocationStatus) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{39} + return file_sa_proto_rawDescGZIP(), []int{36} } func (x *RevocationStatus) GetStatus() int64 { @@ -2467,7 +2302,7 @@ type LeaseCRLShardRequest struct { func (x *LeaseCRLShardRequest) Reset() { *x = LeaseCRLShardRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[40] + mi := &file_sa_proto_msgTypes[37] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2480,7 +2315,7 @@ func (x *LeaseCRLShardRequest) String() string { func (*LeaseCRLShardRequest) ProtoMessage() {} func (x *LeaseCRLShardRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[40] + mi := &file_sa_proto_msgTypes[37] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2493,7 +2328,7 @@ func (x *LeaseCRLShardRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use LeaseCRLShardRequest.ProtoReflect.Descriptor instead. func (*LeaseCRLShardRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{40} + return file_sa_proto_rawDescGZIP(), []int{37} } func (x *LeaseCRLShardRequest) GetIssuerNameID() int64 { @@ -2536,7 +2371,7 @@ type LeaseCRLShardResponse struct { func (x *LeaseCRLShardResponse) Reset() { *x = LeaseCRLShardResponse{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[41] + mi := &file_sa_proto_msgTypes[38] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2549,7 +2384,7 @@ func (x *LeaseCRLShardResponse) String() string { func (*LeaseCRLShardResponse) ProtoMessage() {} func (x *LeaseCRLShardResponse) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[41] + mi := &file_sa_proto_msgTypes[38] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2562,7 +2397,7 @@ func (x *LeaseCRLShardResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use LeaseCRLShardResponse.ProtoReflect.Descriptor instead. func (*LeaseCRLShardResponse) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{41} + return file_sa_proto_rawDescGZIP(), []int{38} } func (x *LeaseCRLShardResponse) GetIssuerNameID() int64 { @@ -2593,7 +2428,7 @@ type UpdateCRLShardRequest struct { func (x *UpdateCRLShardRequest) Reset() { *x = UpdateCRLShardRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[42] + mi := &file_sa_proto_msgTypes[39] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2606,7 +2441,7 @@ func (x *UpdateCRLShardRequest) String() string { func (*UpdateCRLShardRequest) ProtoMessage() {} func (x *UpdateCRLShardRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[42] + mi := &file_sa_proto_msgTypes[39] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2619,7 +2454,7 @@ func (x *UpdateCRLShardRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateCRLShardRequest.ProtoReflect.Descriptor instead. func (*UpdateCRLShardRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{42} + return file_sa_proto_rawDescGZIP(), []int{39} } func (x *UpdateCRLShardRequest) GetIssuerNameID() int64 { @@ -2661,7 +2496,7 @@ type Identifiers struct { func (x *Identifiers) Reset() { *x = Identifiers{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[43] + mi := &file_sa_proto_msgTypes[40] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2674,7 +2509,7 @@ func (x *Identifiers) String() string { func (*Identifiers) ProtoMessage() {} func (x *Identifiers) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[43] + mi := &file_sa_proto_msgTypes[40] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2687,7 +2522,7 @@ func (x *Identifiers) ProtoReflect() protoreflect.Message { // Deprecated: Use Identifiers.ProtoReflect.Descriptor instead. func (*Identifiers) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{43} + return file_sa_proto_rawDescGZIP(), []int{40} } func (x *Identifiers) GetIdentifiers() []*proto.Identifier { @@ -2709,7 +2544,7 @@ type PauseRequest struct { func (x *PauseRequest) Reset() { *x = PauseRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[44] + mi := &file_sa_proto_msgTypes[41] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2722,7 +2557,7 @@ func (x *PauseRequest) String() string { func (*PauseRequest) ProtoMessage() {} func (x *PauseRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[44] + mi := &file_sa_proto_msgTypes[41] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2735,7 +2570,7 @@ func (x *PauseRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use PauseRequest.ProtoReflect.Descriptor instead. func (*PauseRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{44} + return file_sa_proto_rawDescGZIP(), []int{41} } func (x *PauseRequest) GetRegistrationID() int64 { @@ -2764,7 +2599,7 @@ type PauseIdentifiersResponse struct { func (x *PauseIdentifiersResponse) Reset() { *x = PauseIdentifiersResponse{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[45] + mi := &file_sa_proto_msgTypes[42] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2777,7 +2612,7 @@ func (x *PauseIdentifiersResponse) String() string { func (*PauseIdentifiersResponse) ProtoMessage() {} func (x *PauseIdentifiersResponse) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[45] + mi := &file_sa_proto_msgTypes[42] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2790,7 +2625,7 @@ func (x *PauseIdentifiersResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use PauseIdentifiersResponse.ProtoReflect.Descriptor instead. func (*PauseIdentifiersResponse) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{45} + return file_sa_proto_rawDescGZIP(), []int{42} } func (x *PauseIdentifiersResponse) GetPaused() int64 { @@ -2819,7 +2654,7 @@ type UpdateRegistrationContactRequest struct { func (x *UpdateRegistrationContactRequest) Reset() { *x = UpdateRegistrationContactRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[46] + mi := &file_sa_proto_msgTypes[43] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2832,7 +2667,7 @@ func (x *UpdateRegistrationContactRequest) String() string { func (*UpdateRegistrationContactRequest) ProtoMessage() {} func (x *UpdateRegistrationContactRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[46] + mi := &file_sa_proto_msgTypes[43] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2845,7 +2680,7 @@ func (x *UpdateRegistrationContactRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateRegistrationContactRequest.ProtoReflect.Descriptor instead. func (*UpdateRegistrationContactRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{46} + return file_sa_proto_rawDescGZIP(), []int{43} } func (x *UpdateRegistrationContactRequest) GetRegistrationID() int64 { @@ -2874,7 +2709,7 @@ type UpdateRegistrationKeyRequest struct { func (x *UpdateRegistrationKeyRequest) Reset() { *x = UpdateRegistrationKeyRequest{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[47] + mi := &file_sa_proto_msgTypes[44] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2887,7 +2722,7 @@ func (x *UpdateRegistrationKeyRequest) String() string { func (*UpdateRegistrationKeyRequest) ProtoMessage() {} func (x *UpdateRegistrationKeyRequest) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[47] + mi := &file_sa_proto_msgTypes[44] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2900,7 +2735,7 @@ func (x *UpdateRegistrationKeyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateRegistrationKeyRequest.ProtoReflect.Descriptor instead. func (*UpdateRegistrationKeyRequest) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{47} + return file_sa_proto_rawDescGZIP(), []int{44} } func (x *UpdateRegistrationKeyRequest) GetRegistrationID() int64 { @@ -2974,666 +2809,626 @@ var file_sa_proto_rawDesc = []byte{ 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x74, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x22, 0x5e, 0x0a, - 0x1f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72, 0x61, 0x6e, 0x67, - 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0xb7, 0x01, - 0x0a, 0x0c, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x34, - 0x0a, 0x06, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, - 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, - 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x63, 0x6f, - 0x75, 0x6e, 0x74, 0x73, 0x12, 0x36, 0x0a, 0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x52, 0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, 0x1a, 0x39, 0x0a, 0x0b, - 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x86, 0x01, 0x0a, 0x21, 0x43, 0x6f, 0x75, 0x6e, - 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, - 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, - 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, - 0x22, 0x53, 0x0a, 0x12, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, - 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, - 0x6e, 0x74, 0x49, 0x44, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, - 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x81, 0x01, 0x0a, 0x14, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, - 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, - 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x31, 0x0a, 0x06, 0x77, 0x69, - 0x6e, 0x64, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x14, 0x0a, - 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x6c, 0x69, - 0x6d, 0x69, 0x74, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x22, 0x32, 0x0a, 0x14, 0x46, 0x51, 0x44, - 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x20, 0x0a, - 0x06, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, - 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, - 0xb8, 0x01, 0x0a, 0x10, 0x41, 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, - 0x61, 0x6c, 0x12, 0x34, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x05, 0x20, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x22, 0x86, 0x01, + 0x0a, 0x21, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x64, + 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6e, + 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, + 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x81, 0x01, 0x0a, 0x14, 0x43, 0x6f, 0x75, 0x6e, 0x74, + 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x31, 0x0a, 0x06, 0x77, + 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x14, + 0x0a, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x6c, + 0x69, 0x6d, 0x69, 0x74, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x22, 0x32, 0x0a, 0x14, 0x46, 0x51, + 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x20, + 0x0a, 0x06, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x78, 0x69, 0x73, + 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, + 0x22, 0xb8, 0x01, 0x0a, 0x10, 0x41, 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, + 0x69, 0x61, 0x6c, 0x12, 0x34, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, + 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x78, 0x70, + 0x69, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x4a, + 0x04, 0x08, 0x03, 0x10, 0x04, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0xc7, 0x01, 0x0a, 0x15, + 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0c, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x12, 0x32, 0x0a, + 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, + 0x64, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, + 0x44, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, + 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x63, 0x73, 0x70, 0x4e, 0x6f, 0x74, + 0x52, 0x65, 0x61, 0x64, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6f, 0x63, 0x73, + 0x70, 0x4e, 0x6f, 0x74, 0x52, 0x65, 0x61, 0x64, 0x79, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x4a, + 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x1e, 0x0a, 0x0c, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x9d, 0x02, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, + 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, + 0x44, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, + 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, + 0x6d, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, + 0x6d, 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x03, 0x52, 0x10, 0x76, + 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, + 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, + 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, + 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x4a, + 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x89, 0x02, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x41, 0x75, 0x74, + 0x68, 0x7a, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x30, 0x0a, 0x0a, 0x69, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, + 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x52, + 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x26, 0x0a, 0x0e, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x49, 0x44, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, + 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, + 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x54, 0x79, 0x70, 0x65, + 0x73, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x4a, 0x04, 0x08, + 0x02, 0x10, 0x03, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, + 0x04, 0x08, 0x06, 0x10, 0x07, 0x4a, 0x04, 0x08, 0x07, 0x10, 0x08, 0x4a, 0x04, 0x08, 0x08, 0x10, + 0x09, 0x22, 0x7e, 0x0a, 0x18, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, + 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2f, 0x0a, + 0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x13, 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x52, 0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x31, + 0x0a, 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, + 0x73, 0x22, 0x52, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, + 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, + 0x50, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, + 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x4c, 0x0a, 0x22, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, + 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x61, + 0x63, 0x63, 0x74, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x61, 0x63, 0x63, + 0x74, 0x49, 0x44, 0x22, 0x4d, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, + 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, + 0x0a, 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, + 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, + 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, + 0x65, 0x73, 0x22, 0x54, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, + 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x11, 0x63, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0xa0, 0x01, 0x0a, 0x18, 0x47, 0x65, 0x74, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, + 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x0a, 0x76, 0x61, 0x6c, + 0x69, 0x64, 0x55, 0x6e, 0x74, 0x69, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x76, 0x61, 0x6c, 0x69, 0x64, + 0x55, 0x6e, 0x74, 0x69, 0x6c, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x22, 0x3d, 0x0a, 0x0e, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2b, 0x0a, + 0x06, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, + 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x22, 0x24, 0x0a, 0x10, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x73, 0x12, 0x10, + 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x03, 0x69, 0x64, 0x73, + 0x22, 0x22, 0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x49, 0x44, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x02, 0x69, 0x64, 0x22, 0x92, 0x02, 0x0a, 0x18, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, + 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, + 0x6e, 0x12, 0x2e, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, 0x64, 0x61, 0x74, + 0x65, 0x12, 0x36, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, - 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, - 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, - 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x4a, 0x04, - 0x08, 0x03, 0x10, 0x04, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0xc7, 0x01, 0x0a, 0x15, 0x41, - 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x12, 0x32, 0x0a, 0x06, - 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, - 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, - 0x6d, 0x65, 0x49, 0x44, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x63, 0x73, 0x70, 0x4e, 0x6f, 0x74, 0x52, - 0x65, 0x61, 0x64, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6f, 0x63, 0x73, 0x70, - 0x4e, 0x6f, 0x74, 0x52, 0x65, 0x61, 0x64, 0x79, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x4a, 0x04, - 0x08, 0x04, 0x10, 0x05, 0x22, 0x1e, 0x0a, 0x0c, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, - 0x52, 0x02, 0x69, 0x64, 0x22, 0x9d, 0x02, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, - 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, - 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, - 0x12, 0x34, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x08, 0x62, 0x61, 0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, + 0x44, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, + 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, 0x04, 0x08, + 0x03, 0x10, 0x04, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x22, 0xea, 0x02, 0x0a, 0x1c, 0x46, 0x69, + 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, + 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x74, 0x74, 0x65, + 0x6d, 0x70, 0x74, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x74, 0x74, + 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x12, 0x44, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x12, 0x3e, 0x0a, 0x0f, + 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, + 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x0f, 0x76, 0x61, 0x6c, + 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3c, 0x0a, 0x0b, + 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x41, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, 0x65, - 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, - 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, - 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x03, 0x52, 0x10, 0x76, 0x32, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x26, - 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x73, - 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x4a, 0x04, - 0x08, 0x02, 0x10, 0x03, 0x22, 0x89, 0x02, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, - 0x7a, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x30, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, - 0x6f, 0x72, 0x65, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x52, 0x0a, - 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, - 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x49, 0x44, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x09, 0x20, + 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x61, + 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x41, 0x74, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, + 0x4a, 0x04, 0x08, 0x07, 0x10, 0x08, 0x22, 0xb8, 0x01, 0x0a, 0x14, 0x41, 0x64, 0x64, 0x42, 0x6c, + 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x18, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x12, 0x30, 0x0a, 0x05, 0x61, 0x64, 0x64, + 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, + 0x74, 0x61, 0x6d, 0x70, 0x52, 0x05, 0x61, 0x64, 0x64, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c, 0x0a, + 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x4a, 0x04, 0x08, 0x02, 0x10, + 0x03, 0x22, 0x24, 0x0a, 0x08, 0x53, 0x50, 0x4b, 0x49, 0x48, 0x61, 0x73, 0x68, 0x12, 0x18, 0x0a, + 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, + 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x22, 0xa4, 0x01, 0x0a, 0x08, 0x49, 0x6e, 0x63, 0x69, + 0x64, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x02, 0x69, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x54, 0x61, + 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x34, 0x0a, 0x07, 0x72, 0x65, 0x6e, 0x65, + 0x77, 0x42, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x42, 0x79, 0x12, 0x18, + 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x37, + 0x0a, 0x09, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x2a, 0x0a, 0x09, 0x69, + 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, + 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x09, 0x69, 0x6e, + 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x41, 0x0a, 0x19, 0x53, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x69, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, + 0x54, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x69, 0x6e, 0x63, + 0x69, 0x64, 0x65, 0x6e, 0x74, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x22, 0xb4, 0x01, 0x0a, 0x0e, 0x49, + 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, + 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, + 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, + 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, 0x42, 0x0a, 0x0e, 0x6c, 0x61, 0x73, 0x74, 0x4e, + 0x6f, 0x74, 0x69, 0x63, 0x65, 0x53, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0e, 0x6c, 0x61, 0x73, + 0x74, 0x4e, 0x6f, 0x74, 0x69, 0x63, 0x65, 0x53, 0x65, 0x6e, 0x74, 0x4a, 0x04, 0x08, 0x04, 0x10, + 0x05, 0x22, 0xae, 0x02, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, + 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0c, + 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, + 0x12, 0x3e, 0x0a, 0x0c, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x66, 0x74, 0x65, 0x72, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x52, 0x0c, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x66, 0x74, 0x65, 0x72, + 0x12, 0x40, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, + 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, + 0x72, 0x65, 0x12, 0x40, 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65, 0x66, + 0x6f, 0x72, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65, + 0x66, 0x6f, 0x72, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, + 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x4a, 0x04, 0x08, 0x04, + 0x10, 0x05, 0x22, 0x8e, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, + 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, + 0x24, 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, + 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0b, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, + 0x44, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x44, + 0x61, 0x74, 0x65, 0x22, 0xb0, 0x01, 0x0a, 0x14, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, + 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0c, + 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, + 0x12, 0x20, 0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x6d, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x72, 0x64, 0x49, + 0x64, 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x53, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, + 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x6d, 0x61, 0x78, 0x53, 0x68, 0x61, 0x72, + 0x64, 0x49, 0x64, 0x78, 0x12, 0x30, 0x0a, 0x05, 0x75, 0x6e, 0x74, 0x69, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, - 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x68, 0x61, 0x6c, - 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0e, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, - 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x4a, 0x04, 0x08, 0x02, - 0x10, 0x03, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, - 0x08, 0x06, 0x10, 0x07, 0x4a, 0x04, 0x08, 0x07, 0x10, 0x08, 0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, - 0x22, 0x7e, 0x0a, 0x18, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, - 0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2f, 0x0a, 0x08, - 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, - 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x52, 0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x31, 0x0a, - 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x13, 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, - 0x22, 0x52, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, - 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, - 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65, - 0x72, 0x72, 0x6f, 0x72, 0x22, 0x4c, 0x0a, 0x22, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, - 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, - 0x63, 0x74, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x61, 0x63, 0x63, 0x74, - 0x49, 0x44, 0x22, 0x4d, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, - 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, - 0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x61, - 0x63, 0x63, 0x74, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x22, 0x54, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, - 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x11, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0xa0, 0x01, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, + 0x05, 0x75, 0x6e, 0x74, 0x69, 0x6c, 0x22, 0x57, 0x0a, 0x15, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, + 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, + 0x65, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x22, + 0xcf, 0x01, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, + 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, + 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, 0x1a, 0x0a, + 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x12, 0x3a, 0x0a, 0x0a, 0x74, 0x68, 0x69, + 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, + 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x3a, 0x0a, 0x0a, 0x6e, 0x65, 0x78, 0x74, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x6e, 0x65, 0x78, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x22, 0x41, 0x0a, 0x0b, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, + 0x12, 0x32, 0x0a, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x49, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x73, 0x22, 0x6a, 0x0a, 0x0c, 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, + 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x32, 0x0a, 0x0b, + 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, + 0x22, 0x4e, 0x0a, 0x18, 0x50, 0x61, 0x75, 0x73, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, + 0x70, 0x61, 0x75, 0x73, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x70, 0x61, + 0x75, 0x73, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x61, 0x75, 0x73, 0x65, 0x64, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x72, 0x65, 0x70, 0x61, 0x75, 0x73, 0x65, 0x64, + 0x22, 0x66, 0x0a, 0x20, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, - 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, - 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x0a, 0x76, 0x61, 0x6c, 0x69, - 0x64, 0x55, 0x6e, 0x74, 0x69, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x55, - 0x6e, 0x74, 0x69, 0x6c, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x22, 0x3d, 0x0a, 0x0e, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2b, 0x0a, 0x06, - 0x61, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, - 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x06, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x22, 0x24, 0x0a, 0x10, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x73, 0x12, 0x10, 0x0a, - 0x03, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x03, 0x69, 0x64, 0x73, 0x22, - 0x22, 0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x49, 0x44, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x02, 0x69, 0x64, 0x22, 0x92, 0x02, 0x0a, 0x18, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, - 0x12, 0x2e, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, 0x64, 0x61, 0x74, 0x65, - 0x12, 0x36, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x18, 0x09, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x08, - 0x62, 0x61, 0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, - 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, 0x04, 0x08, 0x03, - 0x10, 0x04, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x22, 0xea, 0x02, 0x0a, 0x1c, 0x46, 0x69, 0x6e, - 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x08, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, - 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x74, 0x74, 0x65, 0x6d, - 0x70, 0x74, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x74, 0x74, 0x65, - 0x6d, 0x70, 0x74, 0x65, 0x64, 0x12, 0x44, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x12, 0x3e, 0x0a, 0x0f, 0x76, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62, - 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x0f, 0x76, 0x61, 0x6c, 0x69, - 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3c, 0x0a, 0x0b, 0x61, - 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x41, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x61, 0x74, - 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x41, 0x74, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x4a, - 0x04, 0x08, 0x07, 0x10, 0x08, 0x22, 0xb8, 0x01, 0x0a, 0x14, 0x41, 0x64, 0x64, 0x42, 0x6c, 0x6f, - 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, - 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x12, 0x30, 0x0a, 0x05, 0x61, 0x64, 0x64, 0x65, - 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, - 0x61, 0x6d, 0x70, 0x52, 0x05, 0x61, 0x64, 0x64, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c, 0x0a, 0x09, - 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, - 0x22, 0x24, 0x0a, 0x08, 0x53, 0x50, 0x4b, 0x49, 0x48, 0x61, 0x73, 0x68, 0x12, 0x18, 0x0a, 0x07, - 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x6b, - 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x22, 0xa4, 0x01, 0x0a, 0x08, 0x49, 0x6e, 0x63, 0x69, 0x64, - 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x02, 0x69, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x54, 0x61, 0x62, - 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, - 0x54, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x34, 0x0a, 0x07, 0x72, 0x65, 0x6e, 0x65, 0x77, - 0x42, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x42, 0x79, 0x12, 0x18, 0x0a, - 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x37, 0x0a, - 0x09, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x2a, 0x0a, 0x09, 0x69, 0x6e, - 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, - 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x09, 0x69, 0x6e, 0x63, - 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x41, 0x0a, 0x19, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, - 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x69, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x54, - 0x61, 0x62, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x69, 0x6e, 0x63, 0x69, - 0x64, 0x65, 0x6e, 0x74, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x22, 0xb4, 0x01, 0x0a, 0x0e, 0x49, 0x6e, - 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, - 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, - 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, - 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x6f, - 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, 0x42, 0x0a, 0x0e, 0x6c, 0x61, 0x73, 0x74, 0x4e, 0x6f, - 0x74, 0x69, 0x63, 0x65, 0x53, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0e, 0x6c, 0x61, 0x73, 0x74, - 0x4e, 0x6f, 0x74, 0x69, 0x63, 0x65, 0x53, 0x65, 0x6e, 0x74, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, - 0x22, 0xae, 0x02, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, - 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x69, - 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, - 0x3e, 0x0a, 0x0c, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x52, 0x0c, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, - 0x40, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x52, 0x0d, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, - 0x65, 0x12, 0x40, 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65, 0x66, 0x6f, - 0x72, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65, 0x66, - 0x6f, 0x72, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x4a, - 0x04, 0x08, 0x02, 0x10, 0x03, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x4a, 0x04, 0x08, 0x04, 0x10, - 0x05, 0x22, 0x8e, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, - 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, - 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0b, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x44, - 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, + 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x22, 0x58, 0x0a, 0x1c, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, + 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, + 0x12, 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6a, + 0x77, 0x6b, 0x32, 0xc9, 0x0d, 0x0a, 0x18, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x12, + 0x51, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x25, + 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, + 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, + 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x32, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, + 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0d, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, + 0x73, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, + 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, + 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x1a, 0x46, + 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, + 0x46, 0x6f, 0x72, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, + 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x73, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, + 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x1c, 0x2e, + 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, + 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, + 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, + 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x22, 0x00, 0x12, 0x38, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x4c, 0x69, 0x6e, 0x74, 0x50, + 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, + 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x3d, + 0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, + 0x61, 0x6c, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a, + 0x10, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x78, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, - 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x44, 0x61, - 0x74, 0x65, 0x22, 0xb0, 0x01, 0x0a, 0x14, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, - 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x69, - 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, - 0x20, 0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x6d, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, - 0x78, 0x12, 0x20, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x53, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x6d, 0x61, 0x78, 0x53, 0x68, 0x61, 0x72, 0x64, - 0x49, 0x64, 0x78, 0x12, 0x30, 0x0a, 0x05, 0x75, 0x6e, 0x74, 0x69, 0x6c, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x05, - 0x75, 0x6e, 0x74, 0x69, 0x6c, 0x22, 0x57, 0x0a, 0x15, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, - 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x22, - 0x0a, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, - 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x22, 0xcf, - 0x01, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, - 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, 0x75, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, - 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, - 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, - 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x12, 0x3a, 0x0a, 0x0a, 0x74, 0x68, 0x69, 0x73, - 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, - 0x64, 0x61, 0x74, 0x65, 0x12, 0x3a, 0x0a, 0x0a, 0x6e, 0x65, 0x78, 0x74, 0x55, 0x70, 0x64, 0x61, - 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x6e, 0x65, 0x78, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, - 0x22, 0x41, 0x0a, 0x0b, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, - 0x32, 0x0a, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x49, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x73, 0x22, 0x6a, 0x0a, 0x0c, 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x32, 0x0a, 0x0b, 0x69, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x22, - 0x4e, 0x0a, 0x18, 0x50, 0x61, 0x75, 0x73, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, - 0x61, 0x75, 0x73, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x70, 0x61, 0x75, - 0x73, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x61, 0x75, 0x73, 0x65, 0x64, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x72, 0x65, 0x70, 0x61, 0x75, 0x73, 0x65, 0x64, 0x22, - 0x66, 0x0a, 0x20, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x63, - 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, - 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x22, 0x58, 0x0a, 0x1c, 0x55, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, - 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, - 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6a, 0x77, - 0x6b, 0x32, 0xd2, 0x0e, 0x0a, 0x18, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x53, - 0x0a, 0x18, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x23, 0x2e, 0x73, 0x61, 0x2e, - 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x22, 0x00, 0x12, 0x51, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x08, 0x47, 0x65, 0x74, 0x4f, 0x72, + 0x64, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, + 0x65, 0x72, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, + 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, + 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, + 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x12, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, + 0x00, 0x12, 0x3c, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x4a, + 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, + 0x39, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, + 0x61, 0x6c, 0x1a, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x41, 0x0a, 0x0f, 0x47, 0x65, + 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x1a, 0x2e, + 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, + 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x00, 0x30, 0x01, 0x12, 0x35, 0x0a, + 0x11, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, + 0x74, 0x61, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x12, + 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, + 0x74, 0x61, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x73, 0x42, 0x79, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x12, 0x2e, 0x73, 0x61, + 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, + 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, 0x12, + 0x2f, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x42, 0x79, 0x4b, + 0x65, 0x79, 0x12, 0x0c, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x50, 0x4b, 0x49, 0x48, 0x61, 0x73, 0x68, + 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, + 0x12, 0x52, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x21, 0x2e, 0x73, 0x61, + 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, + 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x22, 0x00, 0x12, 0x5c, 0x0a, 0x1c, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, + 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x26, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, + 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, + 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x22, 0x00, 0x12, 0x31, 0x0a, 0x12, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x46, + 0x6f, 0x72, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, + 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0d, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, + 0x6e, 0x74, 0x73, 0x22, 0x00, 0x12, 0x28, 0x0a, 0x0a, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f, 0x63, + 0x6b, 0x65, 0x64, 0x12, 0x0c, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x50, 0x4b, 0x49, 0x48, 0x61, 0x73, + 0x68, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, + 0x32, 0x0a, 0x16, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x4f, 0x72, + 0x64, 0x65, 0x72, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, + 0x73, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x12, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, + 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x12, 0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x53, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, + 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, + 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, + 0x12, 0x3d, 0x0a, 0x16, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x73, 0x50, 0x61, 0x75, 0x73, 0x65, 0x64, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, + 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0f, 0x2e, 0x73, + 0x61, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x22, 0x00, 0x12, + 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x50, 0x61, 0x75, 0x73, 0x65, 0x64, 0x49, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x0f, 0x2e, 0x73, 0x61, + 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x22, 0x00, 0x32, 0xe3, + 0x19, 0x0a, 0x10, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x12, 0x51, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x25, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, - 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x32, 0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, - 0x72, 0x64, 0x65, 0x72, 0x73, 0x12, 0x16, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, - 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, - 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x1b, 0x43, 0x6f, - 0x75, 0x6e, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, - 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, - 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0d, 0x46, 0x51, - 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, - 0x2e, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, - 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x1a, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x54, 0x69, - 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x46, 0x6f, 0x72, 0x57, 0x69, 0x6e, 0x64, 0x6f, - 0x77, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, - 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x73, 0x61, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x22, 0x00, 0x12, 0x40, 0x0a, - 0x11, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, - 0x48, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x47, 0x65, 0x74, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, - 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x38, 0x0a, 0x15, - 0x47, 0x65, 0x74, 0x4c, 0x69, 0x6e, 0x74, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, - 0x6c, 0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, - 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x72, - 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x78, 0x45, - 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, - 0x79, 0x1a, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x00, 0x12, - 0x2b, 0x0a, 0x08, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, - 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, - 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, - 0x12, 0x1b, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, - 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, - 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x49, 0x44, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, - 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x3c, 0x0a, 0x14, 0x47, 0x65, 0x74, - 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x79, 0x4b, 0x65, - 0x79, 0x12, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, - 0x79, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x52, 0x65, - 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, - 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x14, 0x2e, 0x73, 0x61, 0x2e, - 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x22, 0x00, 0x12, 0x41, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, - 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x1a, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, - 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x22, 0x00, 0x30, 0x01, 0x12, 0x35, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, - 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, - 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, - 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x13, - 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x42, 0x79, 0x41, 0x63, 0x63, 0x6f, - 0x75, 0x6e, 0x74, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, - 0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, 0x12, 0x2f, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x53, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x73, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0c, 0x2e, 0x73, 0x61, 0x2e, - 0x53, 0x50, 0x4b, 0x49, 0x48, 0x61, 0x73, 0x68, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, 0x12, 0x52, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x32, 0x12, 0x21, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, - 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x5c, 0x0a, 0x1c, - 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x26, 0x2e, 0x73, - 0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x12, 0x49, 0x6e, - 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x46, 0x6f, 0x72, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, - 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0d, 0x2e, 0x73, - 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x00, 0x12, 0x28, 0x0a, - 0x0a, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x0c, 0x2e, 0x73, 0x61, - 0x2e, 0x53, 0x50, 0x4b, 0x49, 0x48, 0x61, 0x73, 0x68, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, - 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x70, 0x6c, 0x61, - 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x78, 0x69, 0x73, 0x74, - 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0a, 0x2e, - 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x12, 0x53, - 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, - 0x74, 0x12, 0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, - 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, 0x12, 0x3d, 0x0a, 0x16, 0x43, 0x68, 0x65, 0x63, - 0x6b, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x50, 0x61, 0x75, 0x73, - 0x65, 0x64, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0f, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x66, 0x69, 0x65, 0x72, 0x73, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x50, 0x61, - 0x75, 0x73, 0x65, 0x64, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, + 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x50, + 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, + 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0d, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, + 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x51, 0x44, + 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, + 0x48, 0x0a, 0x1a, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x73, 0x46, 0x6f, 0x72, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18, 0x2e, + 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x11, 0x47, 0x65, 0x74, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, + 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x12, 0x47, + 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x32, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, + 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x38, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x4c, + 0x69, 0x6e, 0x74, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, + 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, + 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, + 0x00, 0x12, 0x48, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x78, 0x45, 0x78, 0x70, 0x69, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1a, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x08, 0x47, + 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, + 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4f, + 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x73, + 0x61, 0x2e, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, + 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, + 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, + 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x3c, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x2e, + 0x73, 0x61, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x1a, 0x12, 0x2e, + 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, + 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x41, + 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, + 0x73, 0x12, 0x1a, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, + 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, + 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x00, 0x30, + 0x01, 0x12, 0x35, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, + 0x61, 0x6c, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x53, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x42, 0x79, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x49, 0x44, 0x1a, 0x0f, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, - 0x69, 0x65, 0x72, 0x73, 0x22, 0x00, 0x32, 0xec, 0x1a, 0x0a, 0x10, 0x53, 0x74, 0x6f, 0x72, 0x61, - 0x67, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x53, 0x0a, 0x18, 0x43, - 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, - 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x23, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, - 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, - 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x73, - 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x00, - 0x12, 0x51, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, + 0x6e, 0x49, 0x44, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, + 0x00, 0x30, 0x01, 0x12, 0x2f, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, + 0x73, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0c, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x50, 0x4b, 0x49, + 0x48, 0x61, 0x73, 0x68, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, + 0x22, 0x00, 0x30, 0x01, 0x12, 0x52, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, - 0x25, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, - 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, - 0x74, 0x22, 0x00, 0x12, 0x32, 0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, - 0x72, 0x73, 0x12, 0x16, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, - 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, - 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, - 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, - 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0d, 0x46, 0x51, 0x44, 0x4e, 0x53, - 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x51, - 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, - 0x12, 0x48, 0x0a, 0x1a, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x73, 0x46, 0x6f, 0x72, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18, - 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, - 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x54, 0x69, - 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x11, 0x47, 0x65, - 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, - 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x12, - 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x32, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x21, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x5c, 0x0a, 0x1c, 0x47, 0x65, 0x74, 0x56, + 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x26, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, + 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x38, 0x0a, 0x15, 0x47, 0x65, 0x74, - 0x4c, 0x69, 0x6e, 0x74, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, - 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, - 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, + 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x12, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, + 0x6e, 0x74, 0x73, 0x46, 0x6f, 0x72, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x0a, 0x2e, 0x73, + 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0d, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, + 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x00, 0x12, 0x28, 0x0a, 0x0a, 0x4b, 0x65, 0x79, + 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x0c, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x50, 0x4b, + 0x49, 0x48, 0x61, 0x73, 0x68, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, + 0x73, 0x22, 0x00, 0x12, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, 0x65, + 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x0a, 0x2e, + 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, + 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x12, 0x53, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x12, 0x1d, 0x2e, + 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, + 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, + 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, + 0x22, 0x00, 0x30, 0x01, 0x12, 0x3d, 0x0a, 0x16, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x50, 0x61, 0x75, 0x73, 0x65, 0x64, 0x12, 0x10, + 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x0f, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, + 0x73, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x50, 0x61, 0x75, 0x73, 0x65, 0x64, + 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, 0x12, 0x2e, 0x73, 0x61, + 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, + 0x0f, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, + 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x41, 0x64, 0x64, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, + 0x4b, 0x65, 0x79, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x42, 0x6c, 0x6f, 0x63, + 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x0e, 0x41, 0x64, 0x64, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x41, + 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x48, + 0x0a, 0x11, 0x41, 0x64, 0x64, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x41, 0x0a, 0x19, 0x53, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x22, 0x00, 0x12, 0x48, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x78, 0x45, 0x78, 0x70, 0x69, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1a, + 0x52, 0x65, 0x61, 0x64, 0x79, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x09, 0x41, + 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, + 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x08, - 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, - 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, - 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, 0x47, 0x65, 0x74, - 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1b, 0x2e, - 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, - 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, - 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x47, 0x65, 0x74, - 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, - 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, + 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x4a, 0x0a, 0x18, 0x44, 0x65, 0x61, 0x63, + 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, + 0x74, 0x79, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x16, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, + 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, + 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x49, 0x44, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x54, 0x0a, 0x16, + 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x20, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, + 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, + 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, + 0x64, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, + 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x11, 0x4e, 0x65, 0x77, 0x4f, 0x72, + 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x12, 0x1c, 0x2e, 0x73, + 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, 0x75, 0x74, + 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, + 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77, + 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, + 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x3c, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0e, - 0x2e, 0x73, 0x61, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x1a, 0x12, - 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, - 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, - 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, - 0x41, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, - 0x74, 0x73, 0x12, 0x1a, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, - 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x00, - 0x30, 0x01, 0x12, 0x35, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, - 0x69, 0x61, 0x6c, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x13, 0x47, 0x65, 0x74, - 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x42, 0x79, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, - 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, - 0x22, 0x00, 0x30, 0x01, 0x12, 0x2f, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, - 0x6c, 0x73, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0c, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x50, 0x4b, - 0x49, 0x48, 0x61, 0x73, 0x68, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, - 0x6c, 0x22, 0x00, 0x30, 0x01, 0x12, 0x52, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, - 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, - 0x12, 0x21, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x5c, 0x0a, 0x1c, 0x47, 0x65, 0x74, - 0x56, 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x26, 0x2e, 0x73, 0x61, 0x2e, 0x47, - 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x12, 0x49, 0x6e, 0x63, 0x69, 0x64, - 0x65, 0x6e, 0x74, 0x73, 0x46, 0x6f, 0x72, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x0a, 0x2e, - 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0d, 0x2e, 0x73, 0x61, 0x2e, 0x49, - 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x00, 0x12, 0x28, 0x0a, 0x0a, 0x4b, 0x65, - 0x79, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x0c, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x50, - 0x4b, 0x49, 0x48, 0x61, 0x73, 0x68, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, - 0x74, 0x73, 0x22, 0x00, 0x12, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, - 0x65, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x0a, - 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, - 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x12, 0x53, 0x65, 0x72, 0x69, - 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x12, 0x1d, - 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, - 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, - 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, - 0x6c, 0x22, 0x00, 0x30, 0x01, 0x12, 0x3d, 0x0a, 0x16, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x50, 0x61, 0x75, 0x73, 0x65, 0x64, 0x12, - 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x0f, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, - 0x72, 0x73, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x50, 0x61, 0x75, 0x73, 0x65, - 0x64, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, 0x12, 0x2e, 0x73, - 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, - 0x1a, 0x0f, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, - 0x73, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x41, 0x64, 0x64, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, - 0x64, 0x4b, 0x65, 0x79, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x42, 0x6c, 0x6f, - 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x0e, 0x41, 0x64, 0x64, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x73, 0x61, 0x2e, - 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, - 0x48, 0x0a, 0x11, 0x41, 0x64, 0x64, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x41, 0x0a, 0x19, 0x53, 0x65, 0x74, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x52, 0x65, 0x61, 0x64, 0x79, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, - 0x61, 0x6c, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x09, - 0x41, 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, - 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x4a, 0x0a, 0x18, 0x44, 0x65, 0x61, - 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x16, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, - 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x16, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, - 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x49, 0x44, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x54, 0x0a, - 0x16, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x20, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x69, 0x6e, - 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x11, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, + 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, - 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, - 0x72, 0x64, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, - 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, + 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, + 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, + 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x11, 0x4e, 0x65, 0x77, 0x4f, - 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x12, 0x1c, 0x2e, - 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, 0x75, - 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, - 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, - 0x77, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x11, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, - 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, - 0x74, 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, - 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x74, 0x4f, 0x72, - 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x12, 0x53, 0x65, 0x74, - 0x4f, 0x72, 0x64, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, - 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x12, 0x55, - 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, - 0x57, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x24, 0x2e, 0x73, - 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x12, 0x53, 0x65, 0x74, 0x4f, + 0x72, 0x64, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x10, + 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x12, 0x55, 0x70, + 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x57, + 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x24, 0x2e, 0x73, 0x61, + 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, + 0x12, 0x20, 0x2e, 0x73, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, - 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, - 0x79, 0x12, 0x20, 0x2e, 0x73, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, - 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x18, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x46, 0x0a, - 0x0d, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x12, 0x18, - 0x2e, 0x73, 0x61, 0x2e, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, - 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x4c, 0x65, - 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, - 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x12, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x18, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x44, 0x0a, 0x10, - 0x50, 0x61, 0x75, 0x73, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, - 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x49, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, - 0x75, 0x6e, 0x74, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, - 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x73, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x0d, + 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x12, 0x18, 0x2e, + 0x73, 0x61, 0x2e, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x4c, 0x65, 0x61, + 0x73, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x52, + 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x12, 0x19, 0x2e, 0x73, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x43, 0x52, 0x4c, 0x53, 0x68, 0x61, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x44, 0x0a, 0x10, 0x50, + 0x61, 0x75, 0x73, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x12, + 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x61, 0x75, 0x73, 0x65, 0x49, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, + 0x6e, 0x74, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, + 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x73, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -3648,7 +3443,7 @@ func file_sa_proto_rawDescGZIP() []byte { return file_sa_proto_rawDescData } -var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 49) +var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 45) var file_sa_proto_goTypes = []interface{}{ (*RegistrationID)(nil), // 0: sa.RegistrationID (*JSONWebKey)(nil), // 1: sa.JSONWebKey @@ -3659,267 +3454,251 @@ var file_sa_proto_goTypes = []interface{}{ (*Range)(nil), // 6: sa.Range (*Count)(nil), // 7: sa.Count (*Timestamps)(nil), // 8: sa.Timestamps - (*CountCertificatesByNamesRequest)(nil), // 9: sa.CountCertificatesByNamesRequest - (*CountByNames)(nil), // 10: sa.CountByNames - (*CountInvalidAuthorizationsRequest)(nil), // 11: sa.CountInvalidAuthorizationsRequest - (*CountOrdersRequest)(nil), // 12: sa.CountOrdersRequest - (*CountFQDNSetsRequest)(nil), // 13: sa.CountFQDNSetsRequest - (*FQDNSetExistsRequest)(nil), // 14: sa.FQDNSetExistsRequest - (*Exists)(nil), // 15: sa.Exists - (*AddSerialRequest)(nil), // 16: sa.AddSerialRequest - (*AddCertificateRequest)(nil), // 17: sa.AddCertificateRequest - (*OrderRequest)(nil), // 18: sa.OrderRequest - (*NewOrderRequest)(nil), // 19: sa.NewOrderRequest - (*NewAuthzRequest)(nil), // 20: sa.NewAuthzRequest - (*NewOrderAndAuthzsRequest)(nil), // 21: sa.NewOrderAndAuthzsRequest - (*SetOrderErrorRequest)(nil), // 22: sa.SetOrderErrorRequest - (*GetValidOrderAuthorizationsRequest)(nil), // 23: sa.GetValidOrderAuthorizationsRequest - (*GetOrderForNamesRequest)(nil), // 24: sa.GetOrderForNamesRequest - (*FinalizeOrderRequest)(nil), // 25: sa.FinalizeOrderRequest - (*GetAuthorizationsRequest)(nil), // 26: sa.GetAuthorizationsRequest - (*Authorizations)(nil), // 27: sa.Authorizations - (*AuthorizationIDs)(nil), // 28: sa.AuthorizationIDs - (*AuthorizationID2)(nil), // 29: sa.AuthorizationID2 - (*RevokeCertificateRequest)(nil), // 30: sa.RevokeCertificateRequest - (*FinalizeAuthorizationRequest)(nil), // 31: sa.FinalizeAuthorizationRequest - (*AddBlockedKeyRequest)(nil), // 32: sa.AddBlockedKeyRequest - (*SPKIHash)(nil), // 33: sa.SPKIHash - (*Incident)(nil), // 34: sa.Incident - (*Incidents)(nil), // 35: sa.Incidents - (*SerialsForIncidentRequest)(nil), // 36: sa.SerialsForIncidentRequest - (*IncidentSerial)(nil), // 37: sa.IncidentSerial - (*GetRevokedCertsRequest)(nil), // 38: sa.GetRevokedCertsRequest - (*RevocationStatus)(nil), // 39: sa.RevocationStatus - (*LeaseCRLShardRequest)(nil), // 40: sa.LeaseCRLShardRequest - (*LeaseCRLShardResponse)(nil), // 41: sa.LeaseCRLShardResponse - (*UpdateCRLShardRequest)(nil), // 42: sa.UpdateCRLShardRequest - (*Identifiers)(nil), // 43: sa.Identifiers - (*PauseRequest)(nil), // 44: sa.PauseRequest - (*PauseIdentifiersResponse)(nil), // 45: sa.PauseIdentifiersResponse - (*UpdateRegistrationContactRequest)(nil), // 46: sa.UpdateRegistrationContactRequest - (*UpdateRegistrationKeyRequest)(nil), // 47: sa.UpdateRegistrationKeyRequest - nil, // 48: sa.CountByNames.CountsEntry - (*timestamppb.Timestamp)(nil), // 49: google.protobuf.Timestamp - (*durationpb.Duration)(nil), // 50: google.protobuf.Duration - (*proto.Identifier)(nil), // 51: core.Identifier - (*proto.ProblemDetails)(nil), // 52: core.ProblemDetails - (*proto.Authorization)(nil), // 53: core.Authorization - (*proto.ValidationRecord)(nil), // 54: core.ValidationRecord - (*emptypb.Empty)(nil), // 55: google.protobuf.Empty - (*proto.Registration)(nil), // 56: core.Registration - (*proto.Certificate)(nil), // 57: core.Certificate - (*proto.CertificateStatus)(nil), // 58: core.CertificateStatus - (*proto.Order)(nil), // 59: core.Order - (*proto.CRLEntry)(nil), // 60: core.CRLEntry + (*CountInvalidAuthorizationsRequest)(nil), // 9: sa.CountInvalidAuthorizationsRequest + (*CountFQDNSetsRequest)(nil), // 10: sa.CountFQDNSetsRequest + (*FQDNSetExistsRequest)(nil), // 11: sa.FQDNSetExistsRequest + (*Exists)(nil), // 12: sa.Exists + (*AddSerialRequest)(nil), // 13: sa.AddSerialRequest + (*AddCertificateRequest)(nil), // 14: sa.AddCertificateRequest + (*OrderRequest)(nil), // 15: sa.OrderRequest + (*NewOrderRequest)(nil), // 16: sa.NewOrderRequest + (*NewAuthzRequest)(nil), // 17: sa.NewAuthzRequest + (*NewOrderAndAuthzsRequest)(nil), // 18: sa.NewOrderAndAuthzsRequest + (*SetOrderErrorRequest)(nil), // 19: sa.SetOrderErrorRequest + (*GetValidOrderAuthorizationsRequest)(nil), // 20: sa.GetValidOrderAuthorizationsRequest + (*GetOrderForNamesRequest)(nil), // 21: sa.GetOrderForNamesRequest + (*FinalizeOrderRequest)(nil), // 22: sa.FinalizeOrderRequest + (*GetAuthorizationsRequest)(nil), // 23: sa.GetAuthorizationsRequest + (*Authorizations)(nil), // 24: sa.Authorizations + (*AuthorizationIDs)(nil), // 25: sa.AuthorizationIDs + (*AuthorizationID2)(nil), // 26: sa.AuthorizationID2 + (*RevokeCertificateRequest)(nil), // 27: sa.RevokeCertificateRequest + (*FinalizeAuthorizationRequest)(nil), // 28: sa.FinalizeAuthorizationRequest + (*AddBlockedKeyRequest)(nil), // 29: sa.AddBlockedKeyRequest + (*SPKIHash)(nil), // 30: sa.SPKIHash + (*Incident)(nil), // 31: sa.Incident + (*Incidents)(nil), // 32: sa.Incidents + (*SerialsForIncidentRequest)(nil), // 33: sa.SerialsForIncidentRequest + (*IncidentSerial)(nil), // 34: sa.IncidentSerial + (*GetRevokedCertsRequest)(nil), // 35: sa.GetRevokedCertsRequest + (*RevocationStatus)(nil), // 36: sa.RevocationStatus + (*LeaseCRLShardRequest)(nil), // 37: sa.LeaseCRLShardRequest + (*LeaseCRLShardResponse)(nil), // 38: sa.LeaseCRLShardResponse + (*UpdateCRLShardRequest)(nil), // 39: sa.UpdateCRLShardRequest + (*Identifiers)(nil), // 40: sa.Identifiers + (*PauseRequest)(nil), // 41: sa.PauseRequest + (*PauseIdentifiersResponse)(nil), // 42: sa.PauseIdentifiersResponse + (*UpdateRegistrationContactRequest)(nil), // 43: sa.UpdateRegistrationContactRequest + (*UpdateRegistrationKeyRequest)(nil), // 44: sa.UpdateRegistrationKeyRequest + (*timestamppb.Timestamp)(nil), // 45: google.protobuf.Timestamp + (*durationpb.Duration)(nil), // 46: google.protobuf.Duration + (*proto.Identifier)(nil), // 47: core.Identifier + (*proto.ProblemDetails)(nil), // 48: core.ProblemDetails + (*proto.Authorization)(nil), // 49: core.Authorization + (*proto.ValidationRecord)(nil), // 50: core.ValidationRecord + (*emptypb.Empty)(nil), // 51: google.protobuf.Empty + (*proto.Registration)(nil), // 52: core.Registration + (*proto.Certificate)(nil), // 53: core.Certificate + (*proto.CertificateStatus)(nil), // 54: core.CertificateStatus + (*proto.Order)(nil), // 55: core.Order + (*proto.CRLEntry)(nil), // 56: core.CRLEntry } var file_sa_proto_depIdxs = []int32{ - 49, // 0: sa.GetValidAuthorizationsRequest.validUntil:type_name -> google.protobuf.Timestamp - 49, // 1: sa.SerialMetadata.created:type_name -> google.protobuf.Timestamp - 49, // 2: sa.SerialMetadata.expires:type_name -> google.protobuf.Timestamp - 49, // 3: sa.Range.earliest:type_name -> google.protobuf.Timestamp - 49, // 4: sa.Range.latest:type_name -> google.protobuf.Timestamp - 49, // 5: sa.Timestamps.timestamps:type_name -> google.protobuf.Timestamp - 6, // 6: sa.CountCertificatesByNamesRequest.range:type_name -> sa.Range - 48, // 7: sa.CountByNames.counts:type_name -> sa.CountByNames.CountsEntry - 49, // 8: sa.CountByNames.earliest:type_name -> google.protobuf.Timestamp - 6, // 9: sa.CountInvalidAuthorizationsRequest.range:type_name -> sa.Range - 6, // 10: sa.CountOrdersRequest.range:type_name -> sa.Range - 50, // 11: sa.CountFQDNSetsRequest.window:type_name -> google.protobuf.Duration - 49, // 12: sa.AddSerialRequest.created:type_name -> google.protobuf.Timestamp - 49, // 13: sa.AddSerialRequest.expires:type_name -> google.protobuf.Timestamp - 49, // 14: sa.AddCertificateRequest.issued:type_name -> google.protobuf.Timestamp - 49, // 15: sa.NewOrderRequest.expires:type_name -> google.protobuf.Timestamp - 51, // 16: sa.NewAuthzRequest.identifier:type_name -> core.Identifier - 49, // 17: sa.NewAuthzRequest.expires:type_name -> google.protobuf.Timestamp - 19, // 18: sa.NewOrderAndAuthzsRequest.newOrder:type_name -> sa.NewOrderRequest - 20, // 19: sa.NewOrderAndAuthzsRequest.newAuthzs:type_name -> sa.NewAuthzRequest - 52, // 20: sa.SetOrderErrorRequest.error:type_name -> core.ProblemDetails - 49, // 21: sa.GetAuthorizationsRequest.validUntil:type_name -> google.protobuf.Timestamp - 53, // 22: sa.Authorizations.authzs:type_name -> core.Authorization - 49, // 23: sa.RevokeCertificateRequest.date:type_name -> google.protobuf.Timestamp - 49, // 24: sa.RevokeCertificateRequest.backdate:type_name -> google.protobuf.Timestamp - 49, // 25: sa.FinalizeAuthorizationRequest.expires:type_name -> google.protobuf.Timestamp - 54, // 26: sa.FinalizeAuthorizationRequest.validationRecords:type_name -> core.ValidationRecord - 52, // 27: sa.FinalizeAuthorizationRequest.validationError:type_name -> core.ProblemDetails - 49, // 28: sa.FinalizeAuthorizationRequest.attemptedAt:type_name -> google.protobuf.Timestamp - 49, // 29: sa.AddBlockedKeyRequest.added:type_name -> google.protobuf.Timestamp - 49, // 30: sa.Incident.renewBy:type_name -> google.protobuf.Timestamp - 34, // 31: sa.Incidents.incidents:type_name -> sa.Incident - 49, // 32: sa.IncidentSerial.lastNoticeSent:type_name -> google.protobuf.Timestamp - 49, // 33: sa.GetRevokedCertsRequest.expiresAfter:type_name -> google.protobuf.Timestamp - 49, // 34: sa.GetRevokedCertsRequest.expiresBefore:type_name -> google.protobuf.Timestamp - 49, // 35: sa.GetRevokedCertsRequest.revokedBefore:type_name -> google.protobuf.Timestamp - 49, // 36: sa.RevocationStatus.revokedDate:type_name -> google.protobuf.Timestamp - 49, // 37: sa.LeaseCRLShardRequest.until:type_name -> google.protobuf.Timestamp - 49, // 38: sa.UpdateCRLShardRequest.thisUpdate:type_name -> google.protobuf.Timestamp - 49, // 39: sa.UpdateCRLShardRequest.nextUpdate:type_name -> google.protobuf.Timestamp - 51, // 40: sa.Identifiers.identifiers:type_name -> core.Identifier - 51, // 41: sa.PauseRequest.identifiers:type_name -> core.Identifier - 9, // 42: sa.StorageAuthorityReadOnly.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest - 11, // 43: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest - 12, // 44: sa.StorageAuthorityReadOnly.CountOrders:input_type -> sa.CountOrdersRequest - 0, // 45: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:input_type -> sa.RegistrationID - 14, // 46: sa.StorageAuthorityReadOnly.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest - 13, // 47: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:input_type -> sa.CountFQDNSetsRequest - 29, // 48: sa.StorageAuthorityReadOnly.GetAuthorization2:input_type -> sa.AuthorizationID2 - 26, // 49: sa.StorageAuthorityReadOnly.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest - 4, // 50: sa.StorageAuthorityReadOnly.GetCertificate:input_type -> sa.Serial - 4, // 51: sa.StorageAuthorityReadOnly.GetLintPrecertificate:input_type -> sa.Serial - 4, // 52: sa.StorageAuthorityReadOnly.GetCertificateStatus:input_type -> sa.Serial - 55, // 53: sa.StorageAuthorityReadOnly.GetMaxExpiration:input_type -> google.protobuf.Empty - 18, // 54: sa.StorageAuthorityReadOnly.GetOrder:input_type -> sa.OrderRequest - 24, // 55: sa.StorageAuthorityReadOnly.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest - 0, // 56: sa.StorageAuthorityReadOnly.GetRegistration:input_type -> sa.RegistrationID - 1, // 57: sa.StorageAuthorityReadOnly.GetRegistrationByKey:input_type -> sa.JSONWebKey - 4, // 58: sa.StorageAuthorityReadOnly.GetRevocationStatus:input_type -> sa.Serial - 38, // 59: sa.StorageAuthorityReadOnly.GetRevokedCerts:input_type -> sa.GetRevokedCertsRequest - 4, // 60: sa.StorageAuthorityReadOnly.GetSerialMetadata:input_type -> sa.Serial - 0, // 61: sa.StorageAuthorityReadOnly.GetSerialsByAccount:input_type -> sa.RegistrationID - 33, // 62: sa.StorageAuthorityReadOnly.GetSerialsByKey:input_type -> sa.SPKIHash - 3, // 63: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest - 23, // 64: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest - 4, // 65: sa.StorageAuthorityReadOnly.IncidentsForSerial:input_type -> sa.Serial - 33, // 66: sa.StorageAuthorityReadOnly.KeyBlocked:input_type -> sa.SPKIHash - 4, // 67: sa.StorageAuthorityReadOnly.ReplacementOrderExists:input_type -> sa.Serial - 36, // 68: sa.StorageAuthorityReadOnly.SerialsForIncident:input_type -> sa.SerialsForIncidentRequest - 44, // 69: sa.StorageAuthorityReadOnly.CheckIdentifiersPaused:input_type -> sa.PauseRequest - 0, // 70: sa.StorageAuthorityReadOnly.GetPausedIdentifiers:input_type -> sa.RegistrationID - 9, // 71: sa.StorageAuthority.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest - 11, // 72: sa.StorageAuthority.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest - 12, // 73: sa.StorageAuthority.CountOrders:input_type -> sa.CountOrdersRequest - 0, // 74: sa.StorageAuthority.CountPendingAuthorizations2:input_type -> sa.RegistrationID - 14, // 75: sa.StorageAuthority.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest - 13, // 76: sa.StorageAuthority.FQDNSetTimestampsForWindow:input_type -> sa.CountFQDNSetsRequest - 29, // 77: sa.StorageAuthority.GetAuthorization2:input_type -> sa.AuthorizationID2 - 26, // 78: sa.StorageAuthority.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest - 4, // 79: sa.StorageAuthority.GetCertificate:input_type -> sa.Serial - 4, // 80: sa.StorageAuthority.GetLintPrecertificate:input_type -> sa.Serial - 4, // 81: sa.StorageAuthority.GetCertificateStatus:input_type -> sa.Serial - 55, // 82: sa.StorageAuthority.GetMaxExpiration:input_type -> google.protobuf.Empty - 18, // 83: sa.StorageAuthority.GetOrder:input_type -> sa.OrderRequest - 24, // 84: sa.StorageAuthority.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest - 0, // 85: sa.StorageAuthority.GetRegistration:input_type -> sa.RegistrationID - 1, // 86: sa.StorageAuthority.GetRegistrationByKey:input_type -> sa.JSONWebKey - 4, // 87: sa.StorageAuthority.GetRevocationStatus:input_type -> sa.Serial - 38, // 88: sa.StorageAuthority.GetRevokedCerts:input_type -> sa.GetRevokedCertsRequest - 4, // 89: sa.StorageAuthority.GetSerialMetadata:input_type -> sa.Serial - 0, // 90: sa.StorageAuthority.GetSerialsByAccount:input_type -> sa.RegistrationID - 33, // 91: sa.StorageAuthority.GetSerialsByKey:input_type -> sa.SPKIHash - 3, // 92: sa.StorageAuthority.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest - 23, // 93: sa.StorageAuthority.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest - 4, // 94: sa.StorageAuthority.IncidentsForSerial:input_type -> sa.Serial - 33, // 95: sa.StorageAuthority.KeyBlocked:input_type -> sa.SPKIHash - 4, // 96: sa.StorageAuthority.ReplacementOrderExists:input_type -> sa.Serial - 36, // 97: sa.StorageAuthority.SerialsForIncident:input_type -> sa.SerialsForIncidentRequest - 44, // 98: sa.StorageAuthority.CheckIdentifiersPaused:input_type -> sa.PauseRequest - 0, // 99: sa.StorageAuthority.GetPausedIdentifiers:input_type -> sa.RegistrationID - 32, // 100: sa.StorageAuthority.AddBlockedKey:input_type -> sa.AddBlockedKeyRequest - 17, // 101: sa.StorageAuthority.AddCertificate:input_type -> sa.AddCertificateRequest - 17, // 102: sa.StorageAuthority.AddPrecertificate:input_type -> sa.AddCertificateRequest - 4, // 103: sa.StorageAuthority.SetCertificateStatusReady:input_type -> sa.Serial - 16, // 104: sa.StorageAuthority.AddSerial:input_type -> sa.AddSerialRequest - 29, // 105: sa.StorageAuthority.DeactivateAuthorization2:input_type -> sa.AuthorizationID2 - 0, // 106: sa.StorageAuthority.DeactivateRegistration:input_type -> sa.RegistrationID - 31, // 107: sa.StorageAuthority.FinalizeAuthorization2:input_type -> sa.FinalizeAuthorizationRequest - 25, // 108: sa.StorageAuthority.FinalizeOrder:input_type -> sa.FinalizeOrderRequest - 21, // 109: sa.StorageAuthority.NewOrderAndAuthzs:input_type -> sa.NewOrderAndAuthzsRequest - 56, // 110: sa.StorageAuthority.NewRegistration:input_type -> core.Registration - 30, // 111: sa.StorageAuthority.RevokeCertificate:input_type -> sa.RevokeCertificateRequest - 22, // 112: sa.StorageAuthority.SetOrderError:input_type -> sa.SetOrderErrorRequest - 18, // 113: sa.StorageAuthority.SetOrderProcessing:input_type -> sa.OrderRequest - 56, // 114: sa.StorageAuthority.UpdateRegistration:input_type -> core.Registration - 46, // 115: sa.StorageAuthority.UpdateRegistrationContact:input_type -> sa.UpdateRegistrationContactRequest - 47, // 116: sa.StorageAuthority.UpdateRegistrationKey:input_type -> sa.UpdateRegistrationKeyRequest - 30, // 117: sa.StorageAuthority.UpdateRevokedCertificate:input_type -> sa.RevokeCertificateRequest - 40, // 118: sa.StorageAuthority.LeaseCRLShard:input_type -> sa.LeaseCRLShardRequest - 42, // 119: sa.StorageAuthority.UpdateCRLShard:input_type -> sa.UpdateCRLShardRequest - 44, // 120: sa.StorageAuthority.PauseIdentifiers:input_type -> sa.PauseRequest - 0, // 121: sa.StorageAuthority.UnpauseAccount:input_type -> sa.RegistrationID - 10, // 122: sa.StorageAuthorityReadOnly.CountCertificatesByNames:output_type -> sa.CountByNames - 7, // 123: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:output_type -> sa.Count - 7, // 124: sa.StorageAuthorityReadOnly.CountOrders:output_type -> sa.Count - 7, // 125: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:output_type -> sa.Count - 15, // 126: sa.StorageAuthorityReadOnly.FQDNSetExists:output_type -> sa.Exists - 8, // 127: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps - 53, // 128: sa.StorageAuthorityReadOnly.GetAuthorization2:output_type -> core.Authorization - 27, // 129: sa.StorageAuthorityReadOnly.GetAuthorizations2:output_type -> sa.Authorizations - 57, // 130: sa.StorageAuthorityReadOnly.GetCertificate:output_type -> core.Certificate - 57, // 131: sa.StorageAuthorityReadOnly.GetLintPrecertificate:output_type -> core.Certificate - 58, // 132: sa.StorageAuthorityReadOnly.GetCertificateStatus:output_type -> core.CertificateStatus - 49, // 133: sa.StorageAuthorityReadOnly.GetMaxExpiration:output_type -> google.protobuf.Timestamp - 59, // 134: sa.StorageAuthorityReadOnly.GetOrder:output_type -> core.Order - 59, // 135: sa.StorageAuthorityReadOnly.GetOrderForNames:output_type -> core.Order - 56, // 136: sa.StorageAuthorityReadOnly.GetRegistration:output_type -> core.Registration - 56, // 137: sa.StorageAuthorityReadOnly.GetRegistrationByKey:output_type -> core.Registration - 39, // 138: sa.StorageAuthorityReadOnly.GetRevocationStatus:output_type -> sa.RevocationStatus - 60, // 139: sa.StorageAuthorityReadOnly.GetRevokedCerts:output_type -> core.CRLEntry - 5, // 140: sa.StorageAuthorityReadOnly.GetSerialMetadata:output_type -> sa.SerialMetadata - 4, // 141: sa.StorageAuthorityReadOnly.GetSerialsByAccount:output_type -> sa.Serial - 4, // 142: sa.StorageAuthorityReadOnly.GetSerialsByKey:output_type -> sa.Serial - 27, // 143: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:output_type -> sa.Authorizations - 27, // 144: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:output_type -> sa.Authorizations - 35, // 145: sa.StorageAuthorityReadOnly.IncidentsForSerial:output_type -> sa.Incidents - 15, // 146: sa.StorageAuthorityReadOnly.KeyBlocked:output_type -> sa.Exists - 15, // 147: sa.StorageAuthorityReadOnly.ReplacementOrderExists:output_type -> sa.Exists - 37, // 148: sa.StorageAuthorityReadOnly.SerialsForIncident:output_type -> sa.IncidentSerial - 43, // 149: sa.StorageAuthorityReadOnly.CheckIdentifiersPaused:output_type -> sa.Identifiers - 43, // 150: sa.StorageAuthorityReadOnly.GetPausedIdentifiers:output_type -> sa.Identifiers - 10, // 151: sa.StorageAuthority.CountCertificatesByNames:output_type -> sa.CountByNames - 7, // 152: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count - 7, // 153: sa.StorageAuthority.CountOrders:output_type -> sa.Count - 7, // 154: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count - 15, // 155: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists - 8, // 156: sa.StorageAuthority.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps - 53, // 157: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization - 27, // 158: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations - 57, // 159: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate - 57, // 160: sa.StorageAuthority.GetLintPrecertificate:output_type -> core.Certificate - 58, // 161: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus - 49, // 162: sa.StorageAuthority.GetMaxExpiration:output_type -> google.protobuf.Timestamp - 59, // 163: sa.StorageAuthority.GetOrder:output_type -> core.Order - 59, // 164: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order - 56, // 165: sa.StorageAuthority.GetRegistration:output_type -> core.Registration - 56, // 166: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration - 39, // 167: sa.StorageAuthority.GetRevocationStatus:output_type -> sa.RevocationStatus - 60, // 168: sa.StorageAuthority.GetRevokedCerts:output_type -> core.CRLEntry - 5, // 169: sa.StorageAuthority.GetSerialMetadata:output_type -> sa.SerialMetadata - 4, // 170: sa.StorageAuthority.GetSerialsByAccount:output_type -> sa.Serial - 4, // 171: sa.StorageAuthority.GetSerialsByKey:output_type -> sa.Serial - 27, // 172: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations - 27, // 173: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations - 35, // 174: sa.StorageAuthority.IncidentsForSerial:output_type -> sa.Incidents - 15, // 175: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists - 15, // 176: sa.StorageAuthority.ReplacementOrderExists:output_type -> sa.Exists - 37, // 177: sa.StorageAuthority.SerialsForIncident:output_type -> sa.IncidentSerial - 43, // 178: sa.StorageAuthority.CheckIdentifiersPaused:output_type -> sa.Identifiers - 43, // 179: sa.StorageAuthority.GetPausedIdentifiers:output_type -> sa.Identifiers - 55, // 180: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty - 55, // 181: sa.StorageAuthority.AddCertificate:output_type -> google.protobuf.Empty - 55, // 182: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty - 55, // 183: sa.StorageAuthority.SetCertificateStatusReady:output_type -> google.protobuf.Empty - 55, // 184: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty - 55, // 185: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty - 55, // 186: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty - 55, // 187: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty - 55, // 188: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty - 59, // 189: sa.StorageAuthority.NewOrderAndAuthzs:output_type -> core.Order - 56, // 190: sa.StorageAuthority.NewRegistration:output_type -> core.Registration - 55, // 191: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty - 55, // 192: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty - 55, // 193: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty - 55, // 194: sa.StorageAuthority.UpdateRegistration:output_type -> google.protobuf.Empty - 56, // 195: sa.StorageAuthority.UpdateRegistrationContact:output_type -> core.Registration - 56, // 196: sa.StorageAuthority.UpdateRegistrationKey:output_type -> core.Registration - 55, // 197: sa.StorageAuthority.UpdateRevokedCertificate:output_type -> google.protobuf.Empty - 41, // 198: sa.StorageAuthority.LeaseCRLShard:output_type -> sa.LeaseCRLShardResponse - 55, // 199: sa.StorageAuthority.UpdateCRLShard:output_type -> google.protobuf.Empty - 45, // 200: sa.StorageAuthority.PauseIdentifiers:output_type -> sa.PauseIdentifiersResponse - 7, // 201: sa.StorageAuthority.UnpauseAccount:output_type -> sa.Count - 122, // [122:202] is the sub-list for method output_type - 42, // [42:122] is the sub-list for method input_type - 42, // [42:42] is the sub-list for extension type_name - 42, // [42:42] is the sub-list for extension extendee - 0, // [0:42] is the sub-list for field type_name + 45, // 0: sa.GetValidAuthorizationsRequest.validUntil:type_name -> google.protobuf.Timestamp + 45, // 1: sa.SerialMetadata.created:type_name -> google.protobuf.Timestamp + 45, // 2: sa.SerialMetadata.expires:type_name -> google.protobuf.Timestamp + 45, // 3: sa.Range.earliest:type_name -> google.protobuf.Timestamp + 45, // 4: sa.Range.latest:type_name -> google.protobuf.Timestamp + 45, // 5: sa.Timestamps.timestamps:type_name -> google.protobuf.Timestamp + 6, // 6: sa.CountInvalidAuthorizationsRequest.range:type_name -> sa.Range + 46, // 7: sa.CountFQDNSetsRequest.window:type_name -> google.protobuf.Duration + 45, // 8: sa.AddSerialRequest.created:type_name -> google.protobuf.Timestamp + 45, // 9: sa.AddSerialRequest.expires:type_name -> google.protobuf.Timestamp + 45, // 10: sa.AddCertificateRequest.issued:type_name -> google.protobuf.Timestamp + 45, // 11: sa.NewOrderRequest.expires:type_name -> google.protobuf.Timestamp + 47, // 12: sa.NewAuthzRequest.identifier:type_name -> core.Identifier + 45, // 13: sa.NewAuthzRequest.expires:type_name -> google.protobuf.Timestamp + 16, // 14: sa.NewOrderAndAuthzsRequest.newOrder:type_name -> sa.NewOrderRequest + 17, // 15: sa.NewOrderAndAuthzsRequest.newAuthzs:type_name -> sa.NewAuthzRequest + 48, // 16: sa.SetOrderErrorRequest.error:type_name -> core.ProblemDetails + 45, // 17: sa.GetAuthorizationsRequest.validUntil:type_name -> google.protobuf.Timestamp + 49, // 18: sa.Authorizations.authzs:type_name -> core.Authorization + 45, // 19: sa.RevokeCertificateRequest.date:type_name -> google.protobuf.Timestamp + 45, // 20: sa.RevokeCertificateRequest.backdate:type_name -> google.protobuf.Timestamp + 45, // 21: sa.FinalizeAuthorizationRequest.expires:type_name -> google.protobuf.Timestamp + 50, // 22: sa.FinalizeAuthorizationRequest.validationRecords:type_name -> core.ValidationRecord + 48, // 23: sa.FinalizeAuthorizationRequest.validationError:type_name -> core.ProblemDetails + 45, // 24: sa.FinalizeAuthorizationRequest.attemptedAt:type_name -> google.protobuf.Timestamp + 45, // 25: sa.AddBlockedKeyRequest.added:type_name -> google.protobuf.Timestamp + 45, // 26: sa.Incident.renewBy:type_name -> google.protobuf.Timestamp + 31, // 27: sa.Incidents.incidents:type_name -> sa.Incident + 45, // 28: sa.IncidentSerial.lastNoticeSent:type_name -> google.protobuf.Timestamp + 45, // 29: sa.GetRevokedCertsRequest.expiresAfter:type_name -> google.protobuf.Timestamp + 45, // 30: sa.GetRevokedCertsRequest.expiresBefore:type_name -> google.protobuf.Timestamp + 45, // 31: sa.GetRevokedCertsRequest.revokedBefore:type_name -> google.protobuf.Timestamp + 45, // 32: sa.RevocationStatus.revokedDate:type_name -> google.protobuf.Timestamp + 45, // 33: sa.LeaseCRLShardRequest.until:type_name -> google.protobuf.Timestamp + 45, // 34: sa.UpdateCRLShardRequest.thisUpdate:type_name -> google.protobuf.Timestamp + 45, // 35: sa.UpdateCRLShardRequest.nextUpdate:type_name -> google.protobuf.Timestamp + 47, // 36: sa.Identifiers.identifiers:type_name -> core.Identifier + 47, // 37: sa.PauseRequest.identifiers:type_name -> core.Identifier + 9, // 38: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest + 0, // 39: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:input_type -> sa.RegistrationID + 11, // 40: sa.StorageAuthorityReadOnly.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest + 10, // 41: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:input_type -> sa.CountFQDNSetsRequest + 26, // 42: sa.StorageAuthorityReadOnly.GetAuthorization2:input_type -> sa.AuthorizationID2 + 23, // 43: sa.StorageAuthorityReadOnly.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest + 4, // 44: sa.StorageAuthorityReadOnly.GetCertificate:input_type -> sa.Serial + 4, // 45: sa.StorageAuthorityReadOnly.GetLintPrecertificate:input_type -> sa.Serial + 4, // 46: sa.StorageAuthorityReadOnly.GetCertificateStatus:input_type -> sa.Serial + 51, // 47: sa.StorageAuthorityReadOnly.GetMaxExpiration:input_type -> google.protobuf.Empty + 15, // 48: sa.StorageAuthorityReadOnly.GetOrder:input_type -> sa.OrderRequest + 21, // 49: sa.StorageAuthorityReadOnly.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest + 0, // 50: sa.StorageAuthorityReadOnly.GetRegistration:input_type -> sa.RegistrationID + 1, // 51: sa.StorageAuthorityReadOnly.GetRegistrationByKey:input_type -> sa.JSONWebKey + 4, // 52: sa.StorageAuthorityReadOnly.GetRevocationStatus:input_type -> sa.Serial + 35, // 53: sa.StorageAuthorityReadOnly.GetRevokedCerts:input_type -> sa.GetRevokedCertsRequest + 4, // 54: sa.StorageAuthorityReadOnly.GetSerialMetadata:input_type -> sa.Serial + 0, // 55: sa.StorageAuthorityReadOnly.GetSerialsByAccount:input_type -> sa.RegistrationID + 30, // 56: sa.StorageAuthorityReadOnly.GetSerialsByKey:input_type -> sa.SPKIHash + 3, // 57: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest + 20, // 58: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest + 4, // 59: sa.StorageAuthorityReadOnly.IncidentsForSerial:input_type -> sa.Serial + 30, // 60: sa.StorageAuthorityReadOnly.KeyBlocked:input_type -> sa.SPKIHash + 4, // 61: sa.StorageAuthorityReadOnly.ReplacementOrderExists:input_type -> sa.Serial + 33, // 62: sa.StorageAuthorityReadOnly.SerialsForIncident:input_type -> sa.SerialsForIncidentRequest + 41, // 63: sa.StorageAuthorityReadOnly.CheckIdentifiersPaused:input_type -> sa.PauseRequest + 0, // 64: sa.StorageAuthorityReadOnly.GetPausedIdentifiers:input_type -> sa.RegistrationID + 9, // 65: sa.StorageAuthority.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest + 0, // 66: sa.StorageAuthority.CountPendingAuthorizations2:input_type -> sa.RegistrationID + 11, // 67: sa.StorageAuthority.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest + 10, // 68: sa.StorageAuthority.FQDNSetTimestampsForWindow:input_type -> sa.CountFQDNSetsRequest + 26, // 69: sa.StorageAuthority.GetAuthorization2:input_type -> sa.AuthorizationID2 + 23, // 70: sa.StorageAuthority.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest + 4, // 71: sa.StorageAuthority.GetCertificate:input_type -> sa.Serial + 4, // 72: sa.StorageAuthority.GetLintPrecertificate:input_type -> sa.Serial + 4, // 73: sa.StorageAuthority.GetCertificateStatus:input_type -> sa.Serial + 51, // 74: sa.StorageAuthority.GetMaxExpiration:input_type -> google.protobuf.Empty + 15, // 75: sa.StorageAuthority.GetOrder:input_type -> sa.OrderRequest + 21, // 76: sa.StorageAuthority.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest + 0, // 77: sa.StorageAuthority.GetRegistration:input_type -> sa.RegistrationID + 1, // 78: sa.StorageAuthority.GetRegistrationByKey:input_type -> sa.JSONWebKey + 4, // 79: sa.StorageAuthority.GetRevocationStatus:input_type -> sa.Serial + 35, // 80: sa.StorageAuthority.GetRevokedCerts:input_type -> sa.GetRevokedCertsRequest + 4, // 81: sa.StorageAuthority.GetSerialMetadata:input_type -> sa.Serial + 0, // 82: sa.StorageAuthority.GetSerialsByAccount:input_type -> sa.RegistrationID + 30, // 83: sa.StorageAuthority.GetSerialsByKey:input_type -> sa.SPKIHash + 3, // 84: sa.StorageAuthority.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest + 20, // 85: sa.StorageAuthority.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest + 4, // 86: sa.StorageAuthority.IncidentsForSerial:input_type -> sa.Serial + 30, // 87: sa.StorageAuthority.KeyBlocked:input_type -> sa.SPKIHash + 4, // 88: sa.StorageAuthority.ReplacementOrderExists:input_type -> sa.Serial + 33, // 89: sa.StorageAuthority.SerialsForIncident:input_type -> sa.SerialsForIncidentRequest + 41, // 90: sa.StorageAuthority.CheckIdentifiersPaused:input_type -> sa.PauseRequest + 0, // 91: sa.StorageAuthority.GetPausedIdentifiers:input_type -> sa.RegistrationID + 29, // 92: sa.StorageAuthority.AddBlockedKey:input_type -> sa.AddBlockedKeyRequest + 14, // 93: sa.StorageAuthority.AddCertificate:input_type -> sa.AddCertificateRequest + 14, // 94: sa.StorageAuthority.AddPrecertificate:input_type -> sa.AddCertificateRequest + 4, // 95: sa.StorageAuthority.SetCertificateStatusReady:input_type -> sa.Serial + 13, // 96: sa.StorageAuthority.AddSerial:input_type -> sa.AddSerialRequest + 26, // 97: sa.StorageAuthority.DeactivateAuthorization2:input_type -> sa.AuthorizationID2 + 0, // 98: sa.StorageAuthority.DeactivateRegistration:input_type -> sa.RegistrationID + 28, // 99: sa.StorageAuthority.FinalizeAuthorization2:input_type -> sa.FinalizeAuthorizationRequest + 22, // 100: sa.StorageAuthority.FinalizeOrder:input_type -> sa.FinalizeOrderRequest + 18, // 101: sa.StorageAuthority.NewOrderAndAuthzs:input_type -> sa.NewOrderAndAuthzsRequest + 52, // 102: sa.StorageAuthority.NewRegistration:input_type -> core.Registration + 27, // 103: sa.StorageAuthority.RevokeCertificate:input_type -> sa.RevokeCertificateRequest + 19, // 104: sa.StorageAuthority.SetOrderError:input_type -> sa.SetOrderErrorRequest + 15, // 105: sa.StorageAuthority.SetOrderProcessing:input_type -> sa.OrderRequest + 52, // 106: sa.StorageAuthority.UpdateRegistration:input_type -> core.Registration + 43, // 107: sa.StorageAuthority.UpdateRegistrationContact:input_type -> sa.UpdateRegistrationContactRequest + 44, // 108: sa.StorageAuthority.UpdateRegistrationKey:input_type -> sa.UpdateRegistrationKeyRequest + 27, // 109: sa.StorageAuthority.UpdateRevokedCertificate:input_type -> sa.RevokeCertificateRequest + 37, // 110: sa.StorageAuthority.LeaseCRLShard:input_type -> sa.LeaseCRLShardRequest + 39, // 111: sa.StorageAuthority.UpdateCRLShard:input_type -> sa.UpdateCRLShardRequest + 41, // 112: sa.StorageAuthority.PauseIdentifiers:input_type -> sa.PauseRequest + 0, // 113: sa.StorageAuthority.UnpauseAccount:input_type -> sa.RegistrationID + 7, // 114: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:output_type -> sa.Count + 7, // 115: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:output_type -> sa.Count + 12, // 116: sa.StorageAuthorityReadOnly.FQDNSetExists:output_type -> sa.Exists + 8, // 117: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps + 49, // 118: sa.StorageAuthorityReadOnly.GetAuthorization2:output_type -> core.Authorization + 24, // 119: sa.StorageAuthorityReadOnly.GetAuthorizations2:output_type -> sa.Authorizations + 53, // 120: sa.StorageAuthorityReadOnly.GetCertificate:output_type -> core.Certificate + 53, // 121: sa.StorageAuthorityReadOnly.GetLintPrecertificate:output_type -> core.Certificate + 54, // 122: sa.StorageAuthorityReadOnly.GetCertificateStatus:output_type -> core.CertificateStatus + 45, // 123: sa.StorageAuthorityReadOnly.GetMaxExpiration:output_type -> google.protobuf.Timestamp + 55, // 124: sa.StorageAuthorityReadOnly.GetOrder:output_type -> core.Order + 55, // 125: sa.StorageAuthorityReadOnly.GetOrderForNames:output_type -> core.Order + 52, // 126: sa.StorageAuthorityReadOnly.GetRegistration:output_type -> core.Registration + 52, // 127: sa.StorageAuthorityReadOnly.GetRegistrationByKey:output_type -> core.Registration + 36, // 128: sa.StorageAuthorityReadOnly.GetRevocationStatus:output_type -> sa.RevocationStatus + 56, // 129: sa.StorageAuthorityReadOnly.GetRevokedCerts:output_type -> core.CRLEntry + 5, // 130: sa.StorageAuthorityReadOnly.GetSerialMetadata:output_type -> sa.SerialMetadata + 4, // 131: sa.StorageAuthorityReadOnly.GetSerialsByAccount:output_type -> sa.Serial + 4, // 132: sa.StorageAuthorityReadOnly.GetSerialsByKey:output_type -> sa.Serial + 24, // 133: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:output_type -> sa.Authorizations + 24, // 134: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:output_type -> sa.Authorizations + 32, // 135: sa.StorageAuthorityReadOnly.IncidentsForSerial:output_type -> sa.Incidents + 12, // 136: sa.StorageAuthorityReadOnly.KeyBlocked:output_type -> sa.Exists + 12, // 137: sa.StorageAuthorityReadOnly.ReplacementOrderExists:output_type -> sa.Exists + 34, // 138: sa.StorageAuthorityReadOnly.SerialsForIncident:output_type -> sa.IncidentSerial + 40, // 139: sa.StorageAuthorityReadOnly.CheckIdentifiersPaused:output_type -> sa.Identifiers + 40, // 140: sa.StorageAuthorityReadOnly.GetPausedIdentifiers:output_type -> sa.Identifiers + 7, // 141: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count + 7, // 142: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count + 12, // 143: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists + 8, // 144: sa.StorageAuthority.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps + 49, // 145: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization + 24, // 146: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations + 53, // 147: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate + 53, // 148: sa.StorageAuthority.GetLintPrecertificate:output_type -> core.Certificate + 54, // 149: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus + 45, // 150: sa.StorageAuthority.GetMaxExpiration:output_type -> google.protobuf.Timestamp + 55, // 151: sa.StorageAuthority.GetOrder:output_type -> core.Order + 55, // 152: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order + 52, // 153: sa.StorageAuthority.GetRegistration:output_type -> core.Registration + 52, // 154: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration + 36, // 155: sa.StorageAuthority.GetRevocationStatus:output_type -> sa.RevocationStatus + 56, // 156: sa.StorageAuthority.GetRevokedCerts:output_type -> core.CRLEntry + 5, // 157: sa.StorageAuthority.GetSerialMetadata:output_type -> sa.SerialMetadata + 4, // 158: sa.StorageAuthority.GetSerialsByAccount:output_type -> sa.Serial + 4, // 159: sa.StorageAuthority.GetSerialsByKey:output_type -> sa.Serial + 24, // 160: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations + 24, // 161: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations + 32, // 162: sa.StorageAuthority.IncidentsForSerial:output_type -> sa.Incidents + 12, // 163: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists + 12, // 164: sa.StorageAuthority.ReplacementOrderExists:output_type -> sa.Exists + 34, // 165: sa.StorageAuthority.SerialsForIncident:output_type -> sa.IncidentSerial + 40, // 166: sa.StorageAuthority.CheckIdentifiersPaused:output_type -> sa.Identifiers + 40, // 167: sa.StorageAuthority.GetPausedIdentifiers:output_type -> sa.Identifiers + 51, // 168: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty + 51, // 169: sa.StorageAuthority.AddCertificate:output_type -> google.protobuf.Empty + 51, // 170: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty + 51, // 171: sa.StorageAuthority.SetCertificateStatusReady:output_type -> google.protobuf.Empty + 51, // 172: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty + 51, // 173: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty + 51, // 174: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty + 51, // 175: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty + 51, // 176: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty + 55, // 177: sa.StorageAuthority.NewOrderAndAuthzs:output_type -> core.Order + 52, // 178: sa.StorageAuthority.NewRegistration:output_type -> core.Registration + 51, // 179: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty + 51, // 180: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty + 51, // 181: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty + 51, // 182: sa.StorageAuthority.UpdateRegistration:output_type -> google.protobuf.Empty + 52, // 183: sa.StorageAuthority.UpdateRegistrationContact:output_type -> core.Registration + 52, // 184: sa.StorageAuthority.UpdateRegistrationKey:output_type -> core.Registration + 51, // 185: sa.StorageAuthority.UpdateRevokedCertificate:output_type -> google.protobuf.Empty + 38, // 186: sa.StorageAuthority.LeaseCRLShard:output_type -> sa.LeaseCRLShardResponse + 51, // 187: sa.StorageAuthority.UpdateCRLShard:output_type -> google.protobuf.Empty + 42, // 188: sa.StorageAuthority.PauseIdentifiers:output_type -> sa.PauseIdentifiersResponse + 7, // 189: sa.StorageAuthority.UnpauseAccount:output_type -> sa.Count + 114, // [114:190] is the sub-list for method output_type + 38, // [38:114] is the sub-list for method input_type + 38, // [38:38] is the sub-list for extension type_name + 38, // [38:38] is the sub-list for extension extendee + 0, // [0:38] is the sub-list for field type_name } func init() { file_sa_proto_init() } @@ -4037,30 +3816,6 @@ func file_sa_proto_init() { } } file_sa_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CountCertificatesByNamesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_sa_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CountByNames); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_sa_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CountInvalidAuthorizationsRequest); i { case 0: return &v.state @@ -4072,19 +3827,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CountOrdersRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_sa_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CountFQDNSetsRequest); i { case 0: return &v.state @@ -4096,7 +3839,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*FQDNSetExistsRequest); i { case 0: return &v.state @@ -4108,7 +3851,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Exists); i { case 0: return &v.state @@ -4120,7 +3863,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AddSerialRequest); i { case 0: return &v.state @@ -4132,7 +3875,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AddCertificateRequest); i { case 0: return &v.state @@ -4144,7 +3887,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*OrderRequest); i { case 0: return &v.state @@ -4156,7 +3899,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*NewOrderRequest); i { case 0: return &v.state @@ -4168,7 +3911,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*NewAuthzRequest); i { case 0: return &v.state @@ -4180,7 +3923,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*NewOrderAndAuthzsRequest); i { case 0: return &v.state @@ -4192,7 +3935,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SetOrderErrorRequest); i { case 0: return &v.state @@ -4204,7 +3947,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetValidOrderAuthorizationsRequest); i { case 0: return &v.state @@ -4216,7 +3959,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetOrderForNamesRequest); i { case 0: return &v.state @@ -4228,7 +3971,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*FinalizeOrderRequest); i { case 0: return &v.state @@ -4240,7 +3983,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetAuthorizationsRequest); i { case 0: return &v.state @@ -4252,7 +3995,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Authorizations); i { case 0: return &v.state @@ -4264,7 +4007,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AuthorizationIDs); i { case 0: return &v.state @@ -4276,7 +4019,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AuthorizationID2); i { case 0: return &v.state @@ -4288,7 +4031,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*RevokeCertificateRequest); i { case 0: return &v.state @@ -4300,7 +4043,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*FinalizeAuthorizationRequest); i { case 0: return &v.state @@ -4312,7 +4055,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AddBlockedKeyRequest); i { case 0: return &v.state @@ -4324,7 +4067,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SPKIHash); i { case 0: return &v.state @@ -4336,7 +4079,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Incident); i { case 0: return &v.state @@ -4348,7 +4091,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Incidents); i { case 0: return &v.state @@ -4360,7 +4103,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SerialsForIncidentRequest); i { case 0: return &v.state @@ -4372,7 +4115,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*IncidentSerial); i { case 0: return &v.state @@ -4384,7 +4127,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetRevokedCertsRequest); i { case 0: return &v.state @@ -4396,7 +4139,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*RevocationStatus); i { case 0: return &v.state @@ -4408,7 +4151,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*LeaseCRLShardRequest); i { case 0: return &v.state @@ -4420,7 +4163,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*LeaseCRLShardResponse); i { case 0: return &v.state @@ -4432,7 +4175,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UpdateCRLShardRequest); i { case 0: return &v.state @@ -4444,7 +4187,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[43].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Identifiers); i { case 0: return &v.state @@ -4456,7 +4199,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[44].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*PauseRequest); i { case 0: return &v.state @@ -4468,7 +4211,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[45].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*PauseIdentifiersResponse); i { case 0: return &v.state @@ -4480,7 +4223,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[43].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UpdateRegistrationContactRequest); i { case 0: return &v.state @@ -4492,7 +4235,7 @@ func file_sa_proto_init() { return nil } } - file_sa_proto_msgTypes[47].Exporter = func(v interface{}, i int) interface{} { + file_sa_proto_msgTypes[44].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UpdateRegistrationKeyRequest); i { case 0: return &v.state @@ -4511,7 +4254,7 @@ func file_sa_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_sa_proto_rawDesc, NumEnums: 0, - NumMessages: 49, + NumMessages: 45, NumExtensions: 0, NumServices: 2, }, diff --git a/sa/proto/sa.proto b/sa/proto/sa.proto index a44c97b657e..8bfb0ffec90 100644 --- a/sa/proto/sa.proto +++ b/sa/proto/sa.proto @@ -10,9 +10,7 @@ import "google/protobuf/duration.proto"; // StorageAuthorityReadOnly exposes only those SA methods which are read-only. service StorageAuthorityReadOnly { - rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {} rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {} - rpc CountOrders(CountOrdersRequest) returns (Count) {} rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {} rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {} rpc FQDNSetTimestampsForWindow(CountFQDNSetsRequest) returns (Timestamps) {} @@ -44,9 +42,7 @@ service StorageAuthorityReadOnly { // StorageAuthority provides full read/write access to the database. service StorageAuthority { // Getters: this list must be identical to the StorageAuthorityReadOnly rpcs. - rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {} rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {} - rpc CountOrders(CountOrdersRequest) returns (Count) {} rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {} rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {} rpc FQDNSetTimestampsForWindow(CountFQDNSetsRequest) returns (Timestamps) {} @@ -150,16 +146,6 @@ message Timestamps { repeated google.protobuf.Timestamp timestamps = 2; } -message CountCertificatesByNamesRequest { - Range range = 1; - repeated string dnsNames = 2; -} - -message CountByNames { - map counts = 1; - google.protobuf.Timestamp earliest = 2; // Unix timestamp (nanoseconds) -} - message CountInvalidAuthorizationsRequest { int64 registrationID = 1; string dnsName = 2; @@ -167,11 +153,6 @@ message CountInvalidAuthorizationsRequest { Range range = 3; } -message CountOrdersRequest { - int64 accountID = 1; - Range range = 2; -} - message CountFQDNSetsRequest { // Next unused field number: 4 reserved 1; // Previously windowNS diff --git a/sa/proto/sa_grpc.pb.go b/sa/proto/sa_grpc.pb.go index 0094aa2d791..e6f62b64c6d 100644 --- a/sa/proto/sa_grpc.pb.go +++ b/sa/proto/sa_grpc.pb.go @@ -22,9 +22,7 @@ import ( const _ = grpc.SupportPackageIsVersion9 const ( - StorageAuthorityReadOnly_CountCertificatesByNames_FullMethodName = "/sa.StorageAuthorityReadOnly/CountCertificatesByNames" StorageAuthorityReadOnly_CountInvalidAuthorizations2_FullMethodName = "/sa.StorageAuthorityReadOnly/CountInvalidAuthorizations2" - StorageAuthorityReadOnly_CountOrders_FullMethodName = "/sa.StorageAuthorityReadOnly/CountOrders" StorageAuthorityReadOnly_CountPendingAuthorizations2_FullMethodName = "/sa.StorageAuthorityReadOnly/CountPendingAuthorizations2" StorageAuthorityReadOnly_FQDNSetExists_FullMethodName = "/sa.StorageAuthorityReadOnly/FQDNSetExists" StorageAuthorityReadOnly_FQDNSetTimestampsForWindow_FullMethodName = "/sa.StorageAuthorityReadOnly/FQDNSetTimestampsForWindow" @@ -57,9 +55,7 @@ const ( // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type StorageAuthorityReadOnlyClient interface { - CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error) CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) - CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error) FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error) @@ -96,16 +92,6 @@ func NewStorageAuthorityReadOnlyClient(cc grpc.ClientConnInterface) StorageAutho return &storageAuthorityReadOnlyClient{cc} } -func (c *storageAuthorityReadOnlyClient) CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - out := new(CountByNames) - err := c.cc.Invoke(ctx, StorageAuthorityReadOnly_CountCertificatesByNames_FullMethodName, in, out, cOpts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *storageAuthorityReadOnlyClient) CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(Count) @@ -116,16 +102,6 @@ func (c *storageAuthorityReadOnlyClient) CountInvalidAuthorizations2(ctx context return out, nil } -func (c *storageAuthorityReadOnlyClient) CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - out := new(Count) - err := c.cc.Invoke(ctx, StorageAuthorityReadOnly_CountOrders_FullMethodName, in, out, cOpts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *storageAuthorityReadOnlyClient) CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(Count) @@ -426,9 +402,7 @@ func (c *storageAuthorityReadOnlyClient) GetPausedIdentifiers(ctx context.Contex // All implementations must embed UnimplementedStorageAuthorityReadOnlyServer // for forward compatibility type StorageAuthorityReadOnlyServer interface { - CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error) CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error) - CountOrders(context.Context, *CountOrdersRequest) (*Count, error) CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error) FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error) FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error) @@ -462,15 +436,9 @@ type StorageAuthorityReadOnlyServer interface { type UnimplementedStorageAuthorityReadOnlyServer struct { } -func (UnimplementedStorageAuthorityReadOnlyServer) CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error) { - return nil, status.Errorf(codes.Unimplemented, "method CountCertificatesByNames not implemented") -} func (UnimplementedStorageAuthorityReadOnlyServer) CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error) { return nil, status.Errorf(codes.Unimplemented, "method CountInvalidAuthorizations2 not implemented") } -func (UnimplementedStorageAuthorityReadOnlyServer) CountOrders(context.Context, *CountOrdersRequest) (*Count, error) { - return nil, status.Errorf(codes.Unimplemented, "method CountOrders not implemented") -} func (UnimplementedStorageAuthorityReadOnlyServer) CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error) { return nil, status.Errorf(codes.Unimplemented, "method CountPendingAuthorizations2 not implemented") } @@ -563,24 +531,6 @@ func RegisterStorageAuthorityReadOnlyServer(s grpc.ServiceRegistrar, srv Storage s.RegisterService(&StorageAuthorityReadOnly_ServiceDesc, srv) } -func _StorageAuthorityReadOnly_CountCertificatesByNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CountCertificatesByNamesRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(StorageAuthorityReadOnlyServer).CountCertificatesByNames(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: StorageAuthorityReadOnly_CountCertificatesByNames_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(StorageAuthorityReadOnlyServer).CountCertificatesByNames(ctx, req.(*CountCertificatesByNamesRequest)) - } - return interceptor(ctx, in, info, handler) -} - func _StorageAuthorityReadOnly_CountInvalidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(CountInvalidAuthorizationsRequest) if err := dec(in); err != nil { @@ -599,24 +549,6 @@ func _StorageAuthorityReadOnly_CountInvalidAuthorizations2_Handler(srv interface return interceptor(ctx, in, info, handler) } -func _StorageAuthorityReadOnly_CountOrders_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CountOrdersRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(StorageAuthorityReadOnlyServer).CountOrders(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: StorageAuthorityReadOnly_CountOrders_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(StorageAuthorityReadOnlyServer).CountOrders(ctx, req.(*CountOrdersRequest)) - } - return interceptor(ctx, in, info, handler) -} - func _StorageAuthorityReadOnly_CountPendingAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RegistrationID) if err := dec(in); err != nil { @@ -1064,18 +996,10 @@ var StorageAuthorityReadOnly_ServiceDesc = grpc.ServiceDesc{ ServiceName: "sa.StorageAuthorityReadOnly", HandlerType: (*StorageAuthorityReadOnlyServer)(nil), Methods: []grpc.MethodDesc{ - { - MethodName: "CountCertificatesByNames", - Handler: _StorageAuthorityReadOnly_CountCertificatesByNames_Handler, - }, { MethodName: "CountInvalidAuthorizations2", Handler: _StorageAuthorityReadOnly_CountInvalidAuthorizations2_Handler, }, - { - MethodName: "CountOrders", - Handler: _StorageAuthorityReadOnly_CountOrders_Handler, - }, { MethodName: "CountPendingAuthorizations2", Handler: _StorageAuthorityReadOnly_CountPendingAuthorizations2_Handler, @@ -1191,9 +1115,7 @@ var StorageAuthorityReadOnly_ServiceDesc = grpc.ServiceDesc{ } const ( - StorageAuthority_CountCertificatesByNames_FullMethodName = "/sa.StorageAuthority/CountCertificatesByNames" StorageAuthority_CountInvalidAuthorizations2_FullMethodName = "/sa.StorageAuthority/CountInvalidAuthorizations2" - StorageAuthority_CountOrders_FullMethodName = "/sa.StorageAuthority/CountOrders" StorageAuthority_CountPendingAuthorizations2_FullMethodName = "/sa.StorageAuthority/CountPendingAuthorizations2" StorageAuthority_FQDNSetExists_FullMethodName = "/sa.StorageAuthority/FQDNSetExists" StorageAuthority_FQDNSetTimestampsForWindow_FullMethodName = "/sa.StorageAuthority/FQDNSetTimestampsForWindow" @@ -1249,9 +1171,7 @@ const ( // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type StorageAuthorityClient interface { // Getters: this list must be identical to the StorageAuthorityReadOnly rpcs. - CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error) CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) - CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error) FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error) @@ -1311,16 +1231,6 @@ func NewStorageAuthorityClient(cc grpc.ClientConnInterface) StorageAuthorityClie return &storageAuthorityClient{cc} } -func (c *storageAuthorityClient) CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - out := new(CountByNames) - err := c.cc.Invoke(ctx, StorageAuthority_CountCertificatesByNames_FullMethodName, in, out, cOpts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *storageAuthorityClient) CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(Count) @@ -1331,16 +1241,6 @@ func (c *storageAuthorityClient) CountInvalidAuthorizations2(ctx context.Context return out, nil } -func (c *storageAuthorityClient) CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - out := new(Count) - err := c.cc.Invoke(ctx, StorageAuthority_CountOrders_FullMethodName, in, out, cOpts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *storageAuthorityClient) CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(Count) @@ -1862,9 +1762,7 @@ func (c *storageAuthorityClient) UnpauseAccount(ctx context.Context, in *Registr // for forward compatibility type StorageAuthorityServer interface { // Getters: this list must be identical to the StorageAuthorityReadOnly rpcs. - CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error) CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error) - CountOrders(context.Context, *CountOrdersRequest) (*Count, error) CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error) FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error) FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error) @@ -1921,15 +1819,9 @@ type StorageAuthorityServer interface { type UnimplementedStorageAuthorityServer struct { } -func (UnimplementedStorageAuthorityServer) CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error) { - return nil, status.Errorf(codes.Unimplemented, "method CountCertificatesByNames not implemented") -} func (UnimplementedStorageAuthorityServer) CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error) { return nil, status.Errorf(codes.Unimplemented, "method CountInvalidAuthorizations2 not implemented") } -func (UnimplementedStorageAuthorityServer) CountOrders(context.Context, *CountOrdersRequest) (*Count, error) { - return nil, status.Errorf(codes.Unimplemented, "method CountOrders not implemented") -} func (UnimplementedStorageAuthorityServer) CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error) { return nil, status.Errorf(codes.Unimplemented, "method CountPendingAuthorizations2 not implemented") } @@ -2087,24 +1979,6 @@ func RegisterStorageAuthorityServer(s grpc.ServiceRegistrar, srv StorageAuthorit s.RegisterService(&StorageAuthority_ServiceDesc, srv) } -func _StorageAuthority_CountCertificatesByNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CountCertificatesByNamesRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(StorageAuthorityServer).CountCertificatesByNames(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: StorageAuthority_CountCertificatesByNames_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(StorageAuthorityServer).CountCertificatesByNames(ctx, req.(*CountCertificatesByNamesRequest)) - } - return interceptor(ctx, in, info, handler) -} - func _StorageAuthority_CountInvalidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(CountInvalidAuthorizationsRequest) if err := dec(in); err != nil { @@ -2123,24 +1997,6 @@ func _StorageAuthority_CountInvalidAuthorizations2_Handler(srv interface{}, ctx return interceptor(ctx, in, info, handler) } -func _StorageAuthority_CountOrders_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CountOrdersRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(StorageAuthorityServer).CountOrders(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: StorageAuthority_CountOrders_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(StorageAuthorityServer).CountOrders(ctx, req.(*CountOrdersRequest)) - } - return interceptor(ctx, in, info, handler) -} - func _StorageAuthority_CountPendingAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RegistrationID) if err := dec(in); err != nil { @@ -2984,18 +2840,10 @@ var StorageAuthority_ServiceDesc = grpc.ServiceDesc{ ServiceName: "sa.StorageAuthority", HandlerType: (*StorageAuthorityServer)(nil), Methods: []grpc.MethodDesc{ - { - MethodName: "CountCertificatesByNames", - Handler: _StorageAuthority_CountCertificatesByNames_Handler, - }, { MethodName: "CountInvalidAuthorizations2", Handler: _StorageAuthority_CountInvalidAuthorizations2_Handler, }, - { - MethodName: "CountOrders", - Handler: _StorageAuthority_CountOrders_Handler, - }, { MethodName: "CountPendingAuthorizations2", Handler: _StorageAuthority_CountPendingAuthorizations2_Handler, diff --git a/sa/rate_limits.go b/sa/rate_limits.go deleted file mode 100644 index 7fb3fa9b5fa..00000000000 --- a/sa/rate_limits.go +++ /dev/null @@ -1,146 +0,0 @@ -package sa - -import ( - "context" - "strings" - "time" - - "github.com/letsencrypt/boulder/db" - sapb "github.com/letsencrypt/boulder/sa/proto" - "github.com/weppos/publicsuffix-go/publicsuffix" -) - -// baseDomain returns the eTLD+1 of a domain name for the purpose of rate -// limiting. For a domain name that is itself an eTLD, it returns its input. -func baseDomain(name string) string { - eTLDPlusOne, err := publicsuffix.Domain(name) - if err != nil { - // publicsuffix.Domain will return an error if the input name is itself a - // public suffix. In that case we use the input name as the key for rate - // limiting. Since all of its subdomains will have separate keys for rate - // limiting (e.g. "foo.bar.publicsuffix.com" will have - // "bar.publicsuffix.com", this means that domains exactly equal to a - // public suffix get their own rate limit bucket. This is important - // because otherwise they might be perpetually unable to issue, assuming - // the rate of issuance from their subdomains was high enough. - return name - } - return eTLDPlusOne -} - -// addCertificatesPerName adds 1 to the rate limit count for the provided -// domains, in a specific time bucket. It must be executed in a transaction, and -// the input timeToTheHour must be a time rounded to an hour. -func (ssa *SQLStorageAuthority) addCertificatesPerName(ctx context.Context, db db.SelectExecer, names []string, timeToTheHour time.Time) error { - // De-duplicate the base domains. - baseDomainsMap := make(map[string]bool) - var qmarks []string - var values []interface{} - for _, name := range names { - base := baseDomain(name) - if !baseDomainsMap[base] { - baseDomainsMap[base] = true - values = append(values, base, timeToTheHour, 1) - qmarks = append(qmarks, "(?, ?, ?)") - } - } - - _, err := db.ExecContext(ctx, `INSERT INTO certificatesPerName (eTLDPlusOne, time, count) VALUES `+ - strings.Join(qmarks, ", ")+` ON DUPLICATE KEY UPDATE count=count+1;`, - values...) - if err != nil { - return err - } - - return nil -} - -// countCertificates returns the count of certificates issued for a domain's -// eTLD+1 (aka base domain), during a given time range. -func (ssa *SQLStorageAuthorityRO) countCertificates(ctx context.Context, dbMap db.Selector, domain string, timeRange *sapb.Range) (int64, time.Time, error) { - latest := timeRange.Latest.AsTime() - var results []struct { - Count int64 - Time time.Time - } - _, err := dbMap.Select( - ctx, - &results, - `SELECT count, time FROM certificatesPerName - WHERE eTLDPlusOne = :baseDomain AND - time > :earliest AND - time <= :latest`, - map[string]interface{}{ - "baseDomain": baseDomain(domain), - "earliest": timeRange.Earliest.AsTime(), - "latest": latest, - }) - if err != nil { - if db.IsNoRows(err) { - return 0, time.Time{}, nil - } - return 0, time.Time{}, err - } - // Set earliest to the latest possible time, so that we can find the - // earliest certificate in the results. - var earliest = latest - var total int64 - for _, r := range results { - total += r.Count - if r.Time.Before(earliest) { - earliest = r.Time - } - } - if total <= 0 && earliest == latest { - // If we didn't find any certificates, return a zero time. - return total, time.Time{}, nil - } - return total, earliest, nil -} - -// addNewOrdersRateLimit adds 1 to the rate limit count for the provided ID, in -// a specific time bucket. It must be executed in a transaction, and the input -// timeToTheMinute must be a time rounded to a minute. -func addNewOrdersRateLimit(ctx context.Context, dbMap db.SelectExecer, regID int64, timeToTheMinute time.Time) error { - _, err := dbMap.ExecContext(ctx, `INSERT INTO newOrdersRL - (regID, time, count) - VALUES (?, ?, 1) - ON DUPLICATE KEY UPDATE count=count+1;`, - regID, - timeToTheMinute, - ) - if err != nil { - return err - } - return nil -} - -// countNewOrders returns the count of orders created in the given time range -// for the given registration ID. -func countNewOrders(ctx context.Context, dbMap db.Selector, req *sapb.CountOrdersRequest) (*sapb.Count, error) { - var counts []int64 - _, err := dbMap.Select( - ctx, - &counts, - `SELECT count FROM newOrdersRL - WHERE regID = :regID AND - time > :earliest AND - time <= :latest`, - map[string]interface{}{ - "regID": req.AccountID, - "earliest": req.Range.Earliest.AsTime(), - "latest": req.Range.Latest.AsTime(), - }, - ) - if err != nil { - if db.IsNoRows(err) { - return &sapb.Count{Count: 0}, nil - } - return nil, err - } - var total int64 - for _, count := range counts { - total += count - } - return &sapb.Count{Count: total}, nil -} diff --git a/sa/rate_limits_test.go b/sa/rate_limits_test.go deleted file mode 100644 index 1fed4f3f4da..00000000000 --- a/sa/rate_limits_test.go +++ /dev/null @@ -1,141 +0,0 @@ -package sa - -import ( - "context" - "fmt" - "testing" - "time" - - "google.golang.org/protobuf/types/known/timestamppb" - - sapb "github.com/letsencrypt/boulder/sa/proto" - "github.com/letsencrypt/boulder/test" -) - -func TestCertsPerNameRateLimitTable(t *testing.T) { - ctx := context.Background() - - sa, _, cleanUp := initSA(t) - defer cleanUp() - - aprilFirst, err := time.Parse(time.RFC3339, "2019-04-01T00:00:00Z") - if err != nil { - t.Fatal(err) - } - - type inputCase struct { - time time.Time - names []string - } - inputs := []inputCase{ - {aprilFirst, []string{"example.com"}}, - {aprilFirst, []string{"example.com", "www.example.com"}}, - {aprilFirst, []string{"example.com", "other.example.com"}}, - {aprilFirst, []string{"dyndns.org"}}, - {aprilFirst, []string{"mydomain.dyndns.org"}}, - {aprilFirst, []string{"mydomain.dyndns.org"}}, - {aprilFirst, []string{"otherdomain.dyndns.org"}}, - } - - // For each hour in a week, add an entry for a certificate that has - // progressively more names. - var manyNames []string - for i := range 7 * 24 { - manyNames = append(manyNames, fmt.Sprintf("%d.manynames.example.net", i)) - inputs = append(inputs, inputCase{aprilFirst.Add(time.Duration(i) * time.Hour), manyNames}) - } - - for _, input := range inputs { - tx, err := sa.dbMap.BeginTx(ctx) - if err != nil { - t.Fatal(err) - } - err = sa.addCertificatesPerName(ctx, tx, input.names, input.time) - if err != nil { - t.Fatal(err) - } - err = tx.Commit() - if err != nil { - t.Fatal(err) - } - } - - const aWeek = time.Duration(7*24) * time.Hour - - testCases := []struct { - caseName string - domainName string - expected int64 - }{ - {"name doesn't exist", "non.example.org", 0}, - {"base name gets dinged for all certs including it", "example.com", 3}, - {"subdomain gets dinged for neighbors", "www.example.com", 3}, - {"other subdomain", "other.example.com", 3}, - {"many subdomains", "1.manynames.example.net", 168}, - {"public suffix gets its own bucket", "dyndns.org", 1}, - {"subdomain of public suffix gets its own bucket", "mydomain.dyndns.org", 2}, - {"subdomain of public suffix gets its own bucket 2", "otherdomain.dyndns.org", 1}, - } - - for _, tc := range testCases { - t.Run(tc.caseName, func(t *testing.T) { - timeRange := &sapb.Range{ - Earliest: timestamppb.New(aprilFirst.Add(-1 * time.Second)), - Latest: timestamppb.New(aprilFirst.Add(aWeek)), - } - count, earliest, err := sa.countCertificatesByName(ctx, sa.dbMap, tc.domainName, timeRange) - if err != nil { - t.Fatal(err) - } - if count != tc.expected { - t.Errorf("Expected count of %d for %q, got %d", tc.expected, tc.domainName, count) - } - if earliest.IsZero() { - // The count should always be zero if earliest is nil. - test.AssertEquals(t, count, int64(0)) - } else { - test.AssertEquals(t, earliest, aprilFirst) - } - }) - } -} - -func TestNewOrdersRateLimitTable(t *testing.T) { - sa, _, cleanUp := initSA(t) - defer cleanUp() - - manyCountRegID := int64(2) - start := time.Now().Truncate(time.Minute) - req := &sapb.CountOrdersRequest{ - AccountID: 1, - Range: &sapb.Range{ - Earliest: timestamppb.New(start), - Latest: timestamppb.New(start.Add(time.Minute * 10)), - }, - } - - for i := 0; i <= 10; i++ { - tx, err := sa.dbMap.BeginTx(ctx) - test.AssertNotError(t, err, "failed to open tx") - for j := 0; j < i+1; j++ { - err = addNewOrdersRateLimit(ctx, tx, manyCountRegID, start.Add(time.Minute*time.Duration(i))) - } - test.AssertNotError(t, err, "addNewOrdersRateLimit failed") - test.AssertNotError(t, tx.Commit(), "failed to commit tx") - } - - count, err := countNewOrders(ctx, sa.dbMap, req) - test.AssertNotError(t, err, "countNewOrders failed") - test.AssertEquals(t, count.Count, int64(0)) - - req.AccountID = manyCountRegID - count, err = countNewOrders(ctx, sa.dbMap, req) - test.AssertNotError(t, err, "countNewOrders failed") - test.AssertEquals(t, count.Count, int64(65)) - - req.Range.Earliest = timestamppb.New(start.Add(time.Minute * 5)) - req.Range.Latest = timestamppb.New(start.Add(time.Minute * 10)) - count, err = countNewOrders(ctx, sa.dbMap, req) - test.AssertNotError(t, err, "countNewOrders failed") - test.AssertEquals(t, count.Count, int64(45)) -} diff --git a/sa/sa.go b/sa/sa.go index c7be24ae5ef..e3e83ed14c6 100644 --- a/sa/sa.go +++ b/sa/sa.go @@ -444,7 +444,7 @@ func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.Ad Expires: parsedCertificate.NotAfter, } - isRenewalRaw, overallError := db.WithTransaction(ctx, ssa.dbMap, func(tx db.Executor) (interface{}, error) { + _, overallError := db.WithTransaction(ctx, ssa.dbMap, func(tx db.Executor) (interface{}, error) { // Select to see if cert exists var row struct { Count int64 @@ -463,54 +463,19 @@ func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.Ad return nil, err } - // NOTE(@cpu): When we collect up names to check if an FQDN set exists (e.g. - // that it is a renewal) we use just the DNSNames from the certificate and - // ignore the Subject Common Name (if any). This is a safe assumption because - // if a certificate we issued were to have a Subj. CN not present as a SAN it - // would be a misissuance and miscalculating whether the cert is a renewal or - // not for the purpose of rate limiting is the least of our troubles. - isRenewal, err := ssa.checkFQDNSetExists( - ctx, - tx.SelectOne, - parsedCertificate.DNSNames) - if err != nil { - return nil, err - } - - return isRenewal, err + return nil, err }) if overallError != nil { return nil, overallError } - // Recast the interface{} return from db.WithTransaction as a bool, returning - // an error if we can't. - var isRenewal bool - if boolVal, ok := isRenewalRaw.(bool); !ok { - return nil, fmt.Errorf( - "AddCertificate db.WithTransaction returned %T out var, expected bool", - isRenewalRaw) - } else { - isRenewal = boolVal - } - - // In a separate transaction perform the work required to update tables used - // for rate limits. Since the effects of failing these writes is slight - // miscalculation of rate limits we choose to not fail the AddCertificate - // operation if the rate limit update transaction fails. - _, rlTransactionErr := db.WithTransaction(ctx, ssa.dbMap, func(tx db.Executor) (interface{}, error) { - // Add to the rate limit table, but only for new certificates. Renewals - // don't count against the certificatesPerName limit. - if !isRenewal && !features.Get().DisableLegacyLimitWrites { - timeToTheHour := parsedCertificate.NotBefore.Round(time.Hour) - err := ssa.addCertificatesPerName(ctx, tx, parsedCertificate.DNSNames, timeToTheHour) - if err != nil { - return nil, err - } - } - - // Update the FQDN sets now that there is a final certificate to ensure rate - // limits are calculated correctly. + // In a separate transaction, perform the work required to update the table + // used for order reuse. Since the effect of failing the write is just a + // missed opportunity to reuse an order, we choose to not fail the + // AddCertificate operation if this update transaction fails. + _, fqdnTransactionErr := db.WithTransaction(ctx, ssa.dbMap, func(tx db.Executor) (interface{}, error) { + // Update the FQDN sets now that there is a final certificate to ensure + // reuse is determined correctly. err = addFQDNSet( ctx, tx, @@ -525,11 +490,11 @@ func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.Ad return nil, nil }) - // If the ratelimit transaction failed increment a stat and log a warning + // If the FQDN sets transaction failed, increment a stat and log a warning // but don't return an error from AddCertificate. - if rlTransactionErr != nil { + if fqdnTransactionErr != nil { ssa.rateLimitWriteErrors.Inc() - ssa.log.AuditErrf("failed AddCertificate ratelimit update transaction: %v", rlTransactionErr) + ssa.log.AuditErrf("failed AddCertificate FQDN sets insert transaction: %v", fqdnTransactionErr) } return &emptypb.Empty{}, nil @@ -749,14 +714,6 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb return nil, fmt.Errorf("casting error in NewOrderAndAuthzs") } - if !features.Get().DisableLegacyLimitWrites { - // Increment the order creation count - err = addNewOrdersRateLimit(ctx, ssa.dbMap, req.NewOrder.RegistrationID, ssa.clk.Now().Truncate(time.Minute)) - if err != nil { - return nil, err - } - } - return order, nil } diff --git a/sa/sa_test.go b/sa/sa_test.go index e358082ac68..2f3addc62c9 100644 --- a/sa/sa_test.go +++ b/sa/sa_test.go @@ -6,7 +6,6 @@ import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" - "crypto/rsa" "crypto/sha256" "crypto/x509" "database/sql" @@ -23,7 +22,6 @@ import ( "reflect" "slices" "strings" - "sync" "testing" "time" @@ -605,138 +603,6 @@ func TestAddCertificateDuplicate(t *testing.T) { } -func TestCountCertificatesByNamesTimeRange(t *testing.T) { - sa, clk, cleanUp := initSA(t) - defer cleanUp() - - reg := createWorkingRegistration(t, sa) - _, testCert := test.ThrowAwayCert(t, clk) - _, err := sa.AddCertificate(ctx, &sapb.AddCertificateRequest{ - Der: testCert.Raw, - RegID: reg.Id, - Issued: timestamppb.New(testCert.NotBefore), - }) - test.AssertNotError(t, err, "Couldn't add test cert") - name := testCert.DNSNames[0] - - // Move time forward, so the cert was issued slightly in the past. - clk.Add(time.Hour) - now := clk.Now() - yesterday := clk.Now().Add(-24 * time.Hour) - twoDaysAgo := clk.Now().Add(-48 * time.Hour) - tomorrow := clk.Now().Add(24 * time.Hour) - - // Count for a name that doesn't have any certs - counts, err := sa.CountCertificatesByNames(ctx, &sapb.CountCertificatesByNamesRequest{ - DnsNames: []string{"does.not.exist"}, - Range: &sapb.Range{ - Earliest: timestamppb.New(yesterday), - Latest: timestamppb.New(now), - }, - }) - test.AssertNotError(t, err, "Error counting certs.") - test.AssertEquals(t, len(counts.Counts), 1) - test.AssertEquals(t, counts.Counts["does.not.exist"], int64(0)) - - // Time range including now should find the cert. - counts, err = sa.CountCertificatesByNames(ctx, &sapb.CountCertificatesByNamesRequest{ - DnsNames: testCert.DNSNames, - Range: &sapb.Range{ - Earliest: timestamppb.New(yesterday), - Latest: timestamppb.New(now), - }, - }) - test.AssertNotError(t, err, "sa.CountCertificatesByName failed") - test.AssertEquals(t, len(counts.Counts), 1) - test.AssertEquals(t, counts.Counts[name], int64(1)) - - // Time range between two days ago and yesterday should not find the cert. - counts, err = sa.CountCertificatesByNames(ctx, &sapb.CountCertificatesByNamesRequest{ - DnsNames: testCert.DNSNames, - Range: &sapb.Range{ - Earliest: timestamppb.New(twoDaysAgo), - Latest: timestamppb.New(yesterday), - }, - }) - test.AssertNotError(t, err, "Error counting certs.") - test.AssertEquals(t, len(counts.Counts), 1) - test.AssertEquals(t, counts.Counts[name], int64(0)) - - // Time range between now and tomorrow also should not (time ranges are - // inclusive at the tail end, but not the beginning end). - counts, err = sa.CountCertificatesByNames(ctx, &sapb.CountCertificatesByNamesRequest{ - DnsNames: testCert.DNSNames, - Range: &sapb.Range{ - Earliest: timestamppb.New(now), - Latest: timestamppb.New(tomorrow), - }, - }) - test.AssertNotError(t, err, "Error counting certs.") - test.AssertEquals(t, len(counts.Counts), 1) - test.AssertEquals(t, counts.Counts[name], int64(0)) -} - -func TestCountCertificatesByNamesParallel(t *testing.T) { - sa, clk, cleanUp := initSA(t) - defer cleanUp() - - // Create two certs with different names and add them both to the database. - reg := createWorkingRegistration(t, sa) - - _, testCert := test.ThrowAwayCert(t, clk) - _, err := sa.AddCertificate(ctx, &sapb.AddCertificateRequest{ - Der: testCert.Raw, - RegID: reg.Id, - Issued: timestamppb.New(testCert.NotBefore), - }) - test.AssertNotError(t, err, "Couldn't add test cert") - - _, testCert2 := test.ThrowAwayCert(t, clk) - _, err = sa.AddCertificate(ctx, &sapb.AddCertificateRequest{ - Der: testCert2.Raw, - RegID: reg.Id, - Issued: timestamppb.New(testCert2.NotBefore), - }) - test.AssertNotError(t, err, "Couldn't add test cert") - - // Override countCertificatesByName with an implementation of certCountFunc - // that will block forever if it's called in serial, but will succeed if - // called in parallel. - names := []string{"does.not.exist", testCert.DNSNames[0], testCert2.DNSNames[0]} - - var interlocker sync.WaitGroup - interlocker.Add(len(names)) - sa.parallelismPerRPC = len(names) - oldCertCountFunc := sa.countCertificatesByName - sa.countCertificatesByName = func(ctx context.Context, sel db.Selector, domain string, timeRange *sapb.Range) (int64, time.Time, error) { - interlocker.Done() - interlocker.Wait() - return oldCertCountFunc(ctx, sel, domain, timeRange) - } - - counts, err := sa.CountCertificatesByNames(ctx, &sapb.CountCertificatesByNamesRequest{ - DnsNames: names, - Range: &sapb.Range{ - Earliest: timestamppb.New(clk.Now().Add(-time.Hour)), - Latest: timestamppb.New(clk.Now().Add(time.Hour)), - }, - }) - test.AssertNotError(t, err, "Error counting certs.") - test.AssertEquals(t, len(counts.Counts), 3) - - // We expect there to be two of each of the names that do exist, because - // test.ThrowAwayCert creates certs for subdomains of example.com, and - // CountCertificatesByNames counts all certs under the same registered domain. - expected := map[string]int64{ - "does.not.exist": 0, - testCert.DNSNames[0]: 2, - testCert2.DNSNames[0]: 2, - } - for name, count := range expected { - test.AssertEquals(t, count, counts.Counts[name]) - } -} - func TestFQDNSetTimestampsForWindow(t *testing.T) { sa, fc, cleanUp := initSA(t) defer cleanUp() @@ -1560,58 +1426,6 @@ func TestGetAuthorizations2(t *testing.T) { test.AssertEquals(t, len(authz.Authzs), 2) } -func TestCountOrders(t *testing.T) { - sa, _, cleanUp := initSA(t) - defer cleanUp() - - reg := createWorkingRegistration(t, sa) - now := sa.clk.Now() - expires := now.Add(24 * time.Hour) - - req := &sapb.CountOrdersRequest{ - AccountID: 12345, - Range: &sapb.Range{ - Earliest: timestamppb.New(now.Add(-time.Hour)), - Latest: timestamppb.New(now.Add(time.Second)), - }, - } - - // Counting new orders for a reg ID that doesn't exist should return 0 - count, err := sa.CountOrders(ctx, req) - test.AssertNotError(t, err, "Couldn't count new orders for fake reg ID") - test.AssertEquals(t, count.Count, int64(0)) - - // Add a pending authorization - authzID := createPendingAuthorization(t, sa, "example.com", expires) - - // Add one pending order - order, err := sa.NewOrderAndAuthzs(ctx, &sapb.NewOrderAndAuthzsRequest{ - NewOrder: &sapb.NewOrderRequest{ - RegistrationID: reg.Id, - Expires: timestamppb.New(expires), - DnsNames: []string{"example.com"}, - V2Authorizations: []int64{authzID}, - }, - }) - test.AssertNotError(t, err, "Couldn't create new pending order") - - // Counting new orders for the reg ID should now yield 1 - req.AccountID = reg.Id - count, err = sa.CountOrders(ctx, req) - test.AssertNotError(t, err, "Couldn't count new orders for reg ID") - test.AssertEquals(t, count.Count, int64(1)) - - // Moving the count window to after the order was created should return the - // count to 0 - earliest := order.Created.AsTime().Add(time.Minute) - latest := earliest.Add(time.Hour) - req.Range.Earliest = timestamppb.New(earliest) - req.Range.Latest = timestamppb.New(latest) - count, err = sa.CountOrders(ctx, req) - test.AssertNotError(t, err, "Couldn't count new orders for reg ID") - test.AssertEquals(t, count.Count, int64(0)) -} - func TestFasterGetOrderForNames(t *testing.T) { sa, fc, cleanUp := initSA(t) defer cleanUp() @@ -2377,104 +2191,6 @@ func TestAddCertificateRenewalBit(t *testing.T) { } } -func TestCountCertificatesRenewalBit(t *testing.T) { - sa, fc, cleanUp := initSA(t) - defer cleanUp() - - // Create a test registration - reg := createWorkingRegistration(t, sa) - - // Create a small throw away key for the test certificates. - testKey, err := rsa.GenerateKey(rand.Reader, 512) - test.AssertNotError(t, err, "error generating test key") - - // Create an initial test certificate for a set of domain names, issued an - // hour ago. - template := &x509.Certificate{ - SerialNumber: big.NewInt(1337), - DNSNames: []string{"www.not-example.com", "not-example.com", "admin.not-example.com"}, - NotBefore: fc.Now().Add(-time.Hour), - BasicConstraintsValid: true, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, - } - certADER, err := x509.CreateCertificate(rand.Reader, template, template, testKey.Public(), testKey) - test.AssertNotError(t, err, "Failed to create test cert A") - certA, _ := x509.ParseCertificate(certADER) - - // Update the template with a new serial number and a not before of now and - // create a second test cert for the same names. This will be a renewal. - template.SerialNumber = big.NewInt(7331) - template.NotBefore = fc.Now() - certBDER, err := x509.CreateCertificate(rand.Reader, template, template, testKey.Public(), testKey) - test.AssertNotError(t, err, "Failed to create test cert B") - certB, _ := x509.ParseCertificate(certBDER) - - // Update the template with a third serial number and a partially overlapping - // set of names. This will not be a renewal but will help test the exact name - // counts. - template.SerialNumber = big.NewInt(0xC0FFEE) - template.DNSNames = []string{"www.not-example.com"} - certCDER, err := x509.CreateCertificate(rand.Reader, template, template, testKey.Public(), testKey) - test.AssertNotError(t, err, "Failed to create test cert C") - - countName := func(t *testing.T, expectedName string) int64 { - earliest := fc.Now().Add(-5 * time.Hour) - latest := fc.Now().Add(5 * time.Hour) - req := &sapb.CountCertificatesByNamesRequest{ - DnsNames: []string{expectedName}, - Range: &sapb.Range{ - Earliest: timestamppb.New(earliest), - Latest: timestamppb.New(latest), - }, - } - counts, err := sa.CountCertificatesByNames(context.Background(), req) - test.AssertNotError(t, err, "Unexpected err from CountCertificatesByNames") - for name, count := range counts.Counts { - if name == expectedName { - return count - } - } - return 0 - } - - // Add the first certificate - it won't be considered a renewal. - issued := certA.NotBefore - _, err = sa.AddCertificate(ctx, &sapb.AddCertificateRequest{ - Der: certADER, - RegID: reg.Id, - Issued: timestamppb.New(issued), - }) - test.AssertNotError(t, err, "Failed to add CertA test certificate") - - // The count for the base domain should be 1 - just certA has been added. - test.AssertEquals(t, countName(t, "not-example.com"), int64(1)) - - // Add the second certificate - it should be considered a renewal - issued = certB.NotBefore - _, err = sa.AddCertificate(ctx, &sapb.AddCertificateRequest{ - Der: certBDER, - RegID: reg.Id, - Issued: timestamppb.New(issued), - }) - test.AssertNotError(t, err, "Failed to add CertB test certificate") - - // The count for the base domain should still be 1, just certA. CertB should - // be ignored. - test.AssertEquals(t, countName(t, "not-example.com"), int64(1)) - - // Add the third certificate - it should not be considered a renewal - _, err = sa.AddCertificate(ctx, &sapb.AddCertificateRequest{ - Der: certCDER, - RegID: reg.Id, - Issued: timestamppb.New(issued), - }) - test.AssertNotError(t, err, "Failed to add CertC test certificate") - - // The count for the base domain should be 2 now: certA and certC. - // CertB should be ignored. - test.AssertEquals(t, countName(t, "not-example.com"), int64(2)) -} - func TestFinalizeAuthorization2(t *testing.T) { sa, fc, cleanUp := initSA(t) defer cleanUp() diff --git a/sa/saro.go b/sa/saro.go index 129b07daacc..59bf4875454 100644 --- a/sa/saro.go +++ b/sa/saro.go @@ -9,7 +9,6 @@ import ( "net" "regexp" "strings" - "sync" "time" "github.com/go-jose/go-jose/v4" @@ -34,8 +33,6 @@ var ( validIncidentTableRegexp = regexp.MustCompile(`^incident_[0-9a-zA-Z_]{1,100}$`) ) -type certCountFunc func(ctx context.Context, db db.Selector, domain string, timeRange *sapb.Range) (int64, time.Time, error) - // SQLStorageAuthorityRO defines a read-only subset of a Storage Authority type SQLStorageAuthorityRO struct { sapb.UnsafeStorageAuthorityReadOnlyServer @@ -57,10 +54,6 @@ type SQLStorageAuthorityRO struct { // as, the observed database replication lag. lagFactor time.Duration - // We use function types here so we can mock out this internal function in - // unittests. - countCertificatesByName certCountFunc - clk clock.Clock log blog.Logger @@ -101,8 +94,6 @@ func NewSQLStorageAuthorityRO( lagFactorCounter: lagFactorCounter, } - ssaro.countCertificatesByName = ssaro.countCertificates - return ssaro, nil } @@ -212,88 +203,6 @@ func ipRange(ip net.IP) (net.IP, net.IP) { return begin, end } -// CountCertificatesByNames counts, for each input domain, the number of -// certificates issued in the given time range for that domain and its -// subdomains. It returns a map from domains to counts and a timestamp. The map -// of domains to counts is guaranteed to contain an entry for each input domain, -// so long as err is nil. The timestamp is the earliest time a certificate was -// issued for any of the domains during the provided range of time. Queries will -// be run in parallel. If any of them error, only one error will be returned. -func (ssa *SQLStorageAuthorityRO) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if len(req.DnsNames) == 0 || core.IsAnyNilOrZero(req.Range.Earliest, req.Range.Latest) { - return nil, errIncompleteRequest - } - - work := make(chan string, len(req.DnsNames)) - type result struct { - err error - count int64 - earliest time.Time - domain string - } - results := make(chan result, len(req.DnsNames)) - for _, domain := range req.DnsNames { - work <- domain - } - close(work) - var wg sync.WaitGroup - ctx, cancel := context.WithCancel(ctx) - defer cancel() - // We may perform up to 100 queries, depending on what's in the certificate - // request. Parallelize them so we don't hit our timeout, but limit the - // parallelism so we don't consume too many threads on the database. - for range ssa.parallelismPerRPC { - wg.Add(1) - go func() { - defer wg.Done() - for domain := range work { - select { - case <-ctx.Done(): - results <- result{err: ctx.Err()} - return - default: - } - count, earliest, err := ssa.countCertificatesByName(ctx, ssa.dbReadOnlyMap, domain, req.Range) - if err != nil { - results <- result{err: err} - // Skip any further work - cancel() - return - } - results <- result{ - count: count, - earliest: earliest, - domain: domain, - } - } - }() - } - wg.Wait() - close(results) - - // Set earliest to the latest possible time, so that we can find the - // earliest certificate in the results. - earliest := req.Range.Latest - counts := make(map[string]int64) - for r := range results { - if r.err != nil { - return nil, r.err - } - counts[r.domain] = r.count - if !r.earliest.IsZero() && r.earliest.Before(earliest.AsTime()) { - earliest = timestamppb.New(r.earliest) - } - } - - // If we didn't find any certificates in the range, earliest should be set - // to a zero value. - if len(counts) == 0 { - earliest = ×tamppb.Timestamp{} - } - return &sapb.CountByNames{Counts: counts, Earliest: earliest}, nil -} - func ReverseName(domain string) string { labels := strings.Split(domain, ".") for i, j := 0, len(labels)-1; i < j; i, j = i+1, j-1 { @@ -423,15 +332,6 @@ func (ssa *SQLStorageAuthorityRO) GetRevocationStatus(ctx context.Context, req * return status, nil } -func (ssa *SQLStorageAuthorityRO) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error) { - // TODO(#7153): Check each value via core.IsAnyNilOrZero - if req.AccountID == 0 || core.IsAnyNilOrZero(req.Range.Earliest, req.Range.Latest) { - return nil, errIncompleteRequest - } - - return countNewOrders(ctx, ssa.dbReadOnlyMap, req) -} - // FQDNSetTimestampsForWindow returns the issuance timestamps for each // certificate, issued for a set of domains, during a given window of time, // starting from the most recent issuance. diff --git a/test/config-next/ra.json b/test/config-next/ra.json index a6692c7bd89..3738b102097 100644 --- a/test/config-next/ra.json +++ b/test/config-next/ra.json @@ -1,6 +1,5 @@ { "ra": { - "rateLimitPoliciesFilename": "test/rate-limit-policies.yml", "limiter": { "redis": { "username": "boulder-wfe", @@ -127,7 +126,6 @@ }, "features": { "AsyncFinalize": true, - "UseKvLimitsForNewOrder": true, "AutomaticallyPauseZombieClients": true, "NoPendingAuthzReuse": true, "EnforceMPIC": true diff --git a/test/config-next/sa.json b/test/config-next/sa.json index 04c8b1b6dcd..02b0e0c839f 100644 --- a/test/config-next/sa.json +++ b/test/config-next/sa.json @@ -50,7 +50,6 @@ "healthCheckInterval": "4s", "features": { "MultipleCertificateProfiles": true, - "DisableLegacyLimitWrites": true, "InsertAuthzsIndividually": true } }, diff --git a/test/config-next/wfe2.json b/test/config-next/wfe2.json index c9fd2d3252e..c516cc7e67c 100644 --- a/test/config-next/wfe2.json +++ b/test/config-next/wfe2.json @@ -127,8 +127,7 @@ "features": { "PropagateCancels": true, "ServeRenewalInfo": true, - "CheckIdentifiersPaused": true, - "UseKvLimitsForNewOrder": true + "CheckIdentifiersPaused": true }, "certProfiles": { "legacy": "The normal profile you know and love", diff --git a/test/config/ra.json b/test/config/ra.json index 1fbbd055c37..34304ce0f3a 100644 --- a/test/config/ra.json +++ b/test/config/ra.json @@ -1,6 +1,30 @@ { "ra": { "rateLimitPoliciesFilename": "test/rate-limit-policies.yml", + "limiter": { + "redis": { + "username": "boulder-wfe", + "passwordFile": "test/secrets/wfe_ratelimits_redis_password", + "lookups": [ + { + "Service": "redisratelimits", + "Domain": "service.consul" + } + ], + "lookupDNSAuthority": "consul.service.consul", + "readTimeout": "250ms", + "writeTimeout": "250ms", + "poolSize": 100, + "routeRandomly": true, + "tls": { + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" + } + }, + "Defaults": "test/config/wfe2-ratelimit-defaults.yml", + "Overrides": "test/config/wfe2-ratelimit-overrides.yml" + }, "maxContactsPerRegistration": 3, "debugAddr": ":8002", "hostnamePolicyFile": "test/hostname-policy.yaml", @@ -105,6 +129,7 @@ } }, "features": { + "UseKvLimitsForNewOrder": true, "IncrementRateLimits": true }, "ctLogs": { diff --git a/test/config/sa.json b/test/config/sa.json index d8a19fea04c..8c904b90850 100644 --- a/test/config/sa.json +++ b/test/config/sa.json @@ -46,6 +46,9 @@ ] } } + }, + "features": { + "UseKvLimitsForNewOrder": true } }, "syslog": { diff --git a/test/config/wfe2-ratelimit-defaults.yml b/test/config/wfe2-ratelimit-defaults.yml new file mode 100644 index 00000000000..d934b508cc8 --- /dev/null +++ b/test/config/wfe2-ratelimit-defaults.yml @@ -0,0 +1,36 @@ +NewRegistrationsPerIPAddress: + count: 10000 + burst: 10000 + period: 168h +NewRegistrationsPerIPv6Range: + count: 99999 + burst: 99999 + period: 168h +CertificatesPerDomain: + count: 2 + burst: 2 + period: 2160h +FailedAuthorizationsPerDomainPerAccount: + count: 3 + burst: 3 + period: 5m +# The burst represents failing 40 times per day for 90 days. The count and +# period grant one "freebie" failure per day. In combination, these parameters +# mean that: +# - Failing 120 times per day results in being paused after 30.25 days +# - Failing 40 times per day results in being paused after 92.3 days +# - Failing 20 times per day results in being paused after 6.2 months +# - Failing 4 times per day results in being paused after 3.3 years +# - Failing once per day results in never being paused +FailedAuthorizationsForPausingPerDomainPerAccount: + count: 1 + burst: 3600 + period: 24h +NewOrdersPerAccount: + count: 1500 + burst: 1500 + period: 3h +CertificatesPerFQDNSet: + count: 2 + burst: 2 + period: 3h diff --git a/test/config/wfe2-ratelimit-overrides.yml b/test/config/wfe2-ratelimit-overrides.yml new file mode 100644 index 00000000000..716ccb3aa1f --- /dev/null +++ b/test/config/wfe2-ratelimit-overrides.yml @@ -0,0 +1,64 @@ +- NewRegistrationsPerIPAddress: + burst: 1000000 + count: 1000000 + period: 168h + ids: + - id: 127.0.0.1 + comment: localhost + - id: 10.77.77.77 + comment: test + - id: 10.88.88.88 + comment: test +- CertificatesPerDomain: + burst: 1 + count: 1 + period: 2160h + ids: + - id: ratelimit.me + comment: Rate Limit Test Domain +- CertificatesPerDomain: + burst: 10000 + count: 10000 + period: 2160h + ids: + - id: le.wtf + comment: Let's Encrypt Test Domain + - id: le1.wtf + comment: Let's Encrypt Test Domain 1 + - id: le2.wtf + comment: Let's Encrypt Test Domain 2 + - id: le3.wtf + comment: Let's Encrypt Test Domain 3 + - id: nginx.wtf + comment: Nginx Test Domain + - id: good-caa-reserved.com + comment: Good CAA Reserved Domain + - id: bad-caa-reserved.com + comment: Bad CAA Reserved Domain + - id: ecdsa.le.wtf + comment: ECDSA Let's Encrypt Test Domain + - id: must-staple.le.wtf + comment: Must-Staple Let's Encrypt Test Domain +- CertificatesPerFQDNSet: + burst: 10000 + count: 10000 + period: 168h + ids: + - id: le.wtf + comment: Let's Encrypt Test Domain + - id: le1.wtf + comment: Let's Encrypt Test Domain 1 + - id: le2.wtf + comment: Let's Encrypt Test Domain 2 + - id: le3.wtf + comment: Let's Encrypt Test Domain 3 + - id: le.wtf,le1.wtf + comment: Let's Encrypt Test Domain, Let's Encrypt Test Domain 1 + - id: good-caa-reserved.com + comment: Good CAA Reserved Domain + - id: nginx.wtf + comment: Nginx Test Domain + - id: ecdsa.le.wtf + comment: ECDSA Let's Encrypt Test Domain + - id: must-staple.le.wtf + comment: Must-Staple Let's Encrypt Test Domain diff --git a/test/config/wfe2.json b/test/config/wfe2.json index 0f64bafea15..5d11d3304e5 100644 --- a/test/config/wfe2.json +++ b/test/config/wfe2.json @@ -102,7 +102,32 @@ "staleTimeout": "5m", "authorizationLifetimeDays": 30, "pendingAuthorizationLifetimeDays": 7, + "limiter": { + "redis": { + "username": "boulder-wfe", + "passwordFile": "test/secrets/wfe_ratelimits_redis_password", + "lookups": [ + { + "Service": "redisratelimits", + "Domain": "service.consul" + } + ], + "lookupDNSAuthority": "consul.service.consul", + "readTimeout": "250ms", + "writeTimeout": "250ms", + "poolSize": 100, + "routeRandomly": true, + "tls": { + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" + } + }, + "Defaults": "test/config/wfe2-ratelimit-defaults.yml", + "Overrides": "test/config/wfe2-ratelimit-overrides.yml" + }, "features": { + "UseKvLimitsForNewOrder": true, "ServeRenewalInfo": true, "IncrementRateLimits": true, "CheckIdentifiersPaused": true diff --git a/test/inmem/sa/sa.go b/test/inmem/sa/sa.go index 14727d63295..2121ddfe687 100644 --- a/test/inmem/sa/sa.go +++ b/test/inmem/sa/sa.go @@ -73,10 +73,6 @@ func (sa SA) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesReq return sa.Impl.GetOrderForNames(ctx, req) } -func (sa SA) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest, _ ...grpc.CallOption) (*sapb.Count, error) { - return sa.Impl.CountOrders(ctx, req) -} - func (sa SA) SetOrderError(ctx context.Context, req *sapb.SetOrderErrorRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) { return sa.Impl.SetOrderError(ctx, req) } @@ -97,10 +93,6 @@ func (sa SA) AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest return sa.Impl.AddCertificate(ctx, req) } -func (sa SA) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest, _ ...grpc.CallOption) (*sapb.CountByNames, error) { - return sa.Impl.CountCertificatesByNames(ctx, req) -} - func (sa SA) RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) { return sa.Impl.RevokeCertificate(ctx, req) } diff --git a/test/integration/ratelimit_test.go b/test/integration/ratelimit_test.go index 91c4080fdc2..358f604d5cb 100644 --- a/test/integration/ratelimit_test.go +++ b/test/integration/ratelimit_test.go @@ -6,8 +6,6 @@ import ( "crypto/rand" "encoding/hex" "fmt" - "os" - "strings" "testing" "github.com/letsencrypt/boulder/test" @@ -27,13 +25,7 @@ func TestDuplicateFQDNRateLimit(t *testing.T) { _, err = authAndIssue(nil, nil, []string{domain}, true) test.AssertError(t, err, "Somehow managed to issue third certificate") - if strings.Contains(os.Getenv("BOULDER_CONFIG_DIR"), "test/config-next") { - // Error should be served from key-value rate limits implementation. - test.AssertContains(t, err.Error(), "too many certificates (2) already issued for this exact set of domains in the last 3h0m0s") - } else { - // Error should be served from legacy rate limits implementation. - test.AssertContains(t, err.Error(), "too many certificates (2) already issued for this exact set of domains in the last 3 hours") - } + test.AssertContains(t, err.Error(), "too many certificates (2) already issued for this exact set of domains in the last 3h0m0s") } func TestCertificatesPerDomain(t *testing.T) { @@ -56,13 +48,7 @@ func TestCertificatesPerDomain(t *testing.T) { _, err = authAndIssue(nil, nil, []string{randomSubDomain()}, true) test.AssertError(t, err, "Somehow managed to issue third certificate") - if strings.Contains(os.Getenv("BOULDER_CONFIG_DIR"), "test/config-next") { - // Error should be served from key-value rate limits implementation. - test.AssertContains(t, err.Error(), fmt.Sprintf("too many certificates (2) already issued for %q in the last 2160h0m0s", randomDomain)) - } else { - // Error should be served from legacy rate limits implementation. - test.AssertContains(t, err.Error(), fmt.Sprintf("too many certificates already issued for %q", randomDomain)) - } + test.AssertContains(t, err.Error(), fmt.Sprintf("too many certificates (2) already issued for %q in the last 2160h0m0s", randomDomain)) // Issue a certificate for the first subdomain, which should succeed because // it's a renewal. diff --git a/test/v2_integration.py b/test/v2_integration.py index 230d63ba289..00107386aea 100644 --- a/test/v2_integration.py +++ b/test/v2_integration.py @@ -180,7 +180,7 @@ def test_failed_validation_limit(): """ Fail a challenge repeatedly for the same domain, with the same account. Once we reach the rate limit we should get a rateLimitedError. Note that this - depends on the specific threshold configured in rate-limit-policies.yml. + depends on the specific threshold configured. This also incidentally tests a fix for https://github.com/letsencrypt/boulder/issues/4329. We expect to get @@ -1503,17 +1503,6 @@ def test_renewal_exemption(): chisel2.expect_problem("urn:ietf:params:acme:error:rateLimited", lambda: chisel2.auth_and_issue(["mail." + base_domain])) -# TODO(#5545) Remove this test once key-value rate limits are authoritative in -# production. -def test_certificates_per_name(): - if CONFIG_NEXT: - # This test is replaced by TestCertificatesPerDomain in the Go - # integration tests because key-value rate limits does not support - # override limits of 0. - return - chisel2.expect_problem("urn:ietf:params:acme:error:rateLimited", - lambda: chisel2.auth_and_issue([random_domain() + ".lim.it"])) - def test_oversized_csr(): # Number of names is chosen to be one greater than the configured RA/CA maxNames numNames = 101 diff --git a/wfe2/wfe.go b/wfe2/wfe.go index fe0cf7c3603..e20fc2d3aed 100644 --- a/wfe2/wfe.go +++ b/wfe2/wfe.go @@ -638,11 +638,6 @@ func link(url, relation string) string { // creation fails, the func will be nil if any error was encountered during the // check. func (wfe *WebFrontEndImpl) checkNewAccountLimits(ctx context.Context, ip net.IP) (func(), error) { - if wfe.limiter == nil && wfe.txnBuilder == nil { - // Key-value rate limiting is disabled. - return nil, nil - } - txns, err := wfe.txnBuilder.NewAccountLimitTransactions(ip) if err != nil { return nil, fmt.Errorf("building new account limit transactions: %w", err) @@ -795,9 +790,8 @@ func (wfe *WebFrontEndImpl) NewAccount( } var newRegistrationSuccessful bool - var errIsRateLimit bool defer func() { - if !newRegistrationSuccessful && !errIsRateLimit && refundLimits != nil { + if !newRegistrationSuccessful && refundLimits != nil { go refundLimits() } }() @@ -805,15 +799,6 @@ func (wfe *WebFrontEndImpl) NewAccount( // Send the registration to the RA via grpc acctPB, err := wfe.ra.NewRegistration(ctx, ®) if err != nil { - if errors.Is(err, berrors.RateLimit) { - // Request was denied by a legacy rate limit. In this error case we - // do not want to refund the quota consumed by the request because - // repeated requests would result in unearned refunds. - // - // TODO(#5545): Once key-value rate limits are authoritative this - // can be removed. - errIsRateLimit = true - } if errors.Is(err, berrors.Duplicate) { existingAcct, err := wfe.sa.GetRegistrationByKey(ctx, &sapb.JSONWebKey{Jwk: keyBytes}) if err == nil { @@ -2024,11 +2009,6 @@ func (wfe *WebFrontEndImpl) orderToOrderJSON(request *http.Request, order *corep // function is returned that can be used to refund the quota if the order is not // created, the func will be nil if any error was encountered during the check. func (wfe *WebFrontEndImpl) checkNewOrderLimits(ctx context.Context, regId int64, names []string, isRenewal bool) (func(), error) { - if wfe.limiter == nil && wfe.txnBuilder == nil { - // Key-value rate limiting is disabled. - return nil, nil - } - txns, err := wfe.txnBuilder.NewOrderLimitTransactions(regId, names, isRenewal) if err != nil { return nil, fmt.Errorf("building new order limit transactions: %w", err) @@ -2367,7 +2347,7 @@ func (wfe *WebFrontEndImpl) NewOrder( refundLimits := func() {} if !isARIRenewal { refundLimits, err = wfe.checkNewOrderLimits(ctx, acct.ID, names, isRenewal || isARIRenewal) - if err != nil && features.Get().UseKvLimitsForNewOrder { + if err != nil { if errors.Is(err, berrors.RateLimit) { wfe.sendError(response, logEvent, probs.RateLimited(err.Error()), err) return @@ -2379,14 +2359,13 @@ func (wfe *WebFrontEndImpl) NewOrder( } var newOrderSuccessful bool - var errIsRateLimit bool defer func() { wfe.stats.ariReplacementOrders.With(prometheus.Labels{ "isReplacement": fmt.Sprintf("%t", replaces != ""), "limitsExempt": fmt.Sprintf("%t", isARIRenewal), }).Inc() - if !newOrderSuccessful && !errIsRateLimit && refundLimits != nil { + if !newOrderSuccessful && refundLimits != nil { go refundLimits() } }() @@ -2402,15 +2381,6 @@ func (wfe *WebFrontEndImpl) NewOrder( // TODO(#7153): Check each value via core.IsAnyNilOrZero if err != nil || order == nil || order.Id == 0 || order.RegistrationID == 0 || len(order.DnsNames) == 0 || core.IsAnyNilOrZero(order.Created, order.Expires) { wfe.sendError(response, logEvent, web.ProblemDetailsForError(err, "Error creating new order"), err) - if errors.Is(err, berrors.RateLimit) { - // Request was denied by a legacy rate limit. In this error case we - // do not want to refund the quota consumed by the request because - // repeated requests would result in unearned refunds. - // - // TODO(#5545): Once key-value rate limits are authoritative this - // can be removed. - errIsRateLimit = true - } return } logEvent.Created = fmt.Sprintf("%d", order.Id) diff --git a/wfe2/wfe_test.go b/wfe2/wfe_test.go index 04aac18ac8b..fc184b0e978 100644 --- a/wfe2/wfe_test.go +++ b/wfe2/wfe_test.go @@ -4104,9 +4104,6 @@ func TestCountNewOrderWithReplaces(t *testing.T) { func TestNewOrderRateLimits(t *testing.T) { wfe, fc, signer := setupWFE(t) - features.Set(features.Config{UseKvLimitsForNewOrder: true}) - defer features.Reset() - // Set the default ratelimits to only allow one new order per account per 24 // hours. txnBuilder, err := ratelimits.NewTransactionBuilder(ratelimits.LimitConfigs{