// Copyright 2023 Envoy Project Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// 
//     http://www.apache.org/licenses/LICENSE-2.0
// 
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package envoy.admin.v3;

import "google/protobuf/timestamp.proto";

import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";

option java_package = "io.envoyproxy.envoy.admin.v3";
option java_outer_classname = "CertsProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v3;adminv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;

// [#protodoc-title: Certificates]

// Proto representation of certificate details. Admin endpoint uses this wrapper for ``/certs`` to
// display certificate information. See :ref:`/certs <operations_admin_interface_certs>` for more
// information.
message Certificates {
  option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v2alpha.Certificates";

  // List of certificates known to an Envoy.
  repeated Certificate certificates = 1;
}

message Certificate {
  option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v2alpha.Certificate";

  // Details of CA certificate.
  repeated CertificateDetails ca_cert = 1;

  // Details of Certificate Chain
  repeated CertificateDetails cert_chain = 2;
}

// [#next-free-field: 8]
message CertificateDetails {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.admin.v2alpha.CertificateDetails";

  message OcspDetails {
    // Indicates the time from which the OCSP response is valid.
    google.protobuf.Timestamp valid_from = 1;

    // Indicates the time at which the OCSP response expires.
    google.protobuf.Timestamp expiration = 2;
  }

  // Path of the certificate.
  string path = 1;

  // Certificate Serial Number.
  string serial_number = 2;

  // List of Subject Alternate names.
  repeated SubjectAlternateName subject_alt_names = 3;

  // Minimum of days until expiration of certificate and it's chain.
  uint64 days_until_expiration = 4;

  // Indicates the time from which the certificate is valid.
  google.protobuf.Timestamp valid_from = 5;

  // Indicates the time at which the certificate expires.
  google.protobuf.Timestamp expiration_time = 6;

  // Details related to the OCSP response associated with this certificate, if any.
  OcspDetails ocsp_details = 7;
}

message SubjectAlternateName {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.admin.v2alpha.SubjectAlternateName";

  // Subject Alternate Name.
  oneof name {
    string dns = 1;

    string uri = 2;

    string ip_address = 3;
  }
}