diff --git a/go.mod b/go.mod index b24c4402c..db043331d 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/pomerium/pomerium go 1.23.8 require ( + buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250307204501-0409229c3780.1 cloud.google.com/go/storage v1.51.0 contrib.go.opencensus.io/exporter/prometheus v0.4.2 github.com/CAFxX/httpcompression v0.0.9 @@ -11,6 +12,7 @@ require ( github.com/aws/aws-sdk-go-v2/config v1.29.12 github.com/aws/aws-sdk-go-v2/service/s3 v1.79.0 github.com/bits-and-blooms/bitset v1.22.0 + github.com/bufbuild/protovalidate-go v0.9.3 github.com/caddyserver/certmagic v0.22.2 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cloudflare/circl v1.6.0 @@ -118,6 +120,7 @@ require ( github.com/Microsoft/go-winio v0.6.2 // indirect github.com/agnivade/levenshtein v1.2.1 // indirect github.com/andybalholm/brotli v1.0.5 // indirect + github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.65 // indirect @@ -162,6 +165,7 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/snappy v0.0.4 // indirect + github.com/google/cel-go v0.24.1 // indirect github.com/google/go-tpm v0.9.0 // indirect github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/google/s2a-go v0.1.9 // indirect @@ -215,6 +219,7 @@ require ( github.com/spf13/cast v1.7.1 // indirect github.com/spf13/pflag v1.0.6 // indirect github.com/sryoya/protorand v0.0.0-20240429201223-e7440656b2a4 // indirect + github.com/stoewer/go-strcase v1.3.0 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/tchap/go-patricia/v2 v2.3.2 // indirect diff --git a/go.sum b/go.sum index d6e595e1b..9f279db31 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250307204501-0409229c3780.1 h1:zgJPqo17m28+Lf5BW4xv3PvU20BnrmTcGYrog22lLIU= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250307204501-0409229c3780.1/go.mod h1:avRlCjnFzl98VPaeCtJ24RrV/wwHFzB8sWXhj26+n/U= cel.dev/expr v0.19.2 h1:V354PbqIXr9IQdwy4SYA4xa0HXaWq1BUPAGzugBY5V4= cel.dev/expr v0.19.2/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -90,6 +92,8 @@ github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM= github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= +github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ= github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= @@ -137,6 +141,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bits-and-blooms/bitset v1.22.0 h1:Tquv9S8+SGaS3EhyA+up3FXzmkhxPGjQQCkcs2uw7w4= github.com/bits-and-blooms/bitset v1.22.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8= github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w= +github.com/bufbuild/protovalidate-go v0.9.3 h1:XvdtwQuppS3wjzGfpOirsqwN5ExH2+PiIuA/XZd3MTM= +github.com/bufbuild/protovalidate-go v0.9.3/go.mod h1:2lUDP6fNd3wxznRNH3Nj64VB07+PySeslamkerwP6tE= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= github.com/caddyserver/certmagic v0.22.2 h1:qzZURXlrxwR5m25/jpvVeEyJHeJJMvAwe5zlMufOTQk= @@ -309,6 +315,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/cel-go v0.24.1 h1:jsBCtxG8mM5wiUJDSGUqU0K7Mtr3w7Eyv00rw4DiZxI= +github.com/google/cel-go v0.24.1/go.mod h1:Hdf9TqOaTNSFQA1ybQaRqATVoK7m/zcf7IMhGXP5zI8= github.com/google/flatbuffers v25.2.10+incompatible h1:F3vclr7C3HpB1k9mxCGRMXq6FdUalZ6H/pNX4FP1v0Q= github.com/google/flatbuffers v25.2.10+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -615,6 +623,8 @@ github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqj github.com/spkg/bom v0.0.0-20160624110644-59b7046e48ad/go.mod h1:qLr4V1qq6nMqFKkMo8ZTx3f+BZEkzsRUY10Xsm2mwU0= github.com/sryoya/protorand v0.0.0-20240429201223-e7440656b2a4 h1:/jKH9ivHOUkahZs3zPfJfOmkXDFB6OdsHZ4W8gyDb/c= github.com/sryoya/protorand v0.0.0-20240429201223-e7440656b2a4/go.mod h1:9a23nlv6vzBeVlQq6JQCjljZ6sfzsB6aha1m5Ly1W2Y= +github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= +github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= diff --git a/internal/rfc7591/buf.gen.yaml b/internal/rfc7591/buf.gen.yaml new file mode 100644 index 000000000..8ef5cda99 --- /dev/null +++ b/internal/rfc7591/buf.gen.yaml @@ -0,0 +1,18 @@ +version: v2 +inputs: + - directory: . +plugins: + - remote: buf.build/protocolbuffers/go:v1.36.5 + out: . + opt: + - paths=source_relative +managed: + enabled: true + override: + - file_option: go_package_prefix + value: github.com/pomerium/pomerium/internal/rfc7591v1 + # Don't modify any file option or field option for protovalidate. Without + # this, generated Go will fail to compile. + disable: + - file_option: go_package + module: buf.build/bufbuild/protovalidate diff --git a/internal/rfc7591/buf.lock b/internal/rfc7591/buf.lock new file mode 100644 index 000000000..09123d359 --- /dev/null +++ b/internal/rfc7591/buf.lock @@ -0,0 +1,6 @@ +# Generated by buf. DO NOT EDIT. +version: v2 +deps: + - name: buf.build/bufbuild/protovalidate + commit: 7712fb530c574b95bc1d57c0877543c3 + digest: b5:b3e9c9428384357e3b73e4d5a4614328b0a4b1595b10163bbe9483fa16204749274c41797bd49b0d716479c855aa35c1172a94f471fa120ba8369637fd138829 diff --git a/internal/rfc7591/buf.yaml b/internal/rfc7591/buf.yaml new file mode 100644 index 000000000..0a6ac52cf --- /dev/null +++ b/internal/rfc7591/buf.yaml @@ -0,0 +1,11 @@ +version: v2 +modules: + - path: . +deps: + - buf.build/bufbuild/protovalidate +lint: + use: + - STANDARD +breaking: + use: + - FILE diff --git a/internal/rfc7591/generate.go b/internal/rfc7591/generate.go new file mode 100644 index 000000000..e71d49eec --- /dev/null +++ b/internal/rfc7591/generate.go @@ -0,0 +1,4 @@ +package rfc7591v1 + +//go:generate go run github.com/bufbuild/buf/cmd/buf@v1.53.0 dep update +//go:generate go run github.com/bufbuild/buf/cmd/buf@v1.53.0 generate diff --git a/internal/rfc7591/types.pb.go b/internal/rfc7591/types.pb.go new file mode 100644 index 000000000..6a3c48c7f --- /dev/null +++ b/internal/rfc7591/types.pb.go @@ -0,0 +1,1038 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.5 +// protoc (unknown) +// source: types.proto + +package rfc7591v1 + +import ( + _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Represents the JSON Web Key Set (JWK Set) structure defined in RFC 7517. +// This contains a set of JWKs. +type JsonWebKeySet struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED. The value of the "keys" parameter is an array of JWK values. + Keys []*JsonWebKey `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *JsonWebKeySet) Reset() { + *x = JsonWebKeySet{} + mi := &file_types_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *JsonWebKeySet) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*JsonWebKeySet) ProtoMessage() {} + +func (x *JsonWebKeySet) ProtoReflect() protoreflect.Message { + mi := &file_types_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use JsonWebKeySet.ProtoReflect.Descriptor instead. +func (*JsonWebKeySet) Descriptor() ([]byte, []int) { + return file_types_proto_rawDescGZIP(), []int{0} +} + +func (x *JsonWebKeySet) GetKeys() []*JsonWebKey { + if x != nil { + return x.Keys + } + return nil +} + +// Represents a JSON Web Key (JWK) structure defined in RFC 7517. +// A JWK is a JSON object that represents a cryptographic key. +type JsonWebKey struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED. The "kty" (key type) parameter identifies the cryptographic + // algorithm family used with the key, such as "RSA" or "EC". + Kty string `protobuf:"bytes,1,opt,name=kty,proto3" json:"kty,omitempty"` + // OPTIONAL. The "use" (public key use) parameter identifies the intended + // use of the public key. Values are "sig" (signature) or "enc" (encryption). + Use *string `protobuf:"bytes,2,opt,name=use,proto3,oneof" json:"use,omitempty"` + // OPTIONAL. The "key_ops" (key operations) parameter identifies the + // operation(s) for which the key is intended to be used. + KeyOps []string `protobuf:"bytes,3,rep,name=key_ops,json=keyOps,proto3" json:"key_ops,omitempty"` + // OPTIONAL. The "alg" (algorithm) parameter identifies the algorithm + // intended for use with the key. + Alg *string `protobuf:"bytes,4,opt,name=alg,proto3,oneof" json:"alg,omitempty"` + // OPTIONAL. The "kid" (key ID) parameter is used to match a specific key. + Kid *string `protobuf:"bytes,5,opt,name=kid,proto3,oneof" json:"kid,omitempty"` + // Parameters specific to the key type. + // + // Types that are valid to be assigned to KeyTypeParameters: + // + // *JsonWebKey_RsaParams + // *JsonWebKey_EcParams + // *JsonWebKey_SymmetricParams + // *JsonWebKey_OkpParams + KeyTypeParameters isJsonWebKey_KeyTypeParameters `protobuf_oneof:"key_type_parameters"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *JsonWebKey) Reset() { + *x = JsonWebKey{} + mi := &file_types_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *JsonWebKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*JsonWebKey) ProtoMessage() {} + +func (x *JsonWebKey) ProtoReflect() protoreflect.Message { + mi := &file_types_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use JsonWebKey.ProtoReflect.Descriptor instead. +func (*JsonWebKey) Descriptor() ([]byte, []int) { + return file_types_proto_rawDescGZIP(), []int{1} +} + +func (x *JsonWebKey) GetKty() string { + if x != nil { + return x.Kty + } + return "" +} + +func (x *JsonWebKey) GetUse() string { + if x != nil && x.Use != nil { + return *x.Use + } + return "" +} + +func (x *JsonWebKey) GetKeyOps() []string { + if x != nil { + return x.KeyOps + } + return nil +} + +func (x *JsonWebKey) GetAlg() string { + if x != nil && x.Alg != nil { + return *x.Alg + } + return "" +} + +func (x *JsonWebKey) GetKid() string { + if x != nil && x.Kid != nil { + return *x.Kid + } + return "" +} + +func (x *JsonWebKey) GetKeyTypeParameters() isJsonWebKey_KeyTypeParameters { + if x != nil { + return x.KeyTypeParameters + } + return nil +} + +func (x *JsonWebKey) GetRsaParams() *RsaKeyParameters { + if x != nil { + if x, ok := x.KeyTypeParameters.(*JsonWebKey_RsaParams); ok { + return x.RsaParams + } + } + return nil +} + +func (x *JsonWebKey) GetEcParams() *EcKeyParameters { + if x != nil { + if x, ok := x.KeyTypeParameters.(*JsonWebKey_EcParams); ok { + return x.EcParams + } + } + return nil +} + +func (x *JsonWebKey) GetSymmetricParams() *SymmetricKeyParameters { + if x != nil { + if x, ok := x.KeyTypeParameters.(*JsonWebKey_SymmetricParams); ok { + return x.SymmetricParams + } + } + return nil +} + +func (x *JsonWebKey) GetOkpParams() *OkpKeyParameters { + if x != nil { + if x, ok := x.KeyTypeParameters.(*JsonWebKey_OkpParams); ok { + return x.OkpParams + } + } + return nil +} + +type isJsonWebKey_KeyTypeParameters interface { + isJsonWebKey_KeyTypeParameters() +} + +type JsonWebKey_RsaParams struct { + // RSA key specific parameters. + RsaParams *RsaKeyParameters `protobuf:"bytes,6,opt,name=rsa_params,json=rsaParams,proto3,oneof"` +} + +type JsonWebKey_EcParams struct { + // Elliptic Curve key specific parameters. + EcParams *EcKeyParameters `protobuf:"bytes,7,opt,name=ec_params,json=ecParams,proto3,oneof"` +} + +type JsonWebKey_SymmetricParams struct { + // Symmetric key specific parameters. + SymmetricParams *SymmetricKeyParameters `protobuf:"bytes,8,opt,name=symmetric_params,json=symmetricParams,proto3,oneof"` +} + +type JsonWebKey_OkpParams struct { + // Octet Key Pair specific parameters (e.g., Ed25519). + OkpParams *OkpKeyParameters `protobuf:"bytes,9,opt,name=okp_params,json=okpParams,proto3,oneof"` +} + +func (*JsonWebKey_RsaParams) isJsonWebKey_KeyTypeParameters() {} + +func (*JsonWebKey_EcParams) isJsonWebKey_KeyTypeParameters() {} + +func (*JsonWebKey_SymmetricParams) isJsonWebKey_KeyTypeParameters() {} + +func (*JsonWebKey_OkpParams) isJsonWebKey_KeyTypeParameters() {} + +// RSA specific key parameters (RFC 7518 Section 6.3). +type RsaKeyParameters struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED. The "n" (modulus) parameter contains the modulus value for the + // RSA public key. + N string `protobuf:"bytes,1,opt,name=n,proto3" json:"n,omitempty"` + // REQUIRED. The "e" (exponent) parameter contains the exponent value for the + // RSA public key. + E string `protobuf:"bytes,2,opt,name=e,proto3" json:"e,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *RsaKeyParameters) Reset() { + *x = RsaKeyParameters{} + mi := &file_types_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RsaKeyParameters) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RsaKeyParameters) ProtoMessage() {} + +func (x *RsaKeyParameters) ProtoReflect() protoreflect.Message { + mi := &file_types_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RsaKeyParameters.ProtoReflect.Descriptor instead. +func (*RsaKeyParameters) Descriptor() ([]byte, []int) { + return file_types_proto_rawDescGZIP(), []int{2} +} + +func (x *RsaKeyParameters) GetN() string { + if x != nil { + return x.N + } + return "" +} + +func (x *RsaKeyParameters) GetE() string { + if x != nil { + return x.E + } + return "" +} + +// Elliptic Curve specific key parameters (RFC 7518 Section 6.2). +type EcKeyParameters struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED. The "crv" (curve) parameter identifies the cryptographic curve + // used with the key. + Crv string `protobuf:"bytes,1,opt,name=crv,proto3" json:"crv,omitempty"` + // REQUIRED. The "x" (x coordinate) parameter contains the x coordinate for + // the Elliptic Curve point. + X string `protobuf:"bytes,2,opt,name=x,proto3" json:"x,omitempty"` + // REQUIRED. The "y" (y coordinate) parameter contains the y coordinate for + // the Elliptic Curve point. + Y string `protobuf:"bytes,3,opt,name=y,proto3" json:"y,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EcKeyParameters) Reset() { + *x = EcKeyParameters{} + mi := &file_types_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EcKeyParameters) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EcKeyParameters) ProtoMessage() {} + +func (x *EcKeyParameters) ProtoReflect() protoreflect.Message { + mi := &file_types_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EcKeyParameters.ProtoReflect.Descriptor instead. +func (*EcKeyParameters) Descriptor() ([]byte, []int) { + return file_types_proto_rawDescGZIP(), []int{3} +} + +func (x *EcKeyParameters) GetCrv() string { + if x != nil { + return x.Crv + } + return "" +} + +func (x *EcKeyParameters) GetX() string { + if x != nil { + return x.X + } + return "" +} + +func (x *EcKeyParameters) GetY() string { + if x != nil { + return x.Y + } + return "" +} + +// Symmetric key specific parameters (RFC 7518 Section 6.4). +type SymmetricKeyParameters struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED. The "k" (key value) parameter contains the value of the symmetric + // key. + K string `protobuf:"bytes,1,opt,name=k,proto3" json:"k,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SymmetricKeyParameters) Reset() { + *x = SymmetricKeyParameters{} + mi := &file_types_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SymmetricKeyParameters) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SymmetricKeyParameters) ProtoMessage() {} + +func (x *SymmetricKeyParameters) ProtoReflect() protoreflect.Message { + mi := &file_types_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SymmetricKeyParameters.ProtoReflect.Descriptor instead. +func (*SymmetricKeyParameters) Descriptor() ([]byte, []int) { + return file_types_proto_rawDescGZIP(), []int{4} +} + +func (x *SymmetricKeyParameters) GetK() string { + if x != nil { + return x.K + } + return "" +} + +// Octet Key Pair (OKP) specific parameters (RFC 8037 Section 2). +type OkpKeyParameters struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED. The "crv" (curve) parameter identifies the cryptographic curve + // used with the key. + Crv string `protobuf:"bytes,1,opt,name=crv,proto3" json:"crv,omitempty"` + // REQUIRED. The "x" (x coordinate) parameter contains the public key. + X string `protobuf:"bytes,2,opt,name=x,proto3" json:"x,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *OkpKeyParameters) Reset() { + *x = OkpKeyParameters{} + mi := &file_types_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *OkpKeyParameters) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*OkpKeyParameters) ProtoMessage() {} + +func (x *OkpKeyParameters) ProtoReflect() protoreflect.Message { + mi := &file_types_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use OkpKeyParameters.ProtoReflect.Descriptor instead. +func (*OkpKeyParameters) Descriptor() ([]byte, []int) { + return file_types_proto_rawDescGZIP(), []int{5} +} + +func (x *OkpKeyParameters) GetCrv() string { + if x != nil { + return x.Crv + } + return "" +} + +func (x *OkpKeyParameters) GetX() string { + if x != nil { + return x.X + } + return "" +} + +// Represents the client metadata fields defined in RFC 7591 Section 2. +// These values are used both as input to registration requests and output in +// registration responses. +type ClientMetadata struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Array of redirection URI strings. REQUIRED for clients using flows with + // redirection. + RedirectUris []string `protobuf:"bytes,1,rep,name=redirect_uris,json=redirectUris,proto3" json:"redirect_uris,omitempty"` + // OPTIONAL. String indicator of the requested authentication method for the + // token endpoint. Default is "client_secret_basic". + TokenEndpointAuthMethod *string `protobuf:"bytes,2,opt,name=token_endpoint_auth_method,json=tokenEndpointAuthMethod,proto3,oneof" json:"token_endpoint_auth_method,omitempty"` + // OPTIONAL. Array of OAuth 2.0 grant type strings that the client can use. + // If omitted, defaults to ["authorization_code"]. + GrantTypes []string `protobuf:"bytes,3,rep,name=grant_types,json=grantTypes,proto3" json:"grant_types,omitempty"` + // OPTIONAL. Array of the OAuth 2.0 response type strings that the client can + // use. If omitted, defaults to ["code"]. + ResponseTypes []string `protobuf:"bytes,4,rep,name=response_types,json=responseTypes,proto3" json:"response_types,omitempty"` + // OPTIONAL. Human-readable string name of the client. RECOMMENDED. + ClientName *string `protobuf:"bytes,5,opt,name=client_name,json=clientName,proto3,oneof" json:"client_name,omitempty"` + // OPTIONAL. Map for localized client names. + ClientNameLocalized map[string]string `protobuf:"bytes,6,rep,name=client_name_localized,json=clientNameLocalized,proto3" json:"client_name_localized,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + // OPTIONAL. URL string of a web page providing information about the client. + // RECOMMENDED. + ClientUri *string `protobuf:"bytes,7,opt,name=client_uri,json=clientUri,proto3,oneof" json:"client_uri,omitempty"` + // OPTIONAL. Map for localized client URIs. + ClientUriLocalized map[string]string `protobuf:"bytes,8,rep,name=client_uri_localized,json=clientUriLocalized,proto3" json:"client_uri_localized,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + // OPTIONAL. URL string that references a logo for the client. + LogoUri *string `protobuf:"bytes,9,opt,name=logo_uri,json=logoUri,proto3,oneof" json:"logo_uri,omitempty"` + // OPTIONAL. Map for localized logo URIs. + LogoUriLocalized map[string]string `protobuf:"bytes,10,rep,name=logo_uri_localized,json=logoUriLocalized,proto3" json:"logo_uri_localized,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + // OPTIONAL. String containing a space-separated list of scope values. + Scope *string `protobuf:"bytes,11,opt,name=scope,proto3,oneof" json:"scope,omitempty"` + // OPTIONAL. Array of strings representing ways to contact people responsible + // for this client. + Contacts []string `protobuf:"bytes,12,rep,name=contacts,proto3" json:"contacts,omitempty"` + // OPTIONAL. URL string pointing to terms of service. + TosUri *string `protobuf:"bytes,13,opt,name=tos_uri,json=tosUri,proto3,oneof" json:"tos_uri,omitempty"` + // OPTIONAL. Map for localized terms of service URIs. + TosUriLocalized map[string]string `protobuf:"bytes,14,rep,name=tos_uri_localized,json=tosUriLocalized,proto3" json:"tos_uri_localized,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + // OPTIONAL. URL string pointing to privacy policy. + PolicyUri *string `protobuf:"bytes,15,opt,name=policy_uri,json=policyUri,proto3,oneof" json:"policy_uri,omitempty"` + // OPTIONAL. Map for localized policy URIs. + PolicyUriLocalized map[string]string `protobuf:"bytes,16,rep,name=policy_uri_localized,json=policyUriLocalized,proto3" json:"policy_uri_localized,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + // OPTIONAL. URL string referencing the client's JWK Set document. Mutually + // exclusive with `jwks`. + JwksUri *string `protobuf:"bytes,17,opt,name=jwks_uri,json=jwksUri,proto3,oneof" json:"jwks_uri,omitempty"` + // OPTIONAL. Client's JWK Set document value. Mutually exclusive with + // `jwks_uri`. + Jwks *JsonWebKeySet `protobuf:"bytes,18,opt,name=jwks,proto3,oneof" json:"jwks,omitempty"` + // OPTIONAL. Unique identifier string assigned by the client + // developer/publisher. + SoftwareId *string `protobuf:"bytes,19,opt,name=software_id,json=softwareId,proto3,oneof" json:"software_id,omitempty"` + // OPTIONAL. Version identifier string for the client software. + SoftwareVersion *string `protobuf:"bytes,20,opt,name=software_version,json=softwareVersion,proto3,oneof" json:"software_version,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ClientMetadata) Reset() { + *x = ClientMetadata{} + mi := &file_types_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ClientMetadata) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ClientMetadata) ProtoMessage() {} + +func (x *ClientMetadata) ProtoReflect() protoreflect.Message { + mi := &file_types_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ClientMetadata.ProtoReflect.Descriptor instead. +func (*ClientMetadata) Descriptor() ([]byte, []int) { + return file_types_proto_rawDescGZIP(), []int{6} +} + +func (x *ClientMetadata) GetRedirectUris() []string { + if x != nil { + return x.RedirectUris + } + return nil +} + +func (x *ClientMetadata) GetTokenEndpointAuthMethod() string { + if x != nil && x.TokenEndpointAuthMethod != nil { + return *x.TokenEndpointAuthMethod + } + return "" +} + +func (x *ClientMetadata) GetGrantTypes() []string { + if x != nil { + return x.GrantTypes + } + return nil +} + +func (x *ClientMetadata) GetResponseTypes() []string { + if x != nil { + return x.ResponseTypes + } + return nil +} + +func (x *ClientMetadata) GetClientName() string { + if x != nil && x.ClientName != nil { + return *x.ClientName + } + return "" +} + +func (x *ClientMetadata) GetClientNameLocalized() map[string]string { + if x != nil { + return x.ClientNameLocalized + } + return nil +} + +func (x *ClientMetadata) GetClientUri() string { + if x != nil && x.ClientUri != nil { + return *x.ClientUri + } + return "" +} + +func (x *ClientMetadata) GetClientUriLocalized() map[string]string { + if x != nil { + return x.ClientUriLocalized + } + return nil +} + +func (x *ClientMetadata) GetLogoUri() string { + if x != nil && x.LogoUri != nil { + return *x.LogoUri + } + return "" +} + +func (x *ClientMetadata) GetLogoUriLocalized() map[string]string { + if x != nil { + return x.LogoUriLocalized + } + return nil +} + +func (x *ClientMetadata) GetScope() string { + if x != nil && x.Scope != nil { + return *x.Scope + } + return "" +} + +func (x *ClientMetadata) GetContacts() []string { + if x != nil { + return x.Contacts + } + return nil +} + +func (x *ClientMetadata) GetTosUri() string { + if x != nil && x.TosUri != nil { + return *x.TosUri + } + return "" +} + +func (x *ClientMetadata) GetTosUriLocalized() map[string]string { + if x != nil { + return x.TosUriLocalized + } + return nil +} + +func (x *ClientMetadata) GetPolicyUri() string { + if x != nil && x.PolicyUri != nil { + return *x.PolicyUri + } + return "" +} + +func (x *ClientMetadata) GetPolicyUriLocalized() map[string]string { + if x != nil { + return x.PolicyUriLocalized + } + return nil +} + +func (x *ClientMetadata) GetJwksUri() string { + if x != nil && x.JwksUri != nil { + return *x.JwksUri + } + return "" +} + +func (x *ClientMetadata) GetJwks() *JsonWebKeySet { + if x != nil { + return x.Jwks + } + return nil +} + +func (x *ClientMetadata) GetSoftwareId() string { + if x != nil && x.SoftwareId != nil { + return *x.SoftwareId + } + return "" +} + +func (x *ClientMetadata) GetSoftwareVersion() string { + if x != nil && x.SoftwareVersion != nil { + return *x.SoftwareVersion + } + return "" +} + +var File_types_proto protoreflect.FileDescriptor + +var file_types_proto_rawDesc = string([]byte{ + 0x0a, 0x0b, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, 0x69, + 0x65, 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x2e, 0x76, 0x31, 0x1a, 0x1b, + 0x62, 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, + 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4d, 0x0a, 0x0d, 0x4a, + 0x73, 0x6f, 0x6e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x3c, 0x0a, 0x04, + 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x65, 0x74, + 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x2e, 0x76, 0x31, 0x2e, 0x4a, 0x73, 0x6f, + 0x6e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x42, 0x0b, 0xba, 0x48, 0x08, 0xc8, 0x01, 0x01, 0x92, + 0x01, 0x02, 0x08, 0x01, 0x52, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x22, 0xcf, 0x07, 0x0a, 0x0a, 0x4a, + 0x73, 0x6f, 0x6e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x2f, 0x0a, 0x03, 0x6b, 0x74, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x1d, 0xba, 0x48, 0x1a, 0xc8, 0x01, 0x01, 0x72, 0x15, + 0x10, 0x01, 0x52, 0x03, 0x52, 0x53, 0x41, 0x52, 0x02, 0x45, 0x43, 0x52, 0x03, 0x6f, 0x63, 0x74, + 0x52, 0x03, 0x4f, 0x4b, 0x50, 0x52, 0x03, 0x6b, 0x74, 0x79, 0x12, 0x26, 0x0a, 0x03, 0x75, 0x73, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0f, 0xba, 0x48, 0x0c, 0x72, 0x0a, 0x52, 0x03, + 0x73, 0x69, 0x67, 0x52, 0x03, 0x65, 0x6e, 0x63, 0x48, 0x01, 0x52, 0x03, 0x75, 0x73, 0x65, 0x88, + 0x01, 0x01, 0x12, 0x25, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x73, 0x18, 0x03, 0x20, + 0x03, 0x28, 0x09, 0x42, 0x0c, 0xba, 0x48, 0x09, 0x92, 0x01, 0x06, 0x22, 0x04, 0x72, 0x02, 0x10, + 0x01, 0x52, 0x06, 0x6b, 0x65, 0x79, 0x4f, 0x70, 0x73, 0x12, 0x1e, 0x0a, 0x03, 0x61, 0x6c, 0x67, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, + 0x02, 0x52, 0x03, 0x61, 0x6c, 0x67, 0x88, 0x01, 0x01, 0x12, 0x1e, 0x0a, 0x03, 0x6b, 0x69, 0x64, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, + 0x03, 0x52, 0x03, 0x6b, 0x69, 0x64, 0x88, 0x01, 0x01, 0x12, 0x42, 0x0a, 0x0a, 0x72, 0x73, 0x61, + 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, + 0x69, 0x65, 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x2e, 0x76, 0x31, 0x2e, + 0x52, 0x73, 0x61, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, + 0x48, 0x00, 0x52, 0x09, 0x72, 0x73, 0x61, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x3f, 0x0a, + 0x09, 0x65, 0x63, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x20, 0x2e, 0x69, 0x65, 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x2e, + 0x76, 0x31, 0x2e, 0x45, 0x63, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, + 0x72, 0x73, 0x48, 0x00, 0x52, 0x08, 0x65, 0x63, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x54, + 0x0a, 0x10, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x5f, 0x70, 0x61, 0x72, 0x61, + 0x6d, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x65, 0x74, 0x66, 0x2e, + 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6d, 0x6d, 0x65, + 0x74, 0x72, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, + 0x73, 0x48, 0x00, 0x52, 0x0f, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x50, 0x61, + 0x72, 0x61, 0x6d, 0x73, 0x12, 0x42, 0x0a, 0x0a, 0x6f, 0x6b, 0x70, 0x5f, 0x70, 0x61, 0x72, 0x61, + 0x6d, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x65, 0x74, 0x66, 0x2e, + 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x6b, 0x70, 0x4b, 0x65, + 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x48, 0x00, 0x52, 0x09, 0x6f, + 0x6b, 0x70, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x3a, 0xab, 0x03, 0xba, 0x48, 0xa7, 0x03, 0x1a, + 0x66, 0x0a, 0x12, 0x6a, 0x77, 0x6b, 0x2e, 0x6b, 0x74, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, + 0x73, 0x2e, 0x72, 0x73, 0x61, 0x12, 0x25, 0x72, 0x73, 0x61, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, + 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x20, 0x66, + 0x6f, 0x72, 0x20, 0x6b, 0x74, 0x79, 0x20, 0x27, 0x52, 0x53, 0x41, 0x27, 0x1a, 0x29, 0x74, 0x68, + 0x69, 0x73, 0x2e, 0x6b, 0x74, 0x79, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x52, 0x53, 0x41, 0x27, 0x20, + 0x7c, 0x7c, 0x20, 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x72, 0x73, 0x61, 0x5f, + 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x29, 0x1a, 0x61, 0x0a, 0x11, 0x6a, 0x77, 0x6b, 0x2e, 0x6b, + 0x74, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x2e, 0x65, 0x63, 0x12, 0x23, 0x65, 0x63, + 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, + 0x69, 0x72, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x6b, 0x74, 0x79, 0x20, 0x27, 0x45, 0x43, + 0x27, 0x1a, 0x27, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x74, 0x79, 0x20, 0x21, 0x3d, 0x20, 0x27, + 0x45, 0x43, 0x27, 0x20, 0x7c, 0x7c, 0x20, 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, + 0x65, 0x63, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x29, 0x1a, 0x72, 0x0a, 0x12, 0x6a, 0x77, + 0x6b, 0x2e, 0x6b, 0x74, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x2e, 0x6f, 0x63, 0x74, + 0x12, 0x2b, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x5f, 0x70, 0x61, 0x72, 0x61, + 0x6d, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x6b, 0x74, 0x79, 0x20, 0x27, 0x6f, 0x63, 0x74, 0x27, 0x1a, 0x2f, 0x74, + 0x68, 0x69, 0x73, 0x2e, 0x6b, 0x74, 0x79, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x6f, 0x63, 0x74, 0x27, + 0x20, 0x7c, 0x7c, 0x20, 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x73, 0x79, 0x6d, + 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x29, 0x1a, 0x66, + 0x0a, 0x12, 0x6a, 0x77, 0x6b, 0x2e, 0x6b, 0x74, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, + 0x2e, 0x6f, 0x6b, 0x70, 0x12, 0x25, 0x6f, 0x6b, 0x70, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, + 0x20, 0x61, 0x72, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x6b, 0x74, 0x79, 0x20, 0x27, 0x4f, 0x4b, 0x50, 0x27, 0x1a, 0x29, 0x74, 0x68, 0x69, + 0x73, 0x2e, 0x6b, 0x74, 0x79, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x4f, 0x4b, 0x50, 0x27, 0x20, 0x7c, + 0x7c, 0x20, 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6f, 0x6b, 0x70, 0x5f, 0x70, + 0x61, 0x72, 0x61, 0x6d, 0x73, 0x29, 0x42, 0x1c, 0x0a, 0x13, 0x6b, 0x65, 0x79, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x05, 0xba, + 0x48, 0x02, 0x08, 0x00, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x75, 0x73, 0x65, 0x42, 0x06, 0x0a, 0x04, + 0x5f, 0x61, 0x6c, 0x67, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x6b, 0x69, 0x64, 0x22, 0x46, 0x0a, 0x10, + 0x52, 0x73, 0x61, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, + 0x12, 0x18, 0x0a, 0x01, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, + 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x01, 0x6e, 0x12, 0x18, 0x0a, 0x01, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, + 0x01, 0x52, 0x01, 0x65, 0x22, 0x76, 0x0a, 0x0f, 0x45, 0x63, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x72, + 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x2f, 0x0a, 0x03, 0x63, 0x72, 0x76, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x42, 0x1d, 0xba, 0x48, 0x1a, 0xc8, 0x01, 0x01, 0x72, 0x15, 0x52, 0x05, + 0x50, 0x2d, 0x32, 0x35, 0x36, 0x52, 0x05, 0x50, 0x2d, 0x33, 0x38, 0x34, 0x52, 0x05, 0x50, 0x2d, + 0x35, 0x32, 0x31, 0x52, 0x03, 0x63, 0x72, 0x76, 0x12, 0x18, 0x0a, 0x01, 0x78, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, + 0x01, 0x78, 0x12, 0x18, 0x0a, 0x01, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, + 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x01, 0x79, 0x22, 0x32, 0x0a, 0x16, + 0x53, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x72, 0x61, + 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x18, 0x0a, 0x01, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x01, 0x6b, + 0x22, 0x7e, 0x0a, 0x10, 0x4f, 0x6b, 0x70, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, + 0x74, 0x65, 0x72, 0x73, 0x12, 0x38, 0x0a, 0x03, 0x63, 0x72, 0x76, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x26, 0xba, 0x48, 0x23, 0xc8, 0x01, 0x01, 0x72, 0x1e, 0x52, 0x07, 0x45, 0x64, 0x32, + 0x35, 0x35, 0x31, 0x39, 0x52, 0x05, 0x45, 0x64, 0x34, 0x34, 0x38, 0x52, 0x06, 0x58, 0x32, 0x35, + 0x35, 0x31, 0x39, 0x52, 0x04, 0x58, 0x34, 0x34, 0x38, 0x52, 0x03, 0x63, 0x72, 0x76, 0x12, 0x30, + 0x0a, 0x01, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x22, 0xba, 0x48, 0x1f, 0xc8, 0x01, + 0x01, 0x72, 0x1a, 0x10, 0x01, 0x32, 0x16, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, + 0x2d, 0x39, 0x2d, 0x5f, 0x5d, 0x2b, 0x3d, 0x7b, 0x30, 0x2c, 0x32, 0x7d, 0x24, 0x52, 0x01, 0x78, + 0x22, 0x9b, 0x13, 0x0a, 0x0e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x12, 0x36, 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, + 0x75, 0x72, 0x69, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x11, 0xba, 0x48, 0x0e, 0x92, + 0x01, 0x0b, 0x08, 0x01, 0x22, 0x07, 0x72, 0x05, 0x10, 0x01, 0x88, 0x01, 0x01, 0x52, 0x0c, 0x72, + 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x55, 0x72, 0x69, 0x73, 0x12, 0x76, 0x0a, 0x1a, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x61, 0x75, + 0x74, 0x68, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x34, 0xba, 0x48, 0x31, 0x72, 0x2f, 0x52, 0x04, 0x6e, 0x6f, 0x6e, 0x65, 0x52, 0x12, 0x63, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x73, 0x74, + 0x52, 0x13, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, + 0x62, 0x61, 0x73, 0x69, 0x63, 0x48, 0x00, 0x52, 0x17, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x6e, + 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x88, 0x01, 0x01, 0x12, 0xd7, 0x01, 0x0a, 0x0b, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x42, 0xb5, 0x01, 0xba, 0x48, 0xb1, 0x01, + 0x92, 0x01, 0xad, 0x01, 0x22, 0xaa, 0x01, 0x72, 0xa7, 0x01, 0x52, 0x12, 0x61, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x52, 0x08, + 0x69, 0x6d, 0x70, 0x6c, 0x69, 0x63, 0x69, 0x74, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, + 0x72, 0x64, 0x52, 0x12, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x52, 0x0d, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x2b, 0x75, 0x72, 0x6e, 0x3a, 0x69, 0x65, 0x74, 0x66, 0x3a, + 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x3a, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x3a, 0x67, 0x72, 0x61, + 0x6e, 0x74, 0x2d, 0x74, 0x79, 0x70, 0x65, 0x3a, 0x6a, 0x77, 0x74, 0x2d, 0x62, 0x65, 0x61, 0x72, + 0x65, 0x72, 0x52, 0x2d, 0x75, 0x72, 0x6e, 0x3a, 0x69, 0x65, 0x74, 0x66, 0x3a, 0x70, 0x61, 0x72, + 0x61, 0x6d, 0x73, 0x3a, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x3a, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x2d, + 0x74, 0x79, 0x70, 0x65, 0x3a, 0x73, 0x61, 0x6d, 0x6c, 0x32, 0x2d, 0x62, 0x65, 0x61, 0x72, 0x65, + 0x72, 0x52, 0x0a, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x73, 0x12, 0x3e, 0x0a, + 0x0e, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x09, 0x42, 0x17, 0xba, 0x48, 0x14, 0x92, 0x01, 0x11, 0x22, 0x0f, 0x72, + 0x0d, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x0d, + 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x54, 0x79, 0x70, 0x65, 0x73, 0x12, 0x30, 0x0a, + 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x18, 0xff, 0x01, 0x48, 0x01, + 0x52, 0x0a, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x88, 0x01, 0x01, 0x12, + 0xa6, 0x01, 0x0a, 0x15, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x38, 0x2e, 0x69, 0x65, 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x2e, 0x76, + 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, + 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x38, 0xba, 0x48, 0x35, 0x9a, 0x01, + 0x32, 0x22, 0x27, 0x72, 0x25, 0x32, 0x23, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x5d, + 0x7b, 0x31, 0x2c, 0x38, 0x7d, 0x28, 0x2d, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, + 0x39, 0x5d, 0x7b, 0x31, 0x2c, 0x38, 0x7d, 0x29, 0x2a, 0x24, 0x2a, 0x07, 0x72, 0x05, 0x10, 0x01, + 0x18, 0xff, 0x01, 0x52, 0x13, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x4c, + 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x12, 0x2c, 0x0a, 0x0a, 0x63, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, + 0x05, 0x72, 0x03, 0x88, 0x01, 0x01, 0x48, 0x02, 0x52, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, + 0x55, 0x72, 0x69, 0x88, 0x01, 0x01, 0x12, 0xa1, 0x01, 0x0a, 0x14, 0x63, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x5f, 0x75, 0x72, 0x69, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x18, + 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x65, 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, + 0x37, 0x35, 0x39, 0x31, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x69, + 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x36, + 0xba, 0x48, 0x33, 0x9a, 0x01, 0x30, 0x22, 0x27, 0x72, 0x25, 0x32, 0x23, 0x5e, 0x5b, 0x61, 0x2d, + 0x7a, 0x41, 0x2d, 0x5a, 0x5d, 0x7b, 0x31, 0x2c, 0x38, 0x7d, 0x28, 0x2d, 0x5b, 0x61, 0x2d, 0x7a, + 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, 0x7b, 0x31, 0x2c, 0x38, 0x7d, 0x29, 0x2a, 0x24, 0x2a, + 0x05, 0x72, 0x03, 0x88, 0x01, 0x01, 0x52, 0x12, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x55, 0x72, + 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x12, 0x28, 0x0a, 0x08, 0x6c, 0x6f, + 0x67, 0x6f, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, + 0x05, 0x72, 0x03, 0x88, 0x01, 0x01, 0x48, 0x03, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x6f, 0x55, 0x72, + 0x69, 0x88, 0x01, 0x01, 0x12, 0x9b, 0x01, 0x0a, 0x12, 0x6c, 0x6f, 0x67, 0x6f, 0x5f, 0x75, 0x72, + 0x69, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x35, 0x2e, 0x69, 0x65, 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, + 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, + 0x74, 0x61, 0x2e, 0x4c, 0x6f, 0x67, 0x6f, 0x55, 0x72, 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, + 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x36, 0xba, 0x48, 0x33, 0x9a, 0x01, 0x30, + 0x22, 0x27, 0x72, 0x25, 0x32, 0x23, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x5d, 0x7b, + 0x31, 0x2c, 0x38, 0x7d, 0x28, 0x2d, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, + 0x5d, 0x7b, 0x31, 0x2c, 0x38, 0x7d, 0x29, 0x2a, 0x24, 0x2a, 0x05, 0x72, 0x03, 0x88, 0x01, 0x01, + 0x52, 0x10, 0x6c, 0x6f, 0x67, 0x6f, 0x55, 0x72, 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, + 0x65, 0x64, 0x12, 0x30, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x15, 0xba, 0x48, 0x12, 0x72, 0x10, 0x10, 0x01, 0x32, 0x0c, 0x5e, 0x5c, 0x53, 0x2b, + 0x28, 0x20, 0x5c, 0x53, 0x2b, 0x29, 0x2a, 0x24, 0x48, 0x04, 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, + 0x65, 0x88, 0x01, 0x01, 0x12, 0x28, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, + 0x18, 0x0c, 0x20, 0x03, 0x28, 0x09, 0x42, 0x0c, 0xba, 0x48, 0x09, 0x92, 0x01, 0x06, 0x22, 0x04, + 0x72, 0x02, 0x60, 0x01, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x12, 0x26, + 0x0a, 0x07, 0x74, 0x6f, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0x88, 0x01, 0x01, 0x48, 0x05, 0x52, 0x06, 0x74, 0x6f, 0x73, + 0x55, 0x72, 0x69, 0x88, 0x01, 0x01, 0x12, 0x98, 0x01, 0x0a, 0x11, 0x74, 0x6f, 0x73, 0x5f, 0x75, + 0x72, 0x69, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x18, 0x0e, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x69, 0x65, 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, + 0x31, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x2e, 0x54, 0x6f, 0x73, 0x55, 0x72, 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, + 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x36, 0xba, 0x48, 0x33, 0x9a, 0x01, 0x30, + 0x22, 0x27, 0x72, 0x25, 0x32, 0x23, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x5d, 0x7b, + 0x31, 0x2c, 0x38, 0x7d, 0x28, 0x2d, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, + 0x5d, 0x7b, 0x31, 0x2c, 0x38, 0x7d, 0x29, 0x2a, 0x24, 0x2a, 0x05, 0x72, 0x03, 0x88, 0x01, 0x01, + 0x52, 0x0f, 0x74, 0x6f, 0x73, 0x55, 0x72, 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, + 0x64, 0x12, 0x2c, 0x0a, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x75, 0x72, 0x69, 0x18, + 0x0f, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0x88, 0x01, 0x01, 0x48, + 0x06, 0x52, 0x09, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x55, 0x72, 0x69, 0x88, 0x01, 0x01, 0x12, + 0xa1, 0x01, 0x0a, 0x14, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x75, 0x72, 0x69, 0x5f, 0x6c, + 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, + 0x2e, 0x69, 0x65, 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x2e, 0x76, 0x31, + 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2e, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x55, 0x72, 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, + 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x36, 0xba, 0x48, 0x33, 0x9a, 0x01, 0x30, 0x22, + 0x27, 0x72, 0x25, 0x32, 0x23, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x5d, 0x7b, 0x31, + 0x2c, 0x38, 0x7d, 0x28, 0x2d, 0x5b, 0x61, 0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x5d, + 0x7b, 0x31, 0x2c, 0x38, 0x7d, 0x29, 0x2a, 0x24, 0x2a, 0x05, 0x72, 0x03, 0x88, 0x01, 0x01, 0x52, + 0x12, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x55, 0x72, 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, + 0x7a, 0x65, 0x64, 0x12, 0x28, 0x0a, 0x08, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18, + 0x11, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0x88, 0x01, 0x01, 0x48, + 0x07, 0x52, 0x07, 0x6a, 0x77, 0x6b, 0x73, 0x55, 0x72, 0x69, 0x88, 0x01, 0x01, 0x12, 0x37, 0x0a, + 0x04, 0x6a, 0x77, 0x6b, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x65, + 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x2e, 0x76, 0x31, 0x2e, 0x4a, 0x73, + 0x6f, 0x6e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x48, 0x08, 0x52, 0x04, 0x6a, + 0x77, 0x6b, 0x73, 0x88, 0x01, 0x01, 0x12, 0x30, 0x0a, 0x0b, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61, + 0x72, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, + 0x72, 0x05, 0x10, 0x01, 0x18, 0xff, 0x01, 0x48, 0x09, 0x52, 0x0a, 0x73, 0x6f, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x88, 0x01, 0x01, 0x12, 0x3a, 0x0a, 0x10, 0x73, 0x6f, 0x66, 0x74, + 0x77, 0x61, 0x72, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x14, 0x20, 0x01, + 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x18, 0xff, 0x01, 0x48, 0x0a, + 0x52, 0x0f, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x88, 0x01, 0x01, 0x1a, 0x46, 0x0a, 0x18, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4e, 0x61, + 0x6d, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x45, 0x0a, 0x17, + 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, + 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x4c, 0x6f, 0x67, 0x6f, 0x55, 0x72, 0x69, 0x4c, 0x6f, + 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x42, 0x0a, 0x14, 0x54, 0x6f, 0x73, 0x55, + 0x72, 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x45, 0x0a, 0x17, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x55, 0x72, 0x69, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, + 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x3a, 0x7e, 0xba, 0x48, 0x7b, 0x1a, 0x79, 0x0a, 0x25, 0x63, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x6a, 0x77, 0x6b, 0x73, + 0x5f, 0x6d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, + 0x6e, 0x12, 0x28, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x20, 0x61, 0x6e, 0x64, 0x20, + 0x6a, 0x77, 0x6b, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x6d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x6c, + 0x79, 0x20, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x1a, 0x26, 0x21, 0x68, 0x61, + 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x29, + 0x20, 0x7c, 0x7c, 0x20, 0x21, 0x68, 0x61, 0x73, 0x28, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6a, 0x77, + 0x6b, 0x73, 0x29, 0x42, 0x1d, 0x0a, 0x1b, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x6e, + 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x6d, 0x65, 0x74, 0x68, + 0x6f, 0x64, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, + 0x6d, 0x65, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x75, 0x72, + 0x69, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x6c, 0x6f, 0x67, 0x6f, 0x5f, 0x75, 0x72, 0x69, 0x42, 0x08, + 0x0a, 0x06, 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x42, 0x0a, 0x0a, 0x08, 0x5f, 0x74, 0x6f, 0x73, + 0x5f, 0x75, 0x72, 0x69, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, + 0x75, 0x72, 0x69, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x75, 0x72, 0x69, + 0x42, 0x07, 0x0a, 0x05, 0x5f, 0x6a, 0x77, 0x6b, 0x73, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x73, 0x6f, + 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x5f, 0x69, 0x64, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x73, 0x6f, + 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0xba, + 0x01, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x69, 0x65, 0x74, 0x66, 0x2e, 0x72, 0x66, 0x63, 0x37, + 0x35, 0x39, 0x31, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x54, 0x79, 0x70, 0x65, 0x73, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2f, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, + 0x75, 0x6d, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x72, 0x66, 0x63, 0x37, + 0x35, 0x39, 0x31, 0x76, 0x31, 0x3b, 0x72, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x76, 0x31, 0xa2, + 0x02, 0x03, 0x49, 0x52, 0x58, 0xaa, 0x02, 0x0f, 0x49, 0x65, 0x74, 0x66, 0x2e, 0x52, 0x66, 0x63, + 0x37, 0x35, 0x39, 0x31, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0f, 0x49, 0x65, 0x74, 0x66, 0x5c, 0x52, + 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x1b, 0x49, 0x65, 0x74, 0x66, + 0x5c, 0x52, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, + 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x11, 0x49, 0x65, 0x74, 0x66, 0x3a, 0x3a, + 0x52, 0x66, 0x63, 0x37, 0x35, 0x39, 0x31, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, +}) + +var ( + file_types_proto_rawDescOnce sync.Once + file_types_proto_rawDescData []byte +) + +func file_types_proto_rawDescGZIP() []byte { + file_types_proto_rawDescOnce.Do(func() { + file_types_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_types_proto_rawDesc), len(file_types_proto_rawDesc))) + }) + return file_types_proto_rawDescData +} + +var file_types_proto_msgTypes = make([]protoimpl.MessageInfo, 12) +var file_types_proto_goTypes = []any{ + (*JsonWebKeySet)(nil), // 0: ietf.rfc7591.v1.JsonWebKeySet + (*JsonWebKey)(nil), // 1: ietf.rfc7591.v1.JsonWebKey + (*RsaKeyParameters)(nil), // 2: ietf.rfc7591.v1.RsaKeyParameters + (*EcKeyParameters)(nil), // 3: ietf.rfc7591.v1.EcKeyParameters + (*SymmetricKeyParameters)(nil), // 4: ietf.rfc7591.v1.SymmetricKeyParameters + (*OkpKeyParameters)(nil), // 5: ietf.rfc7591.v1.OkpKeyParameters + (*ClientMetadata)(nil), // 6: ietf.rfc7591.v1.ClientMetadata + nil, // 7: ietf.rfc7591.v1.ClientMetadata.ClientNameLocalizedEntry + nil, // 8: ietf.rfc7591.v1.ClientMetadata.ClientUriLocalizedEntry + nil, // 9: ietf.rfc7591.v1.ClientMetadata.LogoUriLocalizedEntry + nil, // 10: ietf.rfc7591.v1.ClientMetadata.TosUriLocalizedEntry + nil, // 11: ietf.rfc7591.v1.ClientMetadata.PolicyUriLocalizedEntry +} +var file_types_proto_depIdxs = []int32{ + 1, // 0: ietf.rfc7591.v1.JsonWebKeySet.keys:type_name -> ietf.rfc7591.v1.JsonWebKey + 2, // 1: ietf.rfc7591.v1.JsonWebKey.rsa_params:type_name -> ietf.rfc7591.v1.RsaKeyParameters + 3, // 2: ietf.rfc7591.v1.JsonWebKey.ec_params:type_name -> ietf.rfc7591.v1.EcKeyParameters + 4, // 3: ietf.rfc7591.v1.JsonWebKey.symmetric_params:type_name -> ietf.rfc7591.v1.SymmetricKeyParameters + 5, // 4: ietf.rfc7591.v1.JsonWebKey.okp_params:type_name -> ietf.rfc7591.v1.OkpKeyParameters + 7, // 5: ietf.rfc7591.v1.ClientMetadata.client_name_localized:type_name -> ietf.rfc7591.v1.ClientMetadata.ClientNameLocalizedEntry + 8, // 6: ietf.rfc7591.v1.ClientMetadata.client_uri_localized:type_name -> ietf.rfc7591.v1.ClientMetadata.ClientUriLocalizedEntry + 9, // 7: ietf.rfc7591.v1.ClientMetadata.logo_uri_localized:type_name -> ietf.rfc7591.v1.ClientMetadata.LogoUriLocalizedEntry + 10, // 8: ietf.rfc7591.v1.ClientMetadata.tos_uri_localized:type_name -> ietf.rfc7591.v1.ClientMetadata.TosUriLocalizedEntry + 11, // 9: ietf.rfc7591.v1.ClientMetadata.policy_uri_localized:type_name -> ietf.rfc7591.v1.ClientMetadata.PolicyUriLocalizedEntry + 0, // 10: ietf.rfc7591.v1.ClientMetadata.jwks:type_name -> ietf.rfc7591.v1.JsonWebKeySet + 11, // [11:11] is the sub-list for method output_type + 11, // [11:11] is the sub-list for method input_type + 11, // [11:11] is the sub-list for extension type_name + 11, // [11:11] is the sub-list for extension extendee + 0, // [0:11] is the sub-list for field type_name +} + +func init() { file_types_proto_init() } +func file_types_proto_init() { + if File_types_proto != nil { + return + } + file_types_proto_msgTypes[1].OneofWrappers = []any{ + (*JsonWebKey_RsaParams)(nil), + (*JsonWebKey_EcParams)(nil), + (*JsonWebKey_SymmetricParams)(nil), + (*JsonWebKey_OkpParams)(nil), + } + file_types_proto_msgTypes[6].OneofWrappers = []any{} + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_types_proto_rawDesc), len(file_types_proto_rawDesc)), + NumEnums: 0, + NumMessages: 12, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_types_proto_goTypes, + DependencyIndexes: file_types_proto_depIdxs, + MessageInfos: file_types_proto_msgTypes, + }.Build() + File_types_proto = out.File + file_types_proto_goTypes = nil + file_types_proto_depIdxs = nil +} diff --git a/internal/rfc7591/types.proto b/internal/rfc7591/types.proto new file mode 100644 index 000000000..1dc8607cf --- /dev/null +++ b/internal/rfc7591/types.proto @@ -0,0 +1,268 @@ +syntax = "proto3"; + +package ietf.rfc7591.v1; + +import "buf/validate/validate.proto"; + +option go_package = "github.com/pomerium/pomerium/internal/rfc7591"; + +// Represents the JSON Web Key Set (JWK Set) structure defined in RFC 7517. +// This contains a set of JWKs. +message JsonWebKeySet { + // REQUIRED. The value of the "keys" parameter is an array of JWK values. + repeated JsonWebKey keys = 1 [ + (buf.validate.field).required = true, + (buf.validate.field).repeated.min_items = 1 + ]; +} + +// Represents a JSON Web Key (JWK) structure defined in RFC 7517. +// A JWK is a JSON object that represents a cryptographic key. +message JsonWebKey { + // REQUIRED. The "kty" (key type) parameter identifies the cryptographic + // algorithm family used with the key, such as "RSA" or "EC". + string kty = 1 [ + (buf.validate.field).required = true, + (buf.validate.field).string = { + in: ["RSA", "EC", "oct", "OKP"], + min_len: 1, + } + ]; + + // OPTIONAL. The "use" (public key use) parameter identifies the intended + // use of the public key. Values are "sig" (signature) or "enc" (encryption). + optional string use = 2 [(buf.validate.field).string = {in: ["sig", "enc"]}]; + + // OPTIONAL. The "key_ops" (key operations) parameter identifies the + // operation(s) for which the key is intended to be used. + repeated string key_ops = 3 [(buf.validate.field).repeated.items.string.min_len = 1]; + + // OPTIONAL. The "alg" (algorithm) parameter identifies the algorithm + // intended for use with the key. + optional string alg = 4 [(buf.validate.field).string.min_len = 1]; + + // OPTIONAL. The "kid" (key ID) parameter is used to match a specific key. + optional string kid = 5 [(buf.validate.field).string.min_len = 1]; + + // Parameters specific to the key type. + oneof key_type_parameters { + option (buf.validate.oneof).required = false; // Only required if kty demands it, checked by message rules + + // RSA key specific parameters. + RsaKeyParameters rsa_params = 6; + // Elliptic Curve key specific parameters. + EcKeyParameters ec_params = 7; + // Symmetric key specific parameters. + SymmetricKeyParameters symmetric_params = 8; + // Octet Key Pair specific parameters (e.g., Ed25519). + OkpKeyParameters okp_params = 9; + } + + // Message level validation to ensure specific parameters are present based on + // kty. + option (buf.validate.message).cel = { + id: "jwk.kty_params.rsa", + expression: "this.kty != 'RSA' || has(this.rsa_params)", + message: "rsa_params are required for kty 'RSA'", + }; + option (buf.validate.message).cel = { + id: "jwk.kty_params.ec", + expression: "this.kty != 'EC' || has(this.ec_params)", + message: "ec_params are required for kty 'EC'", + }; + option (buf.validate.message).cel = { + id: "jwk.kty_params.oct", + expression: "this.kty != 'oct' || has(this.symmetric_params)", + message: "symmetric_params are required for kty 'oct'", + }; + option (buf.validate.message).cel = { + id: "jwk.kty_params.okp", + expression: "this.kty != 'OKP' || has(this.okp_params)", + message: "okp_params are required for kty 'OKP'", + }; +} + +// RSA specific key parameters (RFC 7518 Section 6.3). +message RsaKeyParameters { + // REQUIRED. The "n" (modulus) parameter contains the modulus value for the + // RSA public key. + string n = 1 [ + (buf.validate.field).required = true, + (buf.validate.field).string.min_len = 1 + ]; + // REQUIRED. The "e" (exponent) parameter contains the exponent value for the + // RSA public key. + string e = 2 [ + (buf.validate.field).required = true, + (buf.validate.field).string.min_len = 1 + ]; +} + +// Elliptic Curve specific key parameters (RFC 7518 Section 6.2). +message EcKeyParameters { + // REQUIRED. The "crv" (curve) parameter identifies the cryptographic curve + // used with the key. + string crv = 1 [ + (buf.validate.field).required = true, + (buf.validate.field).string = {in: ["P-256", "P-384", "P-521"]} + ]; + // REQUIRED. The "x" (x coordinate) parameter contains the x coordinate for + // the Elliptic Curve point. + string x = 2 [ + (buf.validate.field).required = true, + (buf.validate.field).string.min_len = 1 + ]; + // REQUIRED. The "y" (y coordinate) parameter contains the y coordinate for + // the Elliptic Curve point. + string y = 3 [ + (buf.validate.field).required = true, + (buf.validate.field).string.min_len = 1 + ]; +} + +// Symmetric key specific parameters (RFC 7518 Section 6.4). +message SymmetricKeyParameters { + // REQUIRED. The "k" (key value) parameter contains the value of the symmetric + // key. + string k = 1 [ + (buf.validate.field).required = true, + (buf.validate.field).string.min_len = 1 + ]; +} + +// Octet Key Pair (OKP) specific parameters (RFC 8037 Section 2). +message OkpKeyParameters { + // REQUIRED. The "crv" (curve) parameter identifies the cryptographic curve + // used with the key. + string crv = 1 [ + (buf.validate.field).required = true, + (buf.validate.field).string = { + in: ["Ed25519", "Ed448", "X25519", "X448"], + } + ]; + // REQUIRED. The "x" (x coordinate) parameter contains the public key. + string x = 2 [ + (buf.validate.field).required = true, + (buf.validate.field).string = { + min_len: 1, + pattern: "^[a-zA-Z0-9-_]+={0,2}$", + } + ]; +} + +// Represents the client metadata fields defined in RFC 7591 Section 2. +// These values are used both as input to registration requests and output in +// registration responses. +message ClientMetadata { + // Array of redirection URI strings. REQUIRED for clients using flows with + // redirection. + repeated string redirect_uris = 1 [(buf.validate.field).repeated = { + min_items: 1, + items: {string: {uri: true, min_len: 1}}, + }]; + + // OPTIONAL. String indicator of the requested authentication method for the + // token endpoint. Default is "client_secret_basic". + optional string token_endpoint_auth_method = 2 [(buf.validate.field).string = { + in: ["none", "client_secret_post", "client_secret_basic"], + }]; + + // OPTIONAL. Array of OAuth 2.0 grant type strings that the client can use. + // If omitted, defaults to ["authorization_code"]. + repeated string grant_types = 3 [(buf.validate.field).repeated.items.string = { + in: [ + "authorization_code", + "implicit", + "password", + "client_credentials", + "refresh_token", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + "urn:ietf:params:oauth:grant-type:saml2-bearer" + ], + }]; + + // OPTIONAL. Array of the OAuth 2.0 response type strings that the client can + // use. If omitted, defaults to ["code"]. + repeated string response_types = 4 [(buf.validate.field).repeated.items.string = { + in: ["code", "token"], + }]; + + // OPTIONAL. Human-readable string name of the client. RECOMMENDED. + optional string client_name = 5 [(buf.validate.field).string = {min_len: 1, max_len: 255}]; + + // OPTIONAL. Map for localized client names. + map client_name_localized = 6 [(buf.validate.field).map = { + keys: { + string: {pattern: "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}, + }, // BCP 47 pattern + values: {string: {min_len: 1, max_len: 255}}, + }]; + + // OPTIONAL. URL string of a web page providing information about the client. + // RECOMMENDED. + optional string client_uri = 7 [(buf.validate.field).string.uri = true]; + + // OPTIONAL. Map for localized client URIs. + map client_uri_localized = 8 [(buf.validate.field).map = { + keys: {string: {pattern: "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}}, + values: {string: {uri: true}}, + }]; + + // OPTIONAL. URL string that references a logo for the client. + optional string logo_uri = 9 [(buf.validate.field).string.uri = true]; + + // OPTIONAL. Map for localized logo URIs. + map logo_uri_localized = 10 [(buf.validate.field).map = { + keys: {string: {pattern: "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}}, + values: {string: {uri: true}}, + }]; + + // OPTIONAL. String containing a space-separated list of scope values. + optional string scope = 11 [ + (buf.validate.field).string = {pattern: "^\\S+( \\S+)*$", min_len: 1} + ]; + + // OPTIONAL. Array of strings representing ways to contact people responsible + // for this client. + repeated string contacts = 12 [(buf.validate.field).repeated.items.string.email = true]; + + // OPTIONAL. URL string pointing to terms of service. + optional string tos_uri = 13 [(buf.validate.field).string.uri = true]; + + // OPTIONAL. Map for localized terms of service URIs. + map tos_uri_localized = 14 [(buf.validate.field).map = { + keys: {string: {pattern: "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}}, + values: {string: {uri: true}}, + }]; + + // OPTIONAL. URL string pointing to privacy policy. + optional string policy_uri = 15 [(buf.validate.field).string.uri = true]; + + // OPTIONAL. Map for localized policy URIs. + map policy_uri_localized = 16 [(buf.validate.field).map = { + keys: {string: {pattern: "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}}, + values: {string: {uri: true}}, + }]; + + // OPTIONAL. URL string referencing the client's JWK Set document. Mutually + // exclusive with `jwks`. + optional string jwks_uri = 17 [(buf.validate.field).string.uri = true]; + + // OPTIONAL. Client's JWK Set document value. Mutually exclusive with + // `jwks_uri`. + optional JsonWebKeySet jwks = 18; + + // OPTIONAL. Unique identifier string assigned by the client + // developer/publisher. + optional string software_id = 19 [(buf.validate.field).string = {min_len: 1, max_len: 255}]; + + // OPTIONAL. Version identifier string for the client software. + optional string software_version = 20 [(buf.validate.field).string = {min_len: 1, max_len: 255}]; + + // Message level validation to ensure mutual exclusion of jwks and jwks_uri. + option (buf.validate.message).cel = { + id: "client_metadata.jwks_mutual_exclusion", + expression: "!has(this.jwks_uri) || !has(this.jwks)", + message: "jwks_uri and jwks are mutually exclusive", + }; +} diff --git a/internal/rfc7591/types_test.go b/internal/rfc7591/types_test.go new file mode 100644 index 000000000..d01e30e5e --- /dev/null +++ b/internal/rfc7591/types_test.go @@ -0,0 +1,49 @@ +package rfc7591v1_test + +import ( + "testing" + + "github.com/bufbuild/protovalidate-go" + "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/encoding/protojson" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/testing/protocmp" + + rfc7591 "github.com/pomerium/pomerium/internal/rfc7591" +) + +func TestValidation(t *testing.T) { + v := &rfc7591.JsonWebKey{Kty: "Invalid"} + require.ErrorContains(t, protovalidate.Validate(v), `kty: value must be in list ["RSA", "EC", "oct", "OKP"] [string.in]`) +} + +func TestJSONMarshal(t *testing.T) { + data := ` +{ + "redirect_uris": [ + "http://localhost:8002/oauth/callback" + ], + "token_endpoint_auth_method": "none", + "grant_types": [ + "authorization_code", + "refresh_token" + ], + "response_types": [ + "code" + ], + "client_name": "MCP Inspector", + "client_uri": "https://github.com/modelcontextprotocol/inspector" +}` + v := &rfc7591.ClientMetadata{} + require.NoError(t, protojson.Unmarshal([]byte(data), v)) + diff := cmp.Diff(&rfc7591.ClientMetadata{ + RedirectUris: []string{"http://localhost:8002/oauth/callback"}, + TokenEndpointAuthMethod: proto.String("none"), + GrantTypes: []string{"authorization_code", "refresh_token"}, + ResponseTypes: []string{"code"}, + ClientName: proto.String("MCP Inspector"), + ClientUri: proto.String("https://github.com/modelcontextprotocol/inspector"), + }, v, protocmp.Transform()) + require.Empty(t, diff) +}