From db3428a51321d5341015886d3c630c2e71badb1a Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Wed, 7 Jan 2026 14:06:10 +0100 Subject: [PATCH 1/3] core ca part 1 --- core/proxy.proto | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) diff --git a/core/proxy.proto b/core/proxy.proto index 38d0d46..c054e7e 100644 --- a/core/proxy.proto +++ b/core/proxy.proto @@ -332,11 +332,47 @@ message CoreRequest { } } -/* - * Bi-directional communication between core and proxy. - * For security reasons, the connection has to be initiated by core, - * so requests and responses are actually sent in reverse. - */ +message CsrRequest { + bytes csr_der = 1; +} + +message InitialSetupInfo { + string cert_hostname = 1; +} + +message CertResponse { + bytes cert_der = 1; +} + +message Done {} + +message ProxySetupRequest { + oneof payload { + CsrRequest csr_request = 1; + Done done = 2; + } +} + +message ProxySetupResponse { + oneof payload { + InitialSetupInfo initial_setup_info = 1; + CertResponse cert_response = 2; + Done done = 3; + } +} + service Proxy { + /* + * Bi-directional communication between core and proxy. + * For security reasons, the connection has to be initiated by core, + * so requests and responses are actually sent in reverse. + */ rpc Bidi(stream CoreResponse) returns (stream CoreRequest); + + /* + * Initial setup between proxy and core. + * Used to exchange CSRs and signed certificates, for + * establishing HTTPS connection later. + */ + rpc Setup(stream ProxySetupResponse) returns (stream ProxySetupRequest); } From 5bce8497a0eb61a2782510cb1da11840ddf62567 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Wed, 7 Jan 2026 16:14:18 +0100 Subject: [PATCH 2/3] reduce custom types --- core/proxy.proto | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/core/proxy.proto b/core/proxy.proto index c054e7e..b446b0e 100644 --- a/core/proxy.proto +++ b/core/proxy.proto @@ -332,23 +332,19 @@ message CoreRequest { } } -message CsrRequest { - bytes csr_der = 1; -} - message InitialSetupInfo { string cert_hostname = 1; } -message CertResponse { - bytes cert_der = 1; +message DerPayload { + bytes der_data = 1; } message Done {} message ProxySetupRequest { oneof payload { - CsrRequest csr_request = 1; + DerPayload csr_request = 1; Done done = 2; } } @@ -356,7 +352,7 @@ message ProxySetupRequest { message ProxySetupResponse { oneof payload { InitialSetupInfo initial_setup_info = 1; - CertResponse cert_response = 2; + DerPayload cert_response = 2; Done done = 3; } } From bd1c145c97a41268883dd04f2cba1eef7bfa8cd7 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 9 Jan 2026 13:44:23 +0100 Subject: [PATCH 3/3] Update proxy.proto --- core/proxy.proto | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/core/proxy.proto b/core/proxy.proto index b446b0e..9c8dcc6 100644 --- a/core/proxy.proto +++ b/core/proxy.proto @@ -340,23 +340,6 @@ message DerPayload { bytes der_data = 1; } -message Done {} - -message ProxySetupRequest { - oneof payload { - DerPayload csr_request = 1; - Done done = 2; - } -} - -message ProxySetupResponse { - oneof payload { - InitialSetupInfo initial_setup_info = 1; - DerPayload cert_response = 2; - Done done = 3; - } -} - service Proxy { /* * Bi-directional communication between core and proxy. @@ -364,11 +347,10 @@ service Proxy { * so requests and responses are actually sent in reverse. */ rpc Bidi(stream CoreResponse) returns (stream CoreRequest); +} - /* - * Initial setup between proxy and core. - * Used to exchange CSRs and signed certificates, for - * establishing HTTPS connection later. - */ - rpc Setup(stream ProxySetupResponse) returns (stream ProxySetupRequest); +// Service used for initial Proxy setup, used for configuring TLS certificate on Proxy for gRPC communication. +service ProxySetup { + rpc Start(InitialSetupInfo) returns (DerPayload); + rpc SendCert(DerPayload) returns (google.protobuf.Empty); }