From 76039d07b84367b61ac1f9ff48ff6c2975d38c6b Mon Sep 17 00:00:00 2001
From: Karim Radhouani <medkarimrdi@gmail.com>
Date: Thu, 28 Apr 2022 16:11:31 -0700
Subject: [PATCH 1/2] create api/cert package

---
 api/cert/options.go | 233 ++++++++++++++++++++++++++++++++++++++++++++
 go.sum              |  32 +-----
 2 files changed, 236 insertions(+), 29 deletions(-)
 create mode 100644 api/cert/options.go

diff --git a/api/cert/options.go b/api/cert/options.go
new file mode 100644
index 0000000..3d75db9
--- /dev/null
+++ b/api/cert/options.go
@@ -0,0 +1,233 @@
+package cert
+
+import (
+	"errors"
+	"strings"
+
+	"github.com/openconfig/gnoi/cert"
+	"google.golang.org/protobuf/proto"
+)
+
+type CertOption func(proto.Message) error
+
+// ErrInvalidMsgType is returned by a CertOption in case the Option is supplied
+// an unexpected proto.Message
+var ErrInvalidMsgType = errors.New("invalid message type")
+
+// ErrInvalidValue is returned by a CertOption in case the Option is supplied
+// an unexpected value.
+var ErrInvalidValue = errors.New("invalid value")
+
+// apply is a helper function that simply applies the options to the proto.Message.
+// It returns an error if any of the options fails.
+func apply(m proto.Message, opts ...CertOption) error {
+	for _, o := range opts {
+		if err := o(m); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func NewCertCanGenerateCSRRequest(opts ...CertOption) (*cert.CanGenerateCSRRequest, error) {
+	m := new(cert.CanGenerateCSRRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertCanGenerateCSRResponse(opts ...CertOption) (*cert.CanGenerateCSRResponse, error) {
+	m := new(cert.CanGenerateCSRResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertInstallRequest(opts ...CertOption) (*cert.InstallCertificateRequest, error) {
+	m := new(cert.InstallCertificateRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertInstallResponse(opts ...CertOption) (*cert.InstallCertificateResponse, error) {
+	m := new(cert.InstallCertificateResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertRotateRequest(opts ...CertOption) (*cert.RotateCertificateRequest, error) {
+	m := new(cert.RotateCertificateRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertRotateResponse(opts ...CertOption) (*cert.RotateCertificateResponse, error) {
+	m := new(cert.RotateCertificateResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertGenerateCSRRequest(opts ...CertOption) (*cert.GenerateCSRRequest, error) {
+	m := new(cert.GenerateCSRRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertGenerateCSRResponse(opts ...CertOption) (*cert.GenerateCSRResponse, error) {
+	m := new(cert.GenerateCSRResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertLoadCertificateRequest(opts ...CertOption) (*cert.LoadCertificateRequest, error) {
+	m := new(cert.LoadCertificateRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertLoadCertificateResponse(opts ...CertOption) (*cert.LoadCertificateResponse, error) {
+	m := new(cert.LoadCertificateResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertLoadCertificateAuthorityBundleRequest(opts ...CertOption) (*cert.LoadCertificateAuthorityBundleRequest, error) {
+	m := new(cert.LoadCertificateAuthorityBundleRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertLoadCertificateAuthorityBundleResponse(opts ...CertOption) (*cert.LoadCertificateAuthorityBundleResponse, error) {
+	m := new(cert.LoadCertificateAuthorityBundleResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertGetCertificatesRequest(opts ...CertOption) (*cert.GetCertificatesRequest, error) {
+	m := new(cert.GetCertificatesRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertGetCertificatesResponse(opts ...CertOption) (*cert.GetCertificatesResponse, error) {
+	m := new(cert.GetCertificatesResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertRevokeCertificatesRequest(opts ...CertOption) (*cert.RevokeCertificatesRequest, error) {
+	m := new(cert.RevokeCertificatesRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertRevokeCertificatesResponse(opts ...CertOption) (*cert.RevokeCertificatesResponse, error) {
+	m := new(cert.RevokeCertificatesResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func KeyType(kt string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CanGenerateCSRRequest:
+			ktv, ok := cert.KeyType_value[strings.ToUpper(kt)]
+			if !ok {
+				return ErrInvalidValue
+			}
+			msg.KeyType = cert.KeyType(ktv)
+		}
+		return nil
+	}
+}
+
+func CertificateType(ct string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		ctv, ok := cert.CertificateType_value[strings.ToUpper(ct)]
+		if !ok {
+			return ErrInvalidValue
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CanGenerateCSRRequest:
+			msg.CertificateType = cert.CertificateType(ctv)
+		case *cert.Certificate:
+			msg.Type = cert.CertificateType(ctv)
+		case *cert.CSR:
+			msg.Type = cert.CertificateType(ctv)
+		case *cert.CSRParams:
+			msg.Type = cert.CertificateType(ctv)
+		}
+		return nil
+	}
+}
+
+func KeySize(ks uint32) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CanGenerateCSRRequest:
+			msg.KeySize = ks
+		case *cert.CSRParams:
+			msg.MinKeySize = ks
+		}
+		return nil
+	}
+}
+
+func MinKeySize(ks uint32) func(msg proto.Message) error {
+	return KeySize(ks)
+}
diff --git a/go.sum b/go.sum
index 1601c60..862eec3 100644
--- a/go.sum
+++ b/go.sum
@@ -38,14 +38,10 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/adrg/xdg v0.3.3 h1:s/tV7MdqQnzB1nKY8aqHvAMD+uCiuEDzVB5HLRY849U=
-github.com/adrg/xdg v0.3.3/go.mod h1:61xAR2VZcggl2St4O9ohF5qCKe08+JDmE4VNzPFQvOQ=
 github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=
 github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
@@ -55,7 +51,6 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
@@ -70,7 +65,6 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
@@ -151,14 +145,13 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
-github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
 github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
-github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
@@ -168,15 +161,11 @@ github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGg
 github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/openconfig/gnoi v0.0.0-20210421212643-3e9a99fe151c h1:PgUu5mBpEI8FPNPSy4MshPe2BT2XGNAt5zxIoDXLm/k=
-github.com/openconfig/gnoi v0.0.0-20210421212643-3e9a99fe151c/go.mod h1:Eq1jYfsMBoLDeE6p2+NP4CqPquhfJCI+gMtELTs2NYU=
 github.com/openconfig/gnoi v0.0.0-20220131192435-7dd3a95a4f1e h1:gi+t4ugHWHZPHm6ruyYa3w0btDBkltDkixJpeSZaBoA=
 github.com/openconfig/gnoi v0.0.0-20220131192435-7dd3a95a4f1e/go.mod h1:Eq1jYfsMBoLDeE6p2+NP4CqPquhfJCI+gMtELTs2NYU=
 github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -188,9 +177,6 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY=
-github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
 github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
 github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
@@ -225,7 +211,6 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
@@ -296,8 +281,6 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c=
-golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -358,8 +341,6 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211210111614-af8b64212486 h1:5hpz5aRr+W1erYCL5JRhSUBJRph7l9XkNveoExlrKYk=
-golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 h1:y/woIyUBFbpQGKS0u1aHF/40WUDnek3fPOyD08H5Vng=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -490,8 +471,6 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6 h1:FglFEfyj61zP3c6LgjmVHxYxZWXYul9oiS1EZqD5gLc=
 google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -512,9 +491,6 @@ google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM=
-google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
@@ -532,12 +508,10 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
-gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
 gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

From 8529ad41a97e4f6955107393135e890c22cd5b82 Mon Sep 17 00:00:00 2001
From: Karim Radhouani <medkarimrdi@gmail.com>
Date: Tue, 17 May 2022 14:35:33 -0700
Subject: [PATCH 2/2] implement more cert options

---
 api/cert/can_generate_csr.go |  21 ++
 api/cert/generate_csr.go     |  21 ++
 api/cert/get.go              |  21 ++
 api/cert/install.go          |  51 +++++
 api/cert/load.go             |  21 ++
 api/cert/load_ca_bundle.go   |  21 ++
 api/cert/options.go          | 391 ++++++++++++++++++++++++-----------
 api/cert/revoke.go           |  21 ++
 api/cert/rotate.go           |  59 ++++++
 9 files changed, 505 insertions(+), 122 deletions(-)
 create mode 100644 api/cert/can_generate_csr.go
 create mode 100644 api/cert/generate_csr.go
 create mode 100644 api/cert/get.go
 create mode 100644 api/cert/install.go
 create mode 100644 api/cert/load.go
 create mode 100644 api/cert/load_ca_bundle.go
 create mode 100644 api/cert/revoke.go
 create mode 100644 api/cert/rotate.go

diff --git a/api/cert/can_generate_csr.go b/api/cert/can_generate_csr.go
new file mode 100644
index 0000000..34ba40e
--- /dev/null
+++ b/api/cert/can_generate_csr.go
@@ -0,0 +1,21 @@
+package cert
+
+import "github.com/openconfig/gnoi/cert"
+
+func NewCertCanGenerateCSRRequest(opts ...CertOption) (*cert.CanGenerateCSRRequest, error) {
+	m := new(cert.CanGenerateCSRRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertCanGenerateCSRResponse(opts ...CertOption) (*cert.CanGenerateCSRResponse, error) {
+	m := new(cert.CanGenerateCSRResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
diff --git a/api/cert/generate_csr.go b/api/cert/generate_csr.go
new file mode 100644
index 0000000..87fe062
--- /dev/null
+++ b/api/cert/generate_csr.go
@@ -0,0 +1,21 @@
+package cert
+
+import "github.com/openconfig/gnoi/cert"
+
+func NewCertGenerateCSRRequest(opts ...CertOption) (*cert.GenerateCSRRequest, error) {
+	m := new(cert.GenerateCSRRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertGenerateCSRResponse(opts ...CertOption) (*cert.GenerateCSRResponse, error) {
+	m := new(cert.GenerateCSRResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
diff --git a/api/cert/get.go b/api/cert/get.go
new file mode 100644
index 0000000..29ecbab
--- /dev/null
+++ b/api/cert/get.go
@@ -0,0 +1,21 @@
+package cert
+
+import "github.com/openconfig/gnoi/cert"
+
+func NewCertGetCertificatesRequest(opts ...CertOption) (*cert.GetCertificatesRequest, error) {
+	m := new(cert.GetCertificatesRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertGetCertificatesResponse(opts ...CertOption) (*cert.GetCertificatesResponse, error) {
+	m := new(cert.GetCertificatesResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
diff --git a/api/cert/install.go b/api/cert/install.go
new file mode 100644
index 0000000..c468e26
--- /dev/null
+++ b/api/cert/install.go
@@ -0,0 +1,51 @@
+package cert
+
+import "github.com/openconfig/gnoi/cert"
+
+func NewCertInstallGenerateCSRRequest(opts ...CertOption) (*cert.InstallCertificateRequest, error) {
+	m, err := NewCertGenerateCSRRequest(opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &cert.InstallCertificateRequest{
+		InstallRequest: &cert.InstallCertificateRequest_GenerateCsr{
+			GenerateCsr: m,
+		},
+	}, nil
+}
+
+func NewCertInstallLoadCertificateRequest(opts ...CertOption) (*cert.InstallCertificateRequest, error) {
+	m, err := NewCertLoadCertificateRequest(opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &cert.InstallCertificateRequest{
+		InstallRequest: &cert.InstallCertificateRequest_LoadCertificate{
+			LoadCertificate: m,
+		},
+	}, nil
+}
+
+func NewCertInstallGenerateCSRResponse(opts ...CertOption) (*cert.InstallCertificateResponse, error) {
+	m, err := NewCertGenerateCSRResponse(opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &cert.InstallCertificateResponse{
+		InstallResponse: &cert.InstallCertificateResponse_GeneratedCsr{
+			GeneratedCsr: m,
+		},
+	}, nil
+}
+
+func NewCertInstallLoadCertificateResponse(opts ...CertOption) (*cert.InstallCertificateResponse, error) {
+	m, err := NewCertLoadCertificateResponse(opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &cert.InstallCertificateResponse{
+		InstallResponse: &cert.InstallCertificateResponse_LoadCertificate{
+			LoadCertificate: m,
+		},
+	}, nil
+}
diff --git a/api/cert/load.go b/api/cert/load.go
new file mode 100644
index 0000000..2717faf
--- /dev/null
+++ b/api/cert/load.go
@@ -0,0 +1,21 @@
+package cert
+
+import "github.com/openconfig/gnoi/cert"
+
+func NewCertLoadCertificateRequest(opts ...CertOption) (*cert.LoadCertificateRequest, error) {
+	m := new(cert.LoadCertificateRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertLoadCertificateResponse(opts ...CertOption) (*cert.LoadCertificateResponse, error) {
+	m := new(cert.LoadCertificateResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
diff --git a/api/cert/load_ca_bundle.go b/api/cert/load_ca_bundle.go
new file mode 100644
index 0000000..3c4f088
--- /dev/null
+++ b/api/cert/load_ca_bundle.go
@@ -0,0 +1,21 @@
+package cert
+
+import "github.com/openconfig/gnoi/cert"
+
+func NewCertLoadCertificateAuthorityBundleRequest(opts ...CertOption) (*cert.LoadCertificateAuthorityBundleRequest, error) {
+	m := new(cert.LoadCertificateAuthorityBundleRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertLoadCertificateAuthorityBundleResponse(opts ...CertOption) (*cert.LoadCertificateAuthorityBundleResponse, error) {
+	m := new(cert.LoadCertificateAuthorityBundleResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
diff --git a/api/cert/options.go b/api/cert/options.go
index 3d75db9..373d7b2 100644
--- a/api/cert/options.go
+++ b/api/cert/options.go
@@ -29,205 +29,352 @@ func apply(m proto.Message, opts ...CertOption) error {
 	return nil
 }
 
-func NewCertCanGenerateCSRRequest(opts ...CertOption) (*cert.CanGenerateCSRRequest, error) {
-	m := new(cert.CanGenerateCSRRequest)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func CertificateType(ct string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		ctv, ok := cert.CertificateType_value[strings.ToUpper(ct)]
+		if !ok {
+			return ErrInvalidValue
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CanGenerateCSRRequest:
+			msg.CertificateType = cert.CertificateType(ctv)
+		case *cert.Certificate:
+			msg.Type = cert.CertificateType(ctv)
+		case *cert.CSR:
+			msg.Type = cert.CertificateType(ctv)
+		case *cert.CSRParams:
+			msg.Type = cert.CertificateType(ctv)
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertCanGenerateCSRResponse(opts ...CertOption) (*cert.CanGenerateCSRResponse, error) {
-	m := new(cert.CanGenerateCSRResponse)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func CertificateInfo(opts ...CertOption) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.GetCertificatesResponse:
+			m := new(cert.CertificateInfo)
+			err := apply(m, opts...)
+			if err != nil {
+				return err
+			}
+			if len(msg.CertificateInfo) == 0 {
+				msg.CertificateInfo = make([]*cert.CertificateInfo, 0, 1)
+			}
+			msg.CertificateInfo = append(msg.CertificateInfo, m)
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertInstallRequest(opts ...CertOption) (*cert.InstallCertificateRequest, error) {
-	m := new(cert.InstallCertificateRequest)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func Certificate(opts ...CertOption) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.LoadCertificateRequest:
+			m := new(cert.Certificate)
+			err := apply(m, opts...)
+			if err != nil {
+				return err
+			}
+			msg.Certificate = m
+		case *cert.CertificateInfo:
+			m := new(cert.Certificate)
+			err := apply(m, opts...)
+			if err != nil {
+				return err
+			}
+			msg.Certificate = m
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertInstallResponse(opts ...CertOption) (*cert.InstallCertificateResponse, error) {
-	m := new(cert.InstallCertificateResponse)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func CertificateID(id string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.GenerateCSRRequest:
+			msg.CertificateId = id
+		case *cert.LoadCertificateRequest:
+			msg.CertificateId = id
+		case *cert.CertificateInfo:
+			msg.CertificateId = id
+		case *cert.RevokeCertificatesRequest:
+			if msg.CertificateId == nil {
+				msg.CertificateId = make([]string, 0, 1)
+			}
+			msg.CertificateId = append(msg.CertificateId, id)
+		case *cert.RevokeCertificatesResponse:
+			if msg.RevokedCertificateId == nil {
+				msg.RevokedCertificateId = make([]string, 0, 1)
+			}
+			msg.RevokedCertificateId = append(msg.RevokedCertificateId, id)
+		case *cert.CertificateRevocationError:
+			msg.CertificateId = id
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertRotateRequest(opts ...CertOption) (*cert.RotateCertificateRequest, error) {
-	m := new(cert.RotateCertificateRequest)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func CaCertificate(opts ...CertOption) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.LoadCertificateRequest:
+			m := new(cert.Certificate)
+			err := apply(m, opts...)
+			if err != nil {
+				return err
+			}
+			if len(msg.CaCertificates) == 0 {
+				msg.CaCertificates = make([]*cert.Certificate, 0, 1)
+			}
+			msg.CaCertificates = append(msg.CaCertificates, m)
+		case *cert.LoadCertificateAuthorityBundleRequest:
+			m := new(cert.Certificate)
+			err := apply(m, opts...)
+			if err != nil {
+				return err
+			}
+			if len(msg.CaCertificates) == 0 {
+				msg.CaCertificates = make([]*cert.Certificate, 0)
+			}
+			msg.CaCertificates = append(msg.CaCertificates, m)
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertRotateResponse(opts ...CertOption) (*cert.RotateCertificateResponse, error) {
-	m := new(cert.RotateCertificateResponse)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func ErrorMsg(s string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CertificateRevocationError:
+			msg.ErrorMessage = s
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertGenerateCSRRequest(opts ...CertOption) (*cert.GenerateCSRRequest, error) {
-	m := new(cert.GenerateCSRRequest)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func CSRParams(opts ...CertOption) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.GenerateCSRRequest:
+			m := new(cert.CSRParams)
+			err := apply(m, opts...)
+			if err != nil {
+				return err
+			}
+			msg.CsrParams = m
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertGenerateCSRResponse(opts ...CertOption) (*cert.GenerateCSRResponse, error) {
-	m := new(cert.GenerateCSRResponse)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func CSR(opts ...CertOption) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.GenerateCSRResponse:
+			m := new(cert.CSR)
+			err := apply(m, opts...)
+			if err != nil {
+				return err
+			}
+			msg.Csr = m
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertLoadCertificateRequest(opts ...CertOption) (*cert.LoadCertificateRequest, error) {
-	m := new(cert.LoadCertificateRequest)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func KeySize(ks uint32) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CanGenerateCSRRequest:
+			msg.KeySize = ks
+		case *cert.CSRParams:
+			msg.MinKeySize = ks
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertLoadCertificateResponse(opts ...CertOption) (*cert.LoadCertificateResponse, error) {
-	m := new(cert.LoadCertificateResponse)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return m, nil
+func MinKeySize(ks uint32) func(msg proto.Message) error {
+	return KeySize(ks)
 }
 
-func NewCertLoadCertificateAuthorityBundleRequest(opts ...CertOption) (*cert.LoadCertificateAuthorityBundleRequest, error) {
-	m := new(cert.LoadCertificateAuthorityBundleRequest)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func KeyType(kt string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CanGenerateCSRRequest:
+			ktv, ok := cert.KeyType_value[strings.ToUpper(kt)]
+			if !ok {
+				return ErrInvalidValue
+			}
+			msg.KeyType = cert.KeyType(ktv)
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertLoadCertificateAuthorityBundleResponse(opts ...CertOption) (*cert.LoadCertificateAuthorityBundleResponse, error) {
-	m := new(cert.LoadCertificateAuthorityBundleResponse)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func CommonName(cn string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CSRParams:
+			msg.CommonName = cn
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertGetCertificatesRequest(opts ...CertOption) (*cert.GetCertificatesRequest, error) {
-	m := new(cert.GetCertificatesRequest)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func Country(c string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CSRParams:
+			msg.Country = c
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertGetCertificatesResponse(opts ...CertOption) (*cert.GetCertificatesResponse, error) {
-	m := new(cert.GetCertificatesResponse)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func State(s string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CSRParams:
+			msg.State = s
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertRevokeCertificatesRequest(opts ...CertOption) (*cert.RevokeCertificatesRequest, error) {
-	m := new(cert.RevokeCertificatesRequest)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func City(s string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CSRParams:
+			msg.City = s
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func NewCertRevokeCertificatesResponse(opts ...CertOption) (*cert.RevokeCertificatesResponse, error) {
-	m := new(cert.RevokeCertificatesResponse)
-	err := apply(m, opts...)
-	if err != nil {
-		return nil, err
+func Org(s string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CSRParams:
+			msg.Organization = s
+		}
+		return nil
 	}
-	return m, nil
 }
 
-func KeyType(kt string) func(msg proto.Message) error {
+func OrgUnit(s string) func(msg proto.Message) error {
 	return func(msg proto.Message) error {
 		if msg == nil {
 			return ErrInvalidMsgType
 		}
 		switch msg := msg.ProtoReflect().Interface().(type) {
-		case *cert.CanGenerateCSRRequest:
-			ktv, ok := cert.KeyType_value[strings.ToUpper(kt)]
-			if !ok {
-				return ErrInvalidValue
-			}
-			msg.KeyType = cert.KeyType(ktv)
+		case *cert.CSRParams:
+			msg.OrganizationalUnit = s
 		}
 		return nil
 	}
 }
 
-func CertificateType(ct string) func(msg proto.Message) error {
+func IPAddress(ipAddr string) func(msg proto.Message) error {
 	return func(msg proto.Message) error {
 		if msg == nil {
 			return ErrInvalidMsgType
 		}
-		ctv, ok := cert.CertificateType_value[strings.ToUpper(ct)]
-		if !ok {
-			return ErrInvalidValue
-		}
 		switch msg := msg.ProtoReflect().Interface().(type) {
-		case *cert.CanGenerateCSRRequest:
-			msg.CertificateType = cert.CertificateType(ctv)
-		case *cert.Certificate:
-			msg.Type = cert.CertificateType(ctv)
-		case *cert.CSR:
-			msg.Type = cert.CertificateType(ctv)
 		case *cert.CSRParams:
-			msg.Type = cert.CertificateType(ctv)
+			msg.IpAddress = ipAddr
 		}
 		return nil
 	}
 }
 
-func KeySize(ks uint32) func(msg proto.Message) error {
+func EmailID(s string) func(msg proto.Message) error {
 	return func(msg proto.Message) error {
 		if msg == nil {
 			return ErrInvalidMsgType
 		}
 		switch msg := msg.ProtoReflect().Interface().(type) {
-		case *cert.CanGenerateCSRRequest:
-			msg.KeySize = ks
 		case *cert.CSRParams:
-			msg.MinKeySize = ks
+			msg.EmailId = s
 		}
 		return nil
 	}
 }
 
-func MinKeySize(ks uint32) func(msg proto.Message) error {
-	return KeySize(ks)
+func Endpoint(typ cert.Endpoint_Type, endp string) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CertificateInfo:
+			if msg.Endpoints == nil {
+				msg.Endpoints = make([]*cert.Endpoint, 0, 1)
+			}
+			msg.Endpoints = append(msg.Endpoints, &cert.Endpoint{
+				Type:     typ,
+				Endpoint: endp,
+			})
+		}
+		return nil
+	}
+}
+
+func ModificationTime(mt int64) func(msg proto.Message) error {
+	return func(msg proto.Message) error {
+		if msg == nil {
+			return ErrInvalidMsgType
+		}
+		switch msg := msg.ProtoReflect().Interface().(type) {
+		case *cert.CertificateInfo:
+			msg.ModificationTime = mt
+		}
+		return nil
+	}
 }
diff --git a/api/cert/revoke.go b/api/cert/revoke.go
new file mode 100644
index 0000000..e5d2b44
--- /dev/null
+++ b/api/cert/revoke.go
@@ -0,0 +1,21 @@
+package cert
+
+import "github.com/openconfig/gnoi/cert"
+
+func NewCertRevokeCertificatesRequest(opts ...CertOption) (*cert.RevokeCertificatesRequest, error) {
+	m := new(cert.RevokeCertificatesRequest)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func NewCertRevokeCertificatesResponse(opts ...CertOption) (*cert.RevokeCertificatesResponse, error) {
+	m := new(cert.RevokeCertificatesResponse)
+	err := apply(m, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return m, nil
+}
diff --git a/api/cert/rotate.go b/api/cert/rotate.go
new file mode 100644
index 0000000..40b230f
--- /dev/null
+++ b/api/cert/rotate.go
@@ -0,0 +1,59 @@
+package cert
+
+import "github.com/openconfig/gnoi/cert"
+
+func NewCertRotateGenerateCSRRequest(opts ...CertOption) (*cert.RotateCertificateRequest, error) {
+	m, err := NewCertGenerateCSRRequest(opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &cert.RotateCertificateRequest{
+		RotateRequest: &cert.RotateCertificateRequest_GenerateCsr{
+			GenerateCsr: m,
+		},
+	}, nil
+}
+
+func NewCertRotateLoadCertificateRequest(opts ...CertOption) (*cert.RotateCertificateRequest, error) {
+	m, err := NewCertLoadCertificateRequest(opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &cert.RotateCertificateRequest{
+		RotateRequest: &cert.RotateCertificateRequest_LoadCertificate{
+			LoadCertificate: m,
+		},
+	}, nil
+}
+
+func NewCertRotateFinalizeRequest(opts ...CertOption) (*cert.RotateCertificateRequest, error) {
+	return &cert.RotateCertificateRequest{
+		RotateRequest: &cert.RotateCertificateRequest_FinalizeRotation{
+			FinalizeRotation: &cert.FinalizeRequest{},
+		},
+	}, nil
+}
+
+func NewCertRotateGenerateCSRResponse(opts ...CertOption) (*cert.RotateCertificateResponse, error) {
+	m, err := NewCertGenerateCSRResponse(opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &cert.RotateCertificateResponse{
+		RotateResponse: &cert.RotateCertificateResponse_GeneratedCsr{
+			GeneratedCsr: m,
+		},
+	}, nil
+}
+
+func NewCertRotateLoadCertificateResponse(opts ...CertOption) (*cert.RotateCertificateResponse, error) {
+	m, err := NewCertLoadCertificateResponse(opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &cert.RotateCertificateResponse{
+		RotateResponse: &cert.RotateCertificateResponse_LoadCertificate{
+			LoadCertificate: m,
+		},
+	}, nil
+}