keyserverconfig.pb.go

// Code generated by protoc-gen-gogo.
// source: keyserverconfig.proto
// DO NOT EDIT!

package proto

import proto1 "github.com/andres-erbsen/protobuf/proto"
import fmt "fmt"
import math "math"

// discarding unused import gogoproto "gogoproto"

import bytes "bytes"

import strings "strings"
import github_com_andres_erbsen_protobuf_proto "github.com/andres-erbsen/protobuf/proto"
import sort "sort"
import strconv "strconv"
import reflect "reflect"

import io "io"

// Reference imports to suppress errors if they are not otherwise used.
var _ = proto1.Marshal
var _ = fmt.Errorf
var _ = math.Inf

// ReplicaConfig contains the local configuration of a single replica of a
// keyserver. It is valid to have just one replica, but a larger odd number is
// desirable for availability.
type ReplicaConfig struct {
	KeyserverConfig `protobuf:"bytes,1,opt,name=keyserver_config,embedded=keyserver_config" json:"keyserver_config"`
	// ReplicaID is a globally unique identifier. See Replica.ID.
	ReplicaID uint64 `protobuf:"varint,2,opt,name=replica_id,proto3" json:"replica_id,omitempty"`
	// SigningKeyID specifies the signing key by reference. The mechanism of
	// loading keys depends on the deployment scenario; by default, the key
	// identifier is a path to a file containing the key.
	SigningKeyID string    `protobuf:"bytes,3,opt,name=signing_key_id,proto3" json:"signing_key_id,omitempty"`
	PublicAddr   string    `protobuf:"bytes,4,opt,name=public_addr,proto3" json:"public_addr,omitempty"`
	PublicTLS    TLSConfig `protobuf:"bytes,5,opt,name=public_tls" json:"public_tls"`
	VerifierAddr string    `protobuf:"bytes,6,opt,name=verifier_addr,proto3" json:"verifier_addr,omitempty"`
	VerifierTLS  TLSConfig `protobuf:"bytes,7,opt,name=verifier_tls" json:"verifier_tls"`
	HKPAddr      string    `protobuf:"bytes,8,opt,name=hkp_addr,proto3" json:"hkp_addr,omitempty"`
	HKPTLS       TLSConfig `protobuf:"bytes,9,opt,name=hkp_tls" json:"hkp_tls"`
	RaftAddr     string    `protobuf:"bytes,10,opt,name=raft_addr,proto3" json:"raft_addr,omitempty"`
	RaftTLS      TLSConfig `protobuf:"bytes,11,opt,name=raft_tls" json:"raft_tls"`
	// LevelDBPath specifies the directory in which the databse is stored.
	// Nothing else should use this directory.
	LevelDBPath string `protobuf:"bytes,14,opt,name=leveldb_path,proto3" json:"leveldb_path,omitempty"`
	// RaftHeartbeat specifies the interval between successive heartbeat
	// messages sent by the replicated state machine controller. Lowering the
	// heartbeat interval generates more network traffic; increasing the
	// interval increases the time it takes to detect a failed replica and
	// perform an automated failover.
	RaftHeartbeat Duration `protobuf:"bytes,15,opt,name=raft_heartbeat" json:"raft_heartbeat"`
	// LaggingVerifierScan specifies the maximum number of epochs by which a
	// verifier can be lagging us for us to still serve its signature to
	// clients. Finding the verifier signatures is currently implemented using a
	// linear scan backwards from the current epoch, so setting a very high
	// value can open up cause significant amounts of database reads on the
	// server. A fancy index-based scan would be possible, but there is no
	// clear need for it -- the epochs far in the past will probably have
	// expired anyway. The zero value means no limit, but it should be used for
	// testing only. The recommended value is 1000.
	LaggingVerifierScan uint64 `protobuf:"varint,16,opt,name=lagging_verifier_scan,proto3" json:"lagging_verifier_scan,omitempty"`
	// ClientTimeout specifies the maximum amount of time the server is willing
	// to allow from the start of a client request to until it is handled. The
	// zero value means no limit.
	ClientTimeout Duration `protobuf:"bytes,17,opt,name=client_timeout" json:"client_timeout"`
}

func (m *ReplicaConfig) Reset()      { *m = ReplicaConfig{} }
func (*ReplicaConfig) ProtoMessage() {}

func (m *ReplicaConfig) GetPublicTLS() TLSConfig {
	if m != nil {
		return m.PublicTLS
	}
	return TLSConfig{}
}

func (m *ReplicaConfig) GetVerifierTLS() TLSConfig {
	if m != nil {
		return m.VerifierTLS
	}
	return TLSConfig{}
}

func (m *ReplicaConfig) GetHKPTLS() TLSConfig {
	if m != nil {
		return m.HKPTLS
	}
	return TLSConfig{}
}

func (m *ReplicaConfig) GetRaftTLS() TLSConfig {
	if m != nil {
		return m.RaftTLS
	}
	return TLSConfig{}
}

func (m *ReplicaConfig) GetRaftHeartbeat() Duration {
	if m != nil {
		return m.RaftHeartbeat
	}
	return Duration{}
}

func (m *ReplicaConfig) GetClientTimeout() Duration {
	if m != nil {
		return m.ClientTimeout
	}
	return Duration{}
}

// KeyserverConfig describes the keyserver-wide configuration. All replicas
// MUST use the same KeyserverConfig.
type KeyserverConfig struct {
	// ServerID is deprecated and should not be used. TODO: remove.  Signatures
	// should be tagged with ReplicaIDs, and the realm can be used to refer to
	// the keyserver as a whole.
	ServerID uint64 `protobuf:"varint,1,opt,name=server_id,proto3" json:"server_id,omitempty"`
	// Realm specifies the general set of users whose keys this keyserver
	// manages. If the user identifiers are email addresses, the realm should
	// match the domain name in the email address.
	Realm string `protobuf:"bytes,2,opt,name=realm,proto3" json:"realm,omitempty"`
	// SigningKeyID specifies the key for the verifiable random function by
	// reference. The mechanism of loading keys depends on the deployment
	// scenario; by default, the key identifier is a path to a file containing
	// the key.
	VRFKeyID string `protobuf:"bytes,3,opt,name=vrf_key_id,proto3" json:"vrf_key_id,omitempty"`
	// MinEpochInterval specifies the time for which the keyserver stops
	// proposing new epochs once an epoch has been committed. The zero value
	// means no delay. After MinEpochInterval since the last epoch, the
	// keyserver will propose a new epoch as soon as an update has been
	// committed.
	MinEpochInterval Duration `protobuf:"bytes,4,opt,name=min_epoch_interval" json:"min_epoch_interval"`
	// MaxEpochInterval specifies the time after which the keyserver will
	// propose a new epoch even if there have been no updates since the last
	// epoch. Vouching for the lack of updates is important to ensure the users
	// that none of the served keys have been revoked. This value is a trigger,
	// NOT a deadline; there is no guarantee that consecutive epochs will be at
	// most MaxEpochInterval apart. The actual time between by epochs is
	// MaxEpochInterval plus however long it takes to commit and sign a new
	// epoch.
	MaxEpochInterval Duration `protobuf:"bytes,5,opt,name=max_epoch_interval" json:"max_epoch_interval"`
	// ProposalRetryInterval specifies the time after an unsuccessful proposal
	// after which the proposal will be retried. A lower value will generate
	// more redundant network traffic while a higher value will improve
	// responsiveness in presence of network or node failures (bounded below by
	// the raft failover time).
	ProposalRetryInterval Duration `protobuf:"bytes,6,opt,name=proposal_retry_interval" json:"proposal_retry_interval"`
	// InitialReplicas contains the cluster configuration at the beginning of
	// time. It MUST NOT be modified ever after, and it MUST be the same for
	// all replicas. Use AddReplica and RemoveReplica to change the current
	// cluster configuration.
	InitialReplicas []*Replica `protobuf:"bytes,7,rep,name=initial_replicas" json:"initial_replicas,omitempty"`
	// EmailProofToAddr (DEPRECATED) specifies the additional allowed to
	// address in email proofs. By default, only proofs sent to the user being
	// registered all accepted. This option can be used to allow proofs emailed
	// directly to the keyserver to be accepted (but the keyserver does NOT
	// implement a SMTP interface right now).
	EmailProofToAddr string `protobuf:"bytes,8,opt,name=email_proof_to_addr,proto3" json:"email_proof_to_addr,omitempty"`
	// EmailProofSubjectPrefix (DEPRECATED) is used for DKIM-based email
	// address registration.  The proof challenge is sent in the subject line,
	// with an optional string preceding it. For example, if
	// EmailProofSubjectPrefix = "account verification: ", then the proof email
	// needs to have a subject line "account verification: abcd" for verify
	// challenge abcd.
	EmailProofSubjectPrefix string `protobuf:"bytes,9,opt,name=email_proof_subject_prefix,proto3" json:"email_proof_subject_prefix,omitempty"`
	// EmailProofAllowedDomains (DEPRECATED) specifies the domains for which
	// this keyserver accepts email address registrations.
	EmailProofAllowedDomains []string `protobuf:"bytes,10,rep,name=email_proof_allowed_domains" json:"email_proof_allowed_domains,omitempty"`
	// Types that are valid to be assigned to RegistrationPolicy:
	//	*KeyserverConfig_InsecureSkipEmailProof
	//	*KeyserverConfig_EmailProofByDkim
	//	*KeyserverConfig_EmailProofByClientCert
	RegistrationPolicy isKeyserverConfig_RegistrationPolicy `protobuf_oneof:"registration_policy"`
}

func (m *KeyserverConfig) Reset()      { *m = KeyserverConfig{} }
func (*KeyserverConfig) ProtoMessage() {}

type isKeyserverConfig_RegistrationPolicy interface {
	isKeyserverConfig_RegistrationPolicy()
	Equal(interface{}) bool
	VerboseEqual(interface{}) error
	MarshalTo([]byte) (int, error)
	Size() int
}

type KeyserverConfig_InsecureSkipEmailProof struct {
	InsecureSkipEmailProof bool `protobuf:"varint,11,opt,name=insecure_skip_email_proof,proto3,oneof"`
}
type KeyserverConfig_EmailProofByDkim struct {
	EmailProofByDkim *EmailProofByDKIM `protobuf:"bytes,12,opt,name=email_proof_by_dkim,oneof"`
}
type KeyserverConfig_EmailProofByClientCert struct {
	EmailProofByClientCert *EmailProofByClientCert `protobuf:"bytes,13,opt,name=email_proof_by_client_cert,oneof"`
}

func (*KeyserverConfig_InsecureSkipEmailProof) isKeyserverConfig_RegistrationPolicy() {}
func (*KeyserverConfig_EmailProofByDkim) isKeyserverConfig_RegistrationPolicy()       {}
func (*KeyserverConfig_EmailProofByClientCert) isKeyserverConfig_RegistrationPolicy() {}

func (m *KeyserverConfig) GetRegistrationPolicy() isKeyserverConfig_RegistrationPolicy {
	if m != nil {
		return m.RegistrationPolicy
	}
	return nil
}

func (m *KeyserverConfig) GetMinEpochInterval() Duration {
	if m != nil {
		return m.MinEpochInterval
	}
	return Duration{}
}

func (m *KeyserverConfig) GetMaxEpochInterval() Duration {
	if m != nil {
		return m.MaxEpochInterval
	}
	return Duration{}
}

func (m *KeyserverConfig) GetProposalRetryInterval() Duration {
	if m != nil {
		return m.ProposalRetryInterval
	}
	return Duration{}
}

func (m *KeyserverConfig) GetInitialReplicas() []*Replica {
	if m != nil {
		return m.InitialReplicas
	}
	return nil
}

func (m *KeyserverConfig) GetInsecureSkipEmailProof() bool {
	if x, ok := m.GetRegistrationPolicy().(*KeyserverConfig_InsecureSkipEmailProof); ok {
		return x.InsecureSkipEmailProof
	}
	return false
}

func (m *KeyserverConfig) GetEmailProofByDkim() *EmailProofByDKIM {
	if x, ok := m.GetRegistrationPolicy().(*KeyserverConfig_EmailProofByDkim); ok {
		return x.EmailProofByDkim
	}
	return nil
}

func (m *KeyserverConfig) GetEmailProofByClientCert() *EmailProofByClientCert {
	if x, ok := m.GetRegistrationPolicy().(*KeyserverConfig_EmailProofByClientCert); ok {
		return x.EmailProofByClientCert
	}
	return nil
}

// XXX_OneofFuncs is for the internal use of the proto package.
func (*KeyserverConfig) XXX_OneofFuncs() (func(msg proto1.Message, b *proto1.Buffer) error, func(msg proto1.Message, tag, wire int, b *proto1.Buffer) (bool, error), []interface{}) {
	return _KeyserverConfig_OneofMarshaler, _KeyserverConfig_OneofUnmarshaler, []interface{}{
		(*KeyserverConfig_InsecureSkipEmailProof)(nil),
		(*KeyserverConfig_EmailProofByDkim)(nil),
		(*KeyserverConfig_EmailProofByClientCert)(nil),
	}
}

func _KeyserverConfig_OneofMarshaler(msg proto1.Message, b *proto1.Buffer) error {
	m := msg.(*KeyserverConfig)
	// registration_policy
	switch x := m.RegistrationPolicy.(type) {
	case *KeyserverConfig_InsecureSkipEmailProof:
		t := uint64(0)
		if x.InsecureSkipEmailProof {
			t = 1
		}
		_ = b.EncodeVarint(11<<3 | proto1.WireVarint)
		_ = b.EncodeVarint(t)
	case *KeyserverConfig_EmailProofByDkim:
		_ = b.EncodeVarint(12<<3 | proto1.WireBytes)
		if err := b.EncodeMessage(x.EmailProofByDkim); err != nil {
			return err
		}
	case *KeyserverConfig_EmailProofByClientCert:
		_ = b.EncodeVarint(13<<3 | proto1.WireBytes)
		if err := b.EncodeMessage(x.EmailProofByClientCert); err != nil {
			return err
		}
	case nil:
	default:
		return fmt.Errorf("KeyserverConfig.RegistrationPolicy has unexpected type %T", x)
	}
	return nil
}

func _KeyserverConfig_OneofUnmarshaler(msg proto1.Message, tag, wire int, b *proto1.Buffer) (bool, error) {
	m := msg.(*KeyserverConfig)
	switch tag {
	case 11: // registration_policy.insecure_skip_email_proof
		if wire != proto1.WireVarint {
			return true, proto1.ErrInternalBadWireType
		}
		x, err := b.DecodeVarint()
		m.RegistrationPolicy = &KeyserverConfig_InsecureSkipEmailProof{x != 0}
		return true, err
	case 12: // registration_policy.email_proof_by_dkim
		if wire != proto1.WireBytes {
			return true, proto1.ErrInternalBadWireType
		}
		msg := new(EmailProofByDKIM)
		err := b.DecodeMessage(msg)
		m.RegistrationPolicy = &KeyserverConfig_EmailProofByDkim{msg}
		return true, err
	case 13: // registration_policy.email_proof_by_client_cert
		if wire != proto1.WireBytes {
			return true, proto1.ErrInternalBadWireType
		}
		msg := new(EmailProofByClientCert)
		err := b.DecodeMessage(msg)
		m.RegistrationPolicy = &KeyserverConfig_EmailProofByClientCert{msg}
		return true, err
	default:
		return false, nil
	}
}

type EmailProofByDKIM struct {
	// AllowedDomains specifies the domains for which this keyserver accepts
	// email address registrations.
	AllowedDomains []string `protobuf:"bytes,1,rep,name=allowed_domains" json:"allowed_domains,omitempty"`
	// ToAddr specifies the additional allowed to address in email proofs. By
	// default, only proofs sent to the user being registered all accepted.
	// This option can be used to allow proofs emailed directly to the
	// keyserver to be accepted (but the keyserver does NOT implement a SMTP
	// interface right now).
	ToAddr string `protobuf:"bytes,2,opt,name=to_addr,proto3" json:"to_addr,omitempty"`
	// SubjectPrefix is used for DKIM-based email address registration.  The
	// proof challenge is sent in the subject line, with an optional string
	// preceding it. For example, if EmailProofSubjectPrefix = "account
	// verification: ", then the proof email needs to have a subject line
	// "account verification: abcd" for verify challenge abcd.
	SubjectPrefix string `protobuf:"bytes,3,opt,name=subject_prefix,proto3" json:"subject_prefix,omitempty"`
}

func (m *EmailProofByDKIM) Reset()      { *m = EmailProofByDKIM{} }
func (*EmailProofByDKIM) ProtoMessage() {}

// EmailProofByClientCert accepts a certificate signed by an authority trusted
// with handling registration as sufficient confirmation of ownership of an
// email address. The emailAddress value in the certificate's DistinguishedName
// field is allowed to be regeistered by the holder of the key specified in the
// certificate.
type EmailProofByClientCert struct {
	// AllowedDomains specifies the domains for which this keyserver accepts
	// email address registrations.
	AllowedDomains []string `protobuf:"bytes,1,rep,name=allowed_domains" json:"allowed_domains,omitempty"`
	// CaCert contains the trusted certificate authority certificate in DER format.
	CaCert []byte `protobuf:"bytes,2,opt,name=ca_cert,proto3" json:"ca_cert,omitempty"`
}

func (m *EmailProofByClientCert) Reset()      { *m = EmailProofByClientCert{} }
func (*EmailProofByClientCert) ProtoMessage() {}

type Replica struct {
	// Id is used to distinguish between nodes during consistent replication.
	// All node ID-s MUST be unique, MUST NOT be reused (e.g., using IP-s or
	// hostnames is probably a bad idea) and SHOULD be set to the ID of the
	// first public key by convention.
	ID uint64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
	// PublicKeys lists the public keys of a node, to be joined using a
	// 1-out-of-n policy. The order of this list is NOT preserved.
	PublicKeys []*PublicKey `protobuf:"bytes,2,rep,name=public_keys" json:"public_keys,omitempty"`
	// RaftAddr is the Raft network address of the node, such that
	// net.Dial("tcp", Addr) reaches the node. Supported formats include
	// host.domain:port and ip:port.
	RaftAddr string `protobuf:"bytes,3,opt,name=raft_addr,proto3" json:"raft_addr,omitempty"`
}

func (m *Replica) Reset()      { *m = Replica{} }
func (*Replica) ProtoMessage() {}

func (m *Replica) GetPublicKeys() []*PublicKey {
	if m != nil {
		return m.PublicKeys
	}
	return nil
}

func (this *ReplicaConfig) VerboseEqual(that interface{}) error {
	if that == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that == nil && this != nil")
	}

	that1, ok := that.(*ReplicaConfig)
	if !ok {
		return fmt.Errorf("that is not of type *ReplicaConfig")
	}
	if that1 == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that is type *ReplicaConfig but is nil && this != nil")
	} else if this == nil {
		return fmt.Errorf("that is type *ReplicaConfigbut is not nil && this == nil")
	}
	if !this.KeyserverConfig.Equal(&that1.KeyserverConfig) {
		return fmt.Errorf("KeyserverConfig this(%v) Not Equal that(%v)", this.KeyserverConfig, that1.KeyserverConfig)
	}
	if this.ReplicaID != that1.ReplicaID {
		return fmt.Errorf("ReplicaID this(%v) Not Equal that(%v)", this.ReplicaID, that1.ReplicaID)
	}
	if this.SigningKeyID != that1.SigningKeyID {
		return fmt.Errorf("SigningKeyID this(%v) Not Equal that(%v)", this.SigningKeyID, that1.SigningKeyID)
	}
	if this.PublicAddr != that1.PublicAddr {
		return fmt.Errorf("PublicAddr this(%v) Not Equal that(%v)", this.PublicAddr, that1.PublicAddr)
	}
	if !this.PublicTLS.Equal(&that1.PublicTLS) {
		return fmt.Errorf("PublicTLS this(%v) Not Equal that(%v)", this.PublicTLS, that1.PublicTLS)
	}
	if this.VerifierAddr != that1.VerifierAddr {
		return fmt.Errorf("VerifierAddr this(%v) Not Equal that(%v)", this.VerifierAddr, that1.VerifierAddr)
	}
	if !this.VerifierTLS.Equal(&that1.VerifierTLS) {
		return fmt.Errorf("VerifierTLS this(%v) Not Equal that(%v)", this.VerifierTLS, that1.VerifierTLS)
	}
	if this.HKPAddr != that1.HKPAddr {
		return fmt.Errorf("HKPAddr this(%v) Not Equal that(%v)", this.HKPAddr, that1.HKPAddr)
	}
	if !this.HKPTLS.Equal(&that1.HKPTLS) {
		return fmt.Errorf("HKPTLS this(%v) Not Equal that(%v)", this.HKPTLS, that1.HKPTLS)
	}
	if this.RaftAddr != that1.RaftAddr {
		return fmt.Errorf("RaftAddr this(%v) Not Equal that(%v)", this.RaftAddr, that1.RaftAddr)
	}
	if !this.RaftTLS.Equal(&that1.RaftTLS) {
		return fmt.Errorf("RaftTLS this(%v) Not Equal that(%v)", this.RaftTLS, that1.RaftTLS)
	}
	if this.LevelDBPath != that1.LevelDBPath {
		return fmt.Errorf("LevelDBPath this(%v) Not Equal that(%v)", this.LevelDBPath, that1.LevelDBPath)
	}
	if !this.RaftHeartbeat.Equal(&that1.RaftHeartbeat) {
		return fmt.Errorf("RaftHeartbeat this(%v) Not Equal that(%v)", this.RaftHeartbeat, that1.RaftHeartbeat)
	}
	if this.LaggingVerifierScan != that1.LaggingVerifierScan {
		return fmt.Errorf("LaggingVerifierScan this(%v) Not Equal that(%v)", this.LaggingVerifierScan, that1.LaggingVerifierScan)
	}
	if !this.ClientTimeout.Equal(&that1.ClientTimeout) {
		return fmt.Errorf("ClientTimeout this(%v) Not Equal that(%v)", this.ClientTimeout, that1.ClientTimeout)
	}
	return nil
}
func (this *ReplicaConfig) Equal(that interface{}) bool {
	if that == nil {
		if this == nil {
			return true
		}
		return false
	}

	that1, ok := that.(*ReplicaConfig)
	if !ok {
		return false
	}
	if that1 == nil {
		if this == nil {
			return true
		}
		return false
	} else if this == nil {
		return false
	}
	if !this.KeyserverConfig.Equal(&that1.KeyserverConfig) {
		return false
	}
	if this.ReplicaID != that1.ReplicaID {
		return false
	}
	if this.SigningKeyID != that1.SigningKeyID {
		return false
	}
	if this.PublicAddr != that1.PublicAddr {
		return false
	}
	if !this.PublicTLS.Equal(&that1.PublicTLS) {
		return false
	}
	if this.VerifierAddr != that1.VerifierAddr {
		return false
	}
	if !this.VerifierTLS.Equal(&that1.VerifierTLS) {
		return false
	}
	if this.HKPAddr != that1.HKPAddr {
		return false
	}
	if !this.HKPTLS.Equal(&that1.HKPTLS) {
		return false
	}
	if this.RaftAddr != that1.RaftAddr {
		return false
	}
	if !this.RaftTLS.Equal(&that1.RaftTLS) {
		return false
	}
	if this.LevelDBPath != that1.LevelDBPath {
		return false
	}
	if !this.RaftHeartbeat.Equal(&that1.RaftHeartbeat) {
		return false
	}
	if this.LaggingVerifierScan != that1.LaggingVerifierScan {
		return false
	}
	if !this.ClientTimeout.Equal(&that1.ClientTimeout) {
		return false
	}
	return true
}
func (this *KeyserverConfig) VerboseEqual(that interface{}) error {
	if that == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that == nil && this != nil")
	}

	that1, ok := that.(*KeyserverConfig)
	if !ok {
		return fmt.Errorf("that is not of type *KeyserverConfig")
	}
	if that1 == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that is type *KeyserverConfig but is nil && this != nil")
	} else if this == nil {
		return fmt.Errorf("that is type *KeyserverConfigbut is not nil && this == nil")
	}
	if this.ServerID != that1.ServerID {
		return fmt.Errorf("ServerID this(%v) Not Equal that(%v)", this.ServerID, that1.ServerID)
	}
	if this.Realm != that1.Realm {
		return fmt.Errorf("Realm this(%v) Not Equal that(%v)", this.Realm, that1.Realm)
	}
	if this.VRFKeyID != that1.VRFKeyID {
		return fmt.Errorf("VRFKeyID this(%v) Not Equal that(%v)", this.VRFKeyID, that1.VRFKeyID)
	}
	if !this.MinEpochInterval.Equal(&that1.MinEpochInterval) {
		return fmt.Errorf("MinEpochInterval this(%v) Not Equal that(%v)", this.MinEpochInterval, that1.MinEpochInterval)
	}
	if !this.MaxEpochInterval.Equal(&that1.MaxEpochInterval) {
		return fmt.Errorf("MaxEpochInterval this(%v) Not Equal that(%v)", this.MaxEpochInterval, that1.MaxEpochInterval)
	}
	if !this.ProposalRetryInterval.Equal(&that1.ProposalRetryInterval) {
		return fmt.Errorf("ProposalRetryInterval this(%v) Not Equal that(%v)", this.ProposalRetryInterval, that1.ProposalRetryInterval)
	}
	if len(this.InitialReplicas) != len(that1.InitialReplicas) {
		return fmt.Errorf("InitialReplicas this(%v) Not Equal that(%v)", len(this.InitialReplicas), len(that1.InitialReplicas))
	}
	for i := range this.InitialReplicas {
		if !this.InitialReplicas[i].Equal(that1.InitialReplicas[i]) {
			return fmt.Errorf("InitialReplicas this[%v](%v) Not Equal that[%v](%v)", i, this.InitialReplicas[i], i, that1.InitialReplicas[i])
		}
	}
	if this.EmailProofToAddr != that1.EmailProofToAddr {
		return fmt.Errorf("EmailProofToAddr this(%v) Not Equal that(%v)", this.EmailProofToAddr, that1.EmailProofToAddr)
	}
	if this.EmailProofSubjectPrefix != that1.EmailProofSubjectPrefix {
		return fmt.Errorf("EmailProofSubjectPrefix this(%v) Not Equal that(%v)", this.EmailProofSubjectPrefix, that1.EmailProofSubjectPrefix)
	}
	if len(this.EmailProofAllowedDomains) != len(that1.EmailProofAllowedDomains) {
		return fmt.Errorf("EmailProofAllowedDomains this(%v) Not Equal that(%v)", len(this.EmailProofAllowedDomains), len(that1.EmailProofAllowedDomains))
	}
	for i := range this.EmailProofAllowedDomains {
		if this.EmailProofAllowedDomains[i] != that1.EmailProofAllowedDomains[i] {
			return fmt.Errorf("EmailProofAllowedDomains this[%v](%v) Not Equal that[%v](%v)", i, this.EmailProofAllowedDomains[i], i, that1.EmailProofAllowedDomains[i])
		}
	}
	if that1.RegistrationPolicy == nil {
		if this.RegistrationPolicy != nil {
			return fmt.Errorf("this.RegistrationPolicy != nil && that1.RegistrationPolicy == nil")
		}
	} else if this.RegistrationPolicy == nil {
		return fmt.Errorf("this.RegistrationPolicy == nil && that1.RegistrationPolicy != nil")
	} else if err := this.RegistrationPolicy.VerboseEqual(that1.RegistrationPolicy); err != nil {
		return err
	}
	return nil
}
func (this *KeyserverConfig_InsecureSkipEmailProof) VerboseEqual(that interface{}) error {
	if that == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that == nil && this != nil")
	}

	that1, ok := that.(*KeyserverConfig_InsecureSkipEmailProof)
	if !ok {
		return fmt.Errorf("that is not of type *KeyserverConfig_InsecureSkipEmailProof")
	}
	if that1 == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that is type *KeyserverConfig_InsecureSkipEmailProof but is nil && this != nil")
	} else if this == nil {
		return fmt.Errorf("that is type *KeyserverConfig_InsecureSkipEmailProofbut is not nil && this == nil")
	}
	if this.InsecureSkipEmailProof != that1.InsecureSkipEmailProof {
		return fmt.Errorf("InsecureSkipEmailProof this(%v) Not Equal that(%v)", this.InsecureSkipEmailProof, that1.InsecureSkipEmailProof)
	}
	return nil
}
func (this *KeyserverConfig_EmailProofByDkim) VerboseEqual(that interface{}) error {
	if that == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that == nil && this != nil")
	}

	that1, ok := that.(*KeyserverConfig_EmailProofByDkim)
	if !ok {
		return fmt.Errorf("that is not of type *KeyserverConfig_EmailProofByDkim")
	}
	if that1 == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that is type *KeyserverConfig_EmailProofByDkim but is nil && this != nil")
	} else if this == nil {
		return fmt.Errorf("that is type *KeyserverConfig_EmailProofByDkimbut is not nil && this == nil")
	}
	if !this.EmailProofByDkim.Equal(that1.EmailProofByDkim) {
		return fmt.Errorf("EmailProofByDkim this(%v) Not Equal that(%v)", this.EmailProofByDkim, that1.EmailProofByDkim)
	}
	return nil
}
func (this *KeyserverConfig_EmailProofByClientCert) VerboseEqual(that interface{}) error {
	if that == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that == nil && this != nil")
	}

	that1, ok := that.(*KeyserverConfig_EmailProofByClientCert)
	if !ok {
		return fmt.Errorf("that is not of type *KeyserverConfig_EmailProofByClientCert")
	}
	if that1 == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that is type *KeyserverConfig_EmailProofByClientCert but is nil && this != nil")
	} else if this == nil {
		return fmt.Errorf("that is type *KeyserverConfig_EmailProofByClientCertbut is not nil && this == nil")
	}
	if !this.EmailProofByClientCert.Equal(that1.EmailProofByClientCert) {
		return fmt.Errorf("EmailProofByClientCert this(%v) Not Equal that(%v)", this.EmailProofByClientCert, that1.EmailProofByClientCert)
	}
	return nil
}
func (this *KeyserverConfig) Equal(that interface{}) bool {
	if that == nil {
		if this == nil {
			return true
		}
		return false
	}

	that1, ok := that.(*KeyserverConfig)
	if !ok {
		return false
	}
	if that1 == nil {
		if this == nil {
			return true
		}
		return false
	} else if this == nil {
		return false
	}
	if this.ServerID != that1.ServerID {
		return false
	}
	if this.Realm != that1.Realm {
		return false
	}
	if this.VRFKeyID != that1.VRFKeyID {
		return false
	}
	if !this.MinEpochInterval.Equal(&that1.MinEpochInterval) {
		return false
	}
	if !this.MaxEpochInterval.Equal(&that1.MaxEpochInterval) {
		return false
	}
	if !this.ProposalRetryInterval.Equal(&that1.ProposalRetryInterval) {
		return false
	}
	if len(this.InitialReplicas) != len(that1.InitialReplicas) {
		return false
	}
	for i := range this.InitialReplicas {
		if !this.InitialReplicas[i].Equal(that1.InitialReplicas[i]) {
			return false
		}
	}
	if this.EmailProofToAddr != that1.EmailProofToAddr {
		return false
	}
	if this.EmailProofSubjectPrefix != that1.EmailProofSubjectPrefix {
		return false
	}
	if len(this.EmailProofAllowedDomains) != len(that1.EmailProofAllowedDomains) {
		return false
	}
	for i := range this.EmailProofAllowedDomains {
		if this.EmailProofAllowedDomains[i] != that1.EmailProofAllowedDomains[i] {
			return false
		}
	}
	if that1.RegistrationPolicy == nil {
		if this.RegistrationPolicy != nil {
			return false
		}
	} else if this.RegistrationPolicy == nil {
		return false
	} else if !this.RegistrationPolicy.Equal(that1.RegistrationPolicy) {
		return false
	}
	return true
}
func (this *KeyserverConfig_InsecureSkipEmailProof) Equal(that interface{}) bool {
	if that == nil {
		if this == nil {
			return true
		}
		return false
	}

	that1, ok := that.(*KeyserverConfig_InsecureSkipEmailProof)
	if !ok {
		return false
	}
	if that1 == nil {
		if this == nil {
			return true
		}
		return false
	} else if this == nil {
		return false
	}
	if this.InsecureSkipEmailProof != that1.InsecureSkipEmailProof {
		return false
	}
	return true
}
func (this *KeyserverConfig_EmailProofByDkim) Equal(that interface{}) bool {
	if that == nil {
		if this == nil {
			return true
		}
		return false
	}

	that1, ok := that.(*KeyserverConfig_EmailProofByDkim)
	if !ok {
		return false
	}
	if that1 == nil {
		if this == nil {
			return true
		}
		return false
	} else if this == nil {
		return false
	}
	if !this.EmailProofByDkim.Equal(that1.EmailProofByDkim) {
		return false
	}
	return true
}
func (this *KeyserverConfig_EmailProofByClientCert) Equal(that interface{}) bool {
	if that == nil {
		if this == nil {
			return true
		}
		return false
	}

	that1, ok := that.(*KeyserverConfig_EmailProofByClientCert)
	if !ok {
		return false
	}
	if that1 == nil {
		if this == nil {
			return true
		}
		return false
	} else if this == nil {
		return false
	}
	if !this.EmailProofByClientCert.Equal(that1.EmailProofByClientCert) {
		return false
	}
	return true
}
func (this *EmailProofByDKIM) VerboseEqual(that interface{}) error {
	if that == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that == nil && this != nil")
	}

	that1, ok := that.(*EmailProofByDKIM)
	if !ok {
		return fmt.Errorf("that is not of type *EmailProofByDKIM")
	}
	if that1 == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that is type *EmailProofByDKIM but is nil && this != nil")
	} else if this == nil {
		return fmt.Errorf("that is type *EmailProofByDKIMbut is not nil && this == nil")
	}
	if len(this.AllowedDomains) != len(that1.AllowedDomains) {
		return fmt.Errorf("AllowedDomains this(%v) Not Equal that(%v)", len(this.AllowedDomains), len(that1.AllowedDomains))
	}
	for i := range this.AllowedDomains {
		if this.AllowedDomains[i] != that1.AllowedDomains[i] {
			return fmt.Errorf("AllowedDomains this[%v](%v) Not Equal that[%v](%v)", i, this.AllowedDomains[i], i, that1.AllowedDomains[i])
		}
	}
	if this.ToAddr != that1.ToAddr {
		return fmt.Errorf("ToAddr this(%v) Not Equal that(%v)", this.ToAddr, that1.ToAddr)
	}
	if this.SubjectPrefix != that1.SubjectPrefix {
		return fmt.Errorf("SubjectPrefix this(%v) Not Equal that(%v)", this.SubjectPrefix, that1.SubjectPrefix)
	}
	return nil
}
func (this *EmailProofByDKIM) Equal(that interface{}) bool {
	if that == nil {
		if this == nil {
			return true
		}
		return false
	}

	that1, ok := that.(*EmailProofByDKIM)
	if !ok {
		return false
	}
	if that1 == nil {
		if this == nil {
			return true
		}
		return false
	} else if this == nil {
		return false
	}
	if len(this.AllowedDomains) != len(that1.AllowedDomains) {
		return false
	}
	for i := range this.AllowedDomains {
		if this.AllowedDomains[i] != that1.AllowedDomains[i] {
			return false
		}
	}
	if this.ToAddr != that1.ToAddr {
		return false
	}
	if this.SubjectPrefix != that1.SubjectPrefix {
		return false
	}
	return true
}
func (this *EmailProofByClientCert) VerboseEqual(that interface{}) error {
	if that == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that == nil && this != nil")
	}

	that1, ok := that.(*EmailProofByClientCert)
	if !ok {
		return fmt.Errorf("that is not of type *EmailProofByClientCert")
	}
	if that1 == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that is type *EmailProofByClientCert but is nil && this != nil")
	} else if this == nil {
		return fmt.Errorf("that is type *EmailProofByClientCertbut is not nil && this == nil")
	}
	if len(this.AllowedDomains) != len(that1.AllowedDomains) {
		return fmt.Errorf("AllowedDomains this(%v) Not Equal that(%v)", len(this.AllowedDomains), len(that1.AllowedDomains))
	}
	for i := range this.AllowedDomains {
		if this.AllowedDomains[i] != that1.AllowedDomains[i] {
			return fmt.Errorf("AllowedDomains this[%v](%v) Not Equal that[%v](%v)", i, this.AllowedDomains[i], i, that1.AllowedDomains[i])
		}
	}
	if !bytes.Equal(this.CaCert, that1.CaCert) {
		return fmt.Errorf("CaCert this(%v) Not Equal that(%v)", this.CaCert, that1.CaCert)
	}
	return nil
}
func (this *EmailProofByClientCert) Equal(that interface{}) bool {
	if that == nil {
		if this == nil {
			return true
		}
		return false
	}

	that1, ok := that.(*EmailProofByClientCert)
	if !ok {
		return false
	}
	if that1 == nil {
		if this == nil {
			return true
		}
		return false
	} else if this == nil {
		return false
	}
	if len(this.AllowedDomains) != len(that1.AllowedDomains) {
		return false
	}
	for i := range this.AllowedDomains {
		if this.AllowedDomains[i] != that1.AllowedDomains[i] {
			return false
		}
	}
	if !bytes.Equal(this.CaCert, that1.CaCert) {
		return false
	}
	return true
}
func (this *Replica) VerboseEqual(that interface{}) error {
	if that == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that == nil && this != nil")
	}

	that1, ok := that.(*Replica)
	if !ok {
		return fmt.Errorf("that is not of type *Replica")
	}
	if that1 == nil {
		if this == nil {
			return nil
		}
		return fmt.Errorf("that is type *Replica but is nil && this != nil")
	} else if this == nil {
		return fmt.Errorf("that is type *Replicabut is not nil && this == nil")
	}
	if this.ID != that1.ID {
		return fmt.Errorf("ID this(%v) Not Equal that(%v)", this.ID, that1.ID)
	}
	if len(this.PublicKeys) != len(that1.PublicKeys) {
		return fmt.Errorf("PublicKeys this(%v) Not Equal that(%v)", len(this.PublicKeys), len(that1.PublicKeys))
	}
	for i := range this.PublicKeys {
		if !this.PublicKeys[i].Equal(that1.PublicKeys[i]) {
			return fmt.Errorf("PublicKeys this[%v](%v) Not Equal that[%v](%v)", i, this.PublicKeys[i], i, that1.PublicKeys[i])
		}
	}
	if this.RaftAddr != that1.RaftAddr {
		return fmt.Errorf("RaftAddr this(%v) Not Equal that(%v)", this.RaftAddr, that1.RaftAddr)
	}
	return nil
}
func (this *Replica) Equal(that interface{}) bool {
	if that == nil {
		if this == nil {
			return true
		}
		return false
	}

	that1, ok := that.(*Replica)
	if !ok {
		return false
	}
	if that1 == nil {
		if this == nil {
			return true
		}
		return false
	} else if this == nil {
		return false
	}
	if this.ID != that1.ID {
		return false
	}
	if len(this.PublicKeys) != len(that1.PublicKeys) {
		return false
	}
	for i := range this.PublicKeys {
		if !this.PublicKeys[i].Equal(that1.PublicKeys[i]) {
			return false
		}
	}
	if this.RaftAddr != that1.RaftAddr {
		return false
	}
	return true
}
func (this *ReplicaConfig) GoString() string {
	if this == nil {
		return "nil"
	}
	s := make([]string, 0, 19)
	s = append(s, "&proto.ReplicaConfig{")
	s = append(s, "KeyserverConfig: "+strings.Replace(this.KeyserverConfig.GoString(), `&`, ``, 1)+",\n")
	s = append(s, "ReplicaID: "+fmt.Sprintf("%#v", this.ReplicaID)+",\n")
	s = append(s, "SigningKeyID: "+fmt.Sprintf("%#v", this.SigningKeyID)+",\n")
	s = append(s, "PublicAddr: "+fmt.Sprintf("%#v", this.PublicAddr)+",\n")
	s = append(s, "PublicTLS: "+strings.Replace(this.PublicTLS.GoString(), `&`, ``, 1)+",\n")
	s = append(s, "VerifierAddr: "+fmt.Sprintf("%#v", this.VerifierAddr)+",\n")
	s = append(s, "VerifierTLS: "+strings.Replace(this.VerifierTLS.GoString(), `&`, ``, 1)+",\n")
	s = append(s, "HKPAddr: "+fmt.Sprintf("%#v", this.HKPAddr)+",\n")
	s = append(s, "HKPTLS: "+strings.Replace(this.HKPTLS.GoString(), `&`, ``, 1)+",\n")
	s = append(s, "RaftAddr: "+fmt.Sprintf("%#v", this.RaftAddr)+",\n")
	s = append(s, "RaftTLS: "+strings.Replace(this.RaftTLS.GoString(), `&`, ``, 1)+",\n")
	s = append(s, "LevelDBPath: "+fmt.Sprintf("%#v", this.LevelDBPath)+",\n")
	s = append(s, "RaftHeartbeat: "+strings.Replace(this.RaftHeartbeat.GoString(), `&`, ``, 1)+",\n")
	s = append(s, "LaggingVerifierScan: "+fmt.Sprintf("%#v", this.LaggingVerifierScan)+",\n")
	s = append(s, "ClientTimeout: "+strings.Replace(this.ClientTimeout.GoString(), `&`, ``, 1)+",\n")
	s = append(s, "}")
	return strings.Join(s, "")
}
func (this *KeyserverConfig) GoString() string {
	if this == nil {
		return "nil"
	}
	s := make([]string, 0, 17)
	s = append(s, "&proto.KeyserverConfig{")
	s = append(s, "ServerID: "+fmt.Sprintf("%#v", this.ServerID)+",\n")
	s = append(s, "Realm: "+fmt.Sprintf("%#v", this.Realm)+",\n")
	s = append(s, "VRFKeyID: "+fmt.Sprintf("%#v", this.VRFKeyID)+",\n")
	s = append(s, "MinEpochInterval: "+strings.Replace(this.MinEpochInterval.GoString(), `&`, ``, 1)+",\n")
	s = append(s, "MaxEpochInterval: "+strings.Replace(this.MaxEpochInterval.GoString(), `&`, ``, 1)+",\n")
	s = append(s, "ProposalRetryInterval: "+strings.Replace(this.ProposalRetryInterval.GoString(), `&`, ``, 1)+",\n")
	if this.InitialReplicas != nil {
		s = append(s, "InitialReplicas: "+fmt.Sprintf("%#v", this.InitialReplicas)+",\n")
	}
	s = append(s, "EmailProofToAddr: "+fmt.Sprintf("%#v", this.EmailProofToAddr)+",\n")
	s = append(s, "EmailProofSubjectPrefix: "+fmt.Sprintf("%#v", this.EmailProofSubjectPrefix)+",\n")
	s = append(s, "EmailProofAllowedDomains: "+fmt.Sprintf("%#v", this.EmailProofAllowedDomains)+",\n")
	if this.RegistrationPolicy != nil {
		s = append(s, "RegistrationPolicy: "+fmt.Sprintf("%#v", this.RegistrationPolicy)+",\n")
	}
	s = append(s, "}")
	return strings.Join(s, "")
}
func (this *KeyserverConfig_InsecureSkipEmailProof) GoString() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&proto.KeyserverConfig_InsecureSkipEmailProof{` +
		`InsecureSkipEmailProof:` + fmt.Sprintf("%#v", this.InsecureSkipEmailProof) + `}`}, ", ")
	return s
}
func (this *KeyserverConfig_EmailProofByDkim) GoString() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&proto.KeyserverConfig_EmailProofByDkim{` +
		`EmailProofByDkim:` + fmt.Sprintf("%#v", this.EmailProofByDkim) + `}`}, ", ")
	return s
}
func (this *KeyserverConfig_EmailProofByClientCert) GoString() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&proto.KeyserverConfig_EmailProofByClientCert{` +
		`EmailProofByClientCert:` + fmt.Sprintf("%#v", this.EmailProofByClientCert) + `}`}, ", ")
	return s
}
func (this *EmailProofByDKIM) GoString() string {
	if this == nil {
		return "nil"
	}
	s := make([]string, 0, 7)
	s = append(s, "&proto.EmailProofByDKIM{")
	s = append(s, "AllowedDomains: "+fmt.Sprintf("%#v", this.AllowedDomains)+",\n")
	s = append(s, "ToAddr: "+fmt.Sprintf("%#v", this.ToAddr)+",\n")
	s = append(s, "SubjectPrefix: "+fmt.Sprintf("%#v", this.SubjectPrefix)+",\n")
	s = append(s, "}")
	return strings.Join(s, "")
}
func (this *EmailProofByClientCert) GoString() string {
	if this == nil {
		return "nil"
	}
	s := make([]string, 0, 6)
	s = append(s, "&proto.EmailProofByClientCert{")
	s = append(s, "AllowedDomains: "+fmt.Sprintf("%#v", this.AllowedDomains)+",\n")
	s = append(s, "CaCert: "+fmt.Sprintf("%#v", this.CaCert)+",\n")
	s = append(s, "}")
	return strings.Join(s, "")
}
func (this *Replica) GoString() string {
	if this == nil {
		return "nil"
	}
	s := make([]string, 0, 7)
	s = append(s, "&proto.Replica{")
	s = append(s, "ID: "+fmt.Sprintf("%#v", this.ID)+",\n")
	if this.PublicKeys != nil {
		s = append(s, "PublicKeys: "+fmt.Sprintf("%#v", this.PublicKeys)+",\n")
	}
	s = append(s, "RaftAddr: "+fmt.Sprintf("%#v", this.RaftAddr)+",\n")
	s = append(s, "}")
	return strings.Join(s, "")
}
func valueToGoStringKeyserverconfig(v interface{}, typ string) string {
	rv := reflect.ValueOf(v)
	if rv.IsNil() {
		return "nil"
	}
	pv := reflect.Indirect(rv).Interface()
	return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
}
func extensionToGoStringKeyserverconfig(e map[int32]github_com_andres_erbsen_protobuf_proto.Extension) string {
	if e == nil {
		return "nil"
	}
	s := "map[int32]proto.Extension{"
	keys := make([]int, 0, len(e))
	for k := range e {
		keys = append(keys, int(k))
	}
	sort.Ints(keys)
	ss := []string{}
	for _, k := range keys {
		ss = append(ss, strconv.Itoa(k)+": "+e[int32(k)].GoString())
	}
	s += strings.Join(ss, ",") + "}"
	return s
}
func (m *ReplicaConfig) Marshal() (data []byte, err error) {
	size := m.Size()
	data = make([]byte, size)
	n, err := m.MarshalTo(data)
	if err != nil {
		return nil, err
	}
	return data[:n], nil
}

func (m *ReplicaConfig) MarshalTo(data []byte) (int, error) {
	var i int
	_ = i
	var l int
	_ = l
	data[i] = 0xa
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.KeyserverConfig.Size()))
	n1, err := m.KeyserverConfig.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n1
	if m.ReplicaID != 0 {
		data[i] = 0x10
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(m.ReplicaID))
	}
	if len(m.SigningKeyID) > 0 {
		data[i] = 0x1a
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.SigningKeyID)))
		i += copy(data[i:], m.SigningKeyID)
	}
	if len(m.PublicAddr) > 0 {
		data[i] = 0x22
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.PublicAddr)))
		i += copy(data[i:], m.PublicAddr)
	}
	data[i] = 0x2a
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.PublicTLS.Size()))
	n2, err := m.PublicTLS.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n2
	if len(m.VerifierAddr) > 0 {
		data[i] = 0x32
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.VerifierAddr)))
		i += copy(data[i:], m.VerifierAddr)
	}
	data[i] = 0x3a
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.VerifierTLS.Size()))
	n3, err := m.VerifierTLS.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n3
	if len(m.HKPAddr) > 0 {
		data[i] = 0x42
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.HKPAddr)))
		i += copy(data[i:], m.HKPAddr)
	}
	data[i] = 0x4a
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.HKPTLS.Size()))
	n4, err := m.HKPTLS.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n4
	if len(m.RaftAddr) > 0 {
		data[i] = 0x52
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.RaftAddr)))
		i += copy(data[i:], m.RaftAddr)
	}
	data[i] = 0x5a
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.RaftTLS.Size()))
	n5, err := m.RaftTLS.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n5
	if len(m.LevelDBPath) > 0 {
		data[i] = 0x72
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.LevelDBPath)))
		i += copy(data[i:], m.LevelDBPath)
	}
	data[i] = 0x7a
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.RaftHeartbeat.Size()))
	n6, err := m.RaftHeartbeat.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n6
	if m.LaggingVerifierScan != 0 {
		data[i] = 0x80
		i++
		data[i] = 0x1
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(m.LaggingVerifierScan))
	}
	data[i] = 0x8a
	i++
	data[i] = 0x1
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.ClientTimeout.Size()))
	n7, err := m.ClientTimeout.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n7
	return i, nil
}

func (m *KeyserverConfig) Marshal() (data []byte, err error) {
	size := m.Size()
	data = make([]byte, size)
	n, err := m.MarshalTo(data)
	if err != nil {
		return nil, err
	}
	return data[:n], nil
}

func (m *KeyserverConfig) MarshalTo(data []byte) (int, error) {
	var i int
	_ = i
	var l int
	_ = l
	if m.ServerID != 0 {
		data[i] = 0x8
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(m.ServerID))
	}
	if len(m.Realm) > 0 {
		data[i] = 0x12
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.Realm)))
		i += copy(data[i:], m.Realm)
	}
	if len(m.VRFKeyID) > 0 {
		data[i] = 0x1a
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.VRFKeyID)))
		i += copy(data[i:], m.VRFKeyID)
	}
	data[i] = 0x22
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.MinEpochInterval.Size()))
	n8, err := m.MinEpochInterval.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n8
	data[i] = 0x2a
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.MaxEpochInterval.Size()))
	n9, err := m.MaxEpochInterval.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n9
	data[i] = 0x32
	i++
	i = encodeVarintKeyserverconfig(data, i, uint64(m.ProposalRetryInterval.Size()))
	n10, err := m.ProposalRetryInterval.MarshalTo(data[i:])
	if err != nil {
		return 0, err
	}
	i += n10
	if len(m.InitialReplicas) > 0 {
		for _, msg := range m.InitialReplicas {
			data[i] = 0x3a
			i++
			i = encodeVarintKeyserverconfig(data, i, uint64(msg.Size()))
			n, err := msg.MarshalTo(data[i:])
			if err != nil {
				return 0, err
			}
			i += n
		}
	}
	if len(m.EmailProofToAddr) > 0 {
		data[i] = 0x42
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.EmailProofToAddr)))
		i += copy(data[i:], m.EmailProofToAddr)
	}
	if len(m.EmailProofSubjectPrefix) > 0 {
		data[i] = 0x4a
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.EmailProofSubjectPrefix)))
		i += copy(data[i:], m.EmailProofSubjectPrefix)
	}
	if len(m.EmailProofAllowedDomains) > 0 {
		for _, s := range m.EmailProofAllowedDomains {
			data[i] = 0x52
			i++
			l = len(s)
			for l >= 1<<7 {
				data[i] = uint8(uint64(l)&0x7f | 0x80)
				l >>= 7
				i++
			}
			data[i] = uint8(l)
			i++
			i += copy(data[i:], s)
		}
	}
	if m.RegistrationPolicy != nil {
		nn11, err := m.RegistrationPolicy.MarshalTo(data[i:])
		if err != nil {
			return 0, err
		}
		i += nn11
	}
	return i, nil
}

func (m *KeyserverConfig_InsecureSkipEmailProof) MarshalTo(data []byte) (int, error) {
	i := 0
	data[i] = 0x58
	i++
	if m.InsecureSkipEmailProof {
		data[i] = 1
	} else {
		data[i] = 0
	}
	i++
	return i, nil
}
func (m *KeyserverConfig_EmailProofByDkim) MarshalTo(data []byte) (int, error) {
	i := 0
	if m.EmailProofByDkim != nil {
		data[i] = 0x62
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(m.EmailProofByDkim.Size()))
		n12, err := m.EmailProofByDkim.MarshalTo(data[i:])
		if err != nil {
			return 0, err
		}
		i += n12
	}
	return i, nil
}
func (m *KeyserverConfig_EmailProofByClientCert) MarshalTo(data []byte) (int, error) {
	i := 0
	if m.EmailProofByClientCert != nil {
		data[i] = 0x6a
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(m.EmailProofByClientCert.Size()))
		n13, err := m.EmailProofByClientCert.MarshalTo(data[i:])
		if err != nil {
			return 0, err
		}
		i += n13
	}
	return i, nil
}
func (m *EmailProofByDKIM) Marshal() (data []byte, err error) {
	size := m.Size()
	data = make([]byte, size)
	n, err := m.MarshalTo(data)
	if err != nil {
		return nil, err
	}
	return data[:n], nil
}

func (m *EmailProofByDKIM) MarshalTo(data []byte) (int, error) {
	var i int
	_ = i
	var l int
	_ = l
	if len(m.AllowedDomains) > 0 {
		for _, s := range m.AllowedDomains {
			data[i] = 0xa
			i++
			l = len(s)
			for l >= 1<<7 {
				data[i] = uint8(uint64(l)&0x7f | 0x80)
				l >>= 7
				i++
			}
			data[i] = uint8(l)
			i++
			i += copy(data[i:], s)
		}
	}
	if len(m.ToAddr) > 0 {
		data[i] = 0x12
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.ToAddr)))
		i += copy(data[i:], m.ToAddr)
	}
	if len(m.SubjectPrefix) > 0 {
		data[i] = 0x1a
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.SubjectPrefix)))
		i += copy(data[i:], m.SubjectPrefix)
	}
	return i, nil
}

func (m *EmailProofByClientCert) Marshal() (data []byte, err error) {
	size := m.Size()
	data = make([]byte, size)
	n, err := m.MarshalTo(data)
	if err != nil {
		return nil, err
	}
	return data[:n], nil
}

func (m *EmailProofByClientCert) MarshalTo(data []byte) (int, error) {
	var i int
	_ = i
	var l int
	_ = l
	if len(m.AllowedDomains) > 0 {
		for _, s := range m.AllowedDomains {
			data[i] = 0xa
			i++
			l = len(s)
			for l >= 1<<7 {
				data[i] = uint8(uint64(l)&0x7f | 0x80)
				l >>= 7
				i++
			}
			data[i] = uint8(l)
			i++
			i += copy(data[i:], s)
		}
	}
	if m.CaCert != nil {
		if len(m.CaCert) > 0 {
			data[i] = 0x12
			i++
			i = encodeVarintKeyserverconfig(data, i, uint64(len(m.CaCert)))
			i += copy(data[i:], m.CaCert)
		}
	}
	return i, nil
}

func (m *Replica) Marshal() (data []byte, err error) {
	size := m.Size()
	data = make([]byte, size)
	n, err := m.MarshalTo(data)
	if err != nil {
		return nil, err
	}
	return data[:n], nil
}

func (m *Replica) MarshalTo(data []byte) (int, error) {
	var i int
	_ = i
	var l int
	_ = l
	if m.ID != 0 {
		data[i] = 0x8
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(m.ID))
	}
	if len(m.PublicKeys) > 0 {
		for _, msg := range m.PublicKeys {
			data[i] = 0x12
			i++
			i = encodeVarintKeyserverconfig(data, i, uint64(msg.Size()))
			n, err := msg.MarshalTo(data[i:])
			if err != nil {
				return 0, err
			}
			i += n
		}
	}
	if len(m.RaftAddr) > 0 {
		data[i] = 0x1a
		i++
		i = encodeVarintKeyserverconfig(data, i, uint64(len(m.RaftAddr)))
		i += copy(data[i:], m.RaftAddr)
	}
	return i, nil
}

func encodeFixed64Keyserverconfig(data []byte, offset int, v uint64) int {
	data[offset] = uint8(v)
	data[offset+1] = uint8(v >> 8)
	data[offset+2] = uint8(v >> 16)
	data[offset+3] = uint8(v >> 24)
	data[offset+4] = uint8(v >> 32)
	data[offset+5] = uint8(v >> 40)
	data[offset+6] = uint8(v >> 48)
	data[offset+7] = uint8(v >> 56)
	return offset + 8
}
func encodeFixed32Keyserverconfig(data []byte, offset int, v uint32) int {
	data[offset] = uint8(v)
	data[offset+1] = uint8(v >> 8)
	data[offset+2] = uint8(v >> 16)
	data[offset+3] = uint8(v >> 24)
	return offset + 4
}
func encodeVarintKeyserverconfig(data []byte, offset int, v uint64) int {
	for v >= 1<<7 {
		data[offset] = uint8(v&0x7f | 0x80)
		v >>= 7
		offset++
	}
	data[offset] = uint8(v)
	return offset + 1
}
func NewPopulatedReplicaConfig(r randyKeyserverconfig, easy bool) *ReplicaConfig {
	this := &ReplicaConfig{}
	v1 := NewPopulatedKeyserverConfig(r, easy)
	this.KeyserverConfig = *v1
	this.ReplicaID = uint64(uint64(r.Uint32()))
	this.SigningKeyID = randStringKeyserverconfig(r)
	this.PublicAddr = randStringKeyserverconfig(r)
	v2 := NewPopulatedTLSConfig(r, easy)
	this.PublicTLS = *v2
	this.VerifierAddr = randStringKeyserverconfig(r)
	v3 := NewPopulatedTLSConfig(r, easy)
	this.VerifierTLS = *v3
	this.HKPAddr = randStringKeyserverconfig(r)
	v4 := NewPopulatedTLSConfig(r, easy)
	this.HKPTLS = *v4
	this.RaftAddr = randStringKeyserverconfig(r)
	v5 := NewPopulatedTLSConfig(r, easy)
	this.RaftTLS = *v5
	this.LevelDBPath = randStringKeyserverconfig(r)
	v6 := NewPopulatedDuration(r, easy)
	this.RaftHeartbeat = *v6
	this.LaggingVerifierScan = uint64(uint64(r.Uint32()))
	v7 := NewPopulatedDuration(r, easy)
	this.ClientTimeout = *v7
	if !easy && r.Intn(10) != 0 {
	}
	return this
}

func NewPopulatedKeyserverConfig(r randyKeyserverconfig, easy bool) *KeyserverConfig {
	this := &KeyserverConfig{}
	this.ServerID = uint64(uint64(r.Uint32()))
	this.Realm = randStringKeyserverconfig(r)
	this.VRFKeyID = randStringKeyserverconfig(r)
	v8 := NewPopulatedDuration(r, easy)
	this.MinEpochInterval = *v8
	v9 := NewPopulatedDuration(r, easy)
	this.MaxEpochInterval = *v9
	v10 := NewPopulatedDuration(r, easy)
	this.ProposalRetryInterval = *v10
	if r.Intn(10) != 0 {
		v11 := r.Intn(10)
		this.InitialReplicas = make([]*Replica, v11)
		for i := 0; i < v11; i++ {
			this.InitialReplicas[i] = NewPopulatedReplica(r, easy)
		}
	}
	this.EmailProofToAddr = randStringKeyserverconfig(r)
	this.EmailProofSubjectPrefix = randStringKeyserverconfig(r)
	v12 := r.Intn(10)
	this.EmailProofAllowedDomains = make([]string, v12)
	for i := 0; i < v12; i++ {
		this.EmailProofAllowedDomains[i] = randStringKeyserverconfig(r)
	}
	oneofNumber_RegistrationPolicy := []int32{11, 12, 13}[r.Intn(3)]
	switch oneofNumber_RegistrationPolicy {
	case 11:
		this.RegistrationPolicy = NewPopulatedKeyserverConfig_InsecureSkipEmailProof(r, easy)
	case 12:
		this.RegistrationPolicy = NewPopulatedKeyserverConfig_EmailProofByDkim(r, easy)
	case 13:
		this.RegistrationPolicy = NewPopulatedKeyserverConfig_EmailProofByClientCert(r, easy)
	}
	if !easy && r.Intn(10) != 0 {
	}
	return this
}

func NewPopulatedKeyserverConfig_InsecureSkipEmailProof(r randyKeyserverconfig, easy bool) *KeyserverConfig_InsecureSkipEmailProof {
	this := &KeyserverConfig_InsecureSkipEmailProof{}
	this.InsecureSkipEmailProof = bool(bool(r.Intn(2) == 0))
	return this
}
func NewPopulatedKeyserverConfig_EmailProofByDkim(r randyKeyserverconfig, easy bool) *KeyserverConfig_EmailProofByDkim {
	this := &KeyserverConfig_EmailProofByDkim{}
	this.EmailProofByDkim = NewPopulatedEmailProofByDKIM(r, easy)
	return this
}
func NewPopulatedKeyserverConfig_EmailProofByClientCert(r randyKeyserverconfig, easy bool) *KeyserverConfig_EmailProofByClientCert {
	this := &KeyserverConfig_EmailProofByClientCert{}
	this.EmailProofByClientCert = NewPopulatedEmailProofByClientCert(r, easy)
	return this
}
func NewPopulatedEmailProofByDKIM(r randyKeyserverconfig, easy bool) *EmailProofByDKIM {
	this := &EmailProofByDKIM{}
	v13 := r.Intn(10)
	this.AllowedDomains = make([]string, v13)
	for i := 0; i < v13; i++ {
		this.AllowedDomains[i] = randStringKeyserverconfig(r)
	}
	this.ToAddr = randStringKeyserverconfig(r)
	this.SubjectPrefix = randStringKeyserverconfig(r)
	if !easy && r.Intn(10) != 0 {
	}
	return this
}

func NewPopulatedEmailProofByClientCert(r randyKeyserverconfig, easy bool) *EmailProofByClientCert {
	this := &EmailProofByClientCert{}
	v14 := r.Intn(10)
	this.AllowedDomains = make([]string, v14)
	for i := 0; i < v14; i++ {
		this.AllowedDomains[i] = randStringKeyserverconfig(r)
	}
	v15 := r.Intn(100)
	this.CaCert = make([]byte, v15)
	for i := 0; i < v15; i++ {
		this.CaCert[i] = byte(r.Intn(256))
	}
	if !easy && r.Intn(10) != 0 {
	}
	return this
}

func NewPopulatedReplica(r randyKeyserverconfig, easy bool) *Replica {
	this := &Replica{}
	this.ID = uint64(uint64(r.Uint32()))
	if r.Intn(10) != 0 {
		v16 := r.Intn(10)
		this.PublicKeys = make([]*PublicKey, v16)
		for i := 0; i < v16; i++ {
			this.PublicKeys[i] = NewPopulatedPublicKey(r, easy)
		}
	}
	this.RaftAddr = randStringKeyserverconfig(r)
	if !easy && r.Intn(10) != 0 {
	}
	return this
}

type randyKeyserverconfig interface {
	Float32() float32
	Float64() float64
	Int63() int64
	Int31() int32
	Uint32() uint32
	Intn(n int) int
}

func randUTF8RuneKeyserverconfig(r randyKeyserverconfig) rune {
	ru := r.Intn(62)
	if ru < 10 {
		return rune(ru + 48)
	} else if ru < 36 {
		return rune(ru + 55)
	}
	return rune(ru + 61)
}
func randStringKeyserverconfig(r randyKeyserverconfig) string {
	v17 := r.Intn(100)
	tmps := make([]rune, v17)
	for i := 0; i < v17; i++ {
		tmps[i] = randUTF8RuneKeyserverconfig(r)
	}
	return string(tmps)
}
func randUnrecognizedKeyserverconfig(r randyKeyserverconfig, maxFieldNumber int) (data []byte) {
	l := r.Intn(5)
	for i := 0; i < l; i++ {
		wire := r.Intn(4)
		if wire == 3 {
			wire = 5
		}
		fieldNumber := maxFieldNumber + r.Intn(100)
		data = randFieldKeyserverconfig(data, r, fieldNumber, wire)
	}
	return data
}
func randFieldKeyserverconfig(data []byte, r randyKeyserverconfig, fieldNumber int, wire int) []byte {
	key := uint32(fieldNumber)<<3 | uint32(wire)
	switch wire {
	case 0:
		data = encodeVarintPopulateKeyserverconfig(data, uint64(key))
		v18 := r.Int63()
		if r.Intn(2) == 0 {
			v18 *= -1
		}
		data = encodeVarintPopulateKeyserverconfig(data, uint64(v18))
	case 1:
		data = encodeVarintPopulateKeyserverconfig(data, uint64(key))
		data = append(data, byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)))
	case 2:
		data = encodeVarintPopulateKeyserverconfig(data, uint64(key))
		ll := r.Intn(100)
		data = encodeVarintPopulateKeyserverconfig(data, uint64(ll))
		for j := 0; j < ll; j++ {
			data = append(data, byte(r.Intn(256)))
		}
	default:
		data = encodeVarintPopulateKeyserverconfig(data, uint64(key))
		data = append(data, byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)), byte(r.Intn(256)))
	}
	return data
}
func encodeVarintPopulateKeyserverconfig(data []byte, v uint64) []byte {
	for v >= 1<<7 {
		data = append(data, uint8(uint64(v)&0x7f|0x80))
		v >>= 7
	}
	data = append(data, uint8(v))
	return data
}
func (m *ReplicaConfig) Size() (n int) {
	var l int
	_ = l
	l = m.KeyserverConfig.Size()
	n += 1 + l + sovKeyserverconfig(uint64(l))
	if m.ReplicaID != 0 {
		n += 1 + sovKeyserverconfig(uint64(m.ReplicaID))
	}
	l = len(m.SigningKeyID)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = len(m.PublicAddr)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = m.PublicTLS.Size()
	n += 1 + l + sovKeyserverconfig(uint64(l))
	l = len(m.VerifierAddr)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = m.VerifierTLS.Size()
	n += 1 + l + sovKeyserverconfig(uint64(l))
	l = len(m.HKPAddr)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = m.HKPTLS.Size()
	n += 1 + l + sovKeyserverconfig(uint64(l))
	l = len(m.RaftAddr)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = m.RaftTLS.Size()
	n += 1 + l + sovKeyserverconfig(uint64(l))
	l = len(m.LevelDBPath)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = m.RaftHeartbeat.Size()
	n += 1 + l + sovKeyserverconfig(uint64(l))
	if m.LaggingVerifierScan != 0 {
		n += 2 + sovKeyserverconfig(uint64(m.LaggingVerifierScan))
	}
	l = m.ClientTimeout.Size()
	n += 2 + l + sovKeyserverconfig(uint64(l))
	return n
}

func (m *KeyserverConfig) Size() (n int) {
	var l int
	_ = l
	if m.ServerID != 0 {
		n += 1 + sovKeyserverconfig(uint64(m.ServerID))
	}
	l = len(m.Realm)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = len(m.VRFKeyID)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = m.MinEpochInterval.Size()
	n += 1 + l + sovKeyserverconfig(uint64(l))
	l = m.MaxEpochInterval.Size()
	n += 1 + l + sovKeyserverconfig(uint64(l))
	l = m.ProposalRetryInterval.Size()
	n += 1 + l + sovKeyserverconfig(uint64(l))
	if len(m.InitialReplicas) > 0 {
		for _, e := range m.InitialReplicas {
			l = e.Size()
			n += 1 + l + sovKeyserverconfig(uint64(l))
		}
	}
	l = len(m.EmailProofToAddr)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = len(m.EmailProofSubjectPrefix)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	if len(m.EmailProofAllowedDomains) > 0 {
		for _, s := range m.EmailProofAllowedDomains {
			l = len(s)
			n += 1 + l + sovKeyserverconfig(uint64(l))
		}
	}
	if m.RegistrationPolicy != nil {
		n += m.RegistrationPolicy.Size()
	}
	return n
}

func (m *KeyserverConfig_InsecureSkipEmailProof) Size() (n int) {
	var l int
	_ = l
	n += 2
	return n
}
func (m *KeyserverConfig_EmailProofByDkim) Size() (n int) {
	var l int
	_ = l
	if m.EmailProofByDkim != nil {
		l = m.EmailProofByDkim.Size()
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	return n
}
func (m *KeyserverConfig_EmailProofByClientCert) Size() (n int) {
	var l int
	_ = l
	if m.EmailProofByClientCert != nil {
		l = m.EmailProofByClientCert.Size()
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	return n
}
func (m *EmailProofByDKIM) Size() (n int) {
	var l int
	_ = l
	if len(m.AllowedDomains) > 0 {
		for _, s := range m.AllowedDomains {
			l = len(s)
			n += 1 + l + sovKeyserverconfig(uint64(l))
		}
	}
	l = len(m.ToAddr)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	l = len(m.SubjectPrefix)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	return n
}

func (m *EmailProofByClientCert) Size() (n int) {
	var l int
	_ = l
	if len(m.AllowedDomains) > 0 {
		for _, s := range m.AllowedDomains {
			l = len(s)
			n += 1 + l + sovKeyserverconfig(uint64(l))
		}
	}
	if m.CaCert != nil {
		l = len(m.CaCert)
		if l > 0 {
			n += 1 + l + sovKeyserverconfig(uint64(l))
		}
	}
	return n
}

func (m *Replica) Size() (n int) {
	var l int
	_ = l
	if m.ID != 0 {
		n += 1 + sovKeyserverconfig(uint64(m.ID))
	}
	if len(m.PublicKeys) > 0 {
		for _, e := range m.PublicKeys {
			l = e.Size()
			n += 1 + l + sovKeyserverconfig(uint64(l))
		}
	}
	l = len(m.RaftAddr)
	if l > 0 {
		n += 1 + l + sovKeyserverconfig(uint64(l))
	}
	return n
}

func sovKeyserverconfig(x uint64) (n int) {
	for {
		n++
		x >>= 7
		if x == 0 {
			break
		}
	}
	return n
}
func sozKeyserverconfig(x uint64) (n int) {
	return sovKeyserverconfig(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (this *ReplicaConfig) String() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&ReplicaConfig{`,
		`KeyserverConfig:` + strings.Replace(strings.Replace(this.KeyserverConfig.String(), "KeyserverConfig", "KeyserverConfig", 1), `&`, ``, 1) + `,`,
		`ReplicaID:` + fmt.Sprintf("%v", this.ReplicaID) + `,`,
		`SigningKeyID:` + fmt.Sprintf("%v", this.SigningKeyID) + `,`,
		`PublicAddr:` + fmt.Sprintf("%v", this.PublicAddr) + `,`,
		`PublicTLS:` + strings.Replace(strings.Replace(this.PublicTLS.String(), "TLSConfig", "TLSConfig", 1), `&`, ``, 1) + `,`,
		`VerifierAddr:` + fmt.Sprintf("%v", this.VerifierAddr) + `,`,
		`VerifierTLS:` + strings.Replace(strings.Replace(this.VerifierTLS.String(), "TLSConfig", "TLSConfig", 1), `&`, ``, 1) + `,`,
		`HKPAddr:` + fmt.Sprintf("%v", this.HKPAddr) + `,`,
		`HKPTLS:` + strings.Replace(strings.Replace(this.HKPTLS.String(), "TLSConfig", "TLSConfig", 1), `&`, ``, 1) + `,`,
		`RaftAddr:` + fmt.Sprintf("%v", this.RaftAddr) + `,`,
		`RaftTLS:` + strings.Replace(strings.Replace(this.RaftTLS.String(), "TLSConfig", "TLSConfig", 1), `&`, ``, 1) + `,`,
		`LevelDBPath:` + fmt.Sprintf("%v", this.LevelDBPath) + `,`,
		`RaftHeartbeat:` + strings.Replace(strings.Replace(this.RaftHeartbeat.String(), "Duration", "Duration", 1), `&`, ``, 1) + `,`,
		`LaggingVerifierScan:` + fmt.Sprintf("%v", this.LaggingVerifierScan) + `,`,
		`ClientTimeout:` + strings.Replace(strings.Replace(this.ClientTimeout.String(), "Duration", "Duration", 1), `&`, ``, 1) + `,`,
		`}`,
	}, "")
	return s
}
func (this *KeyserverConfig) String() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&KeyserverConfig{`,
		`ServerID:` + fmt.Sprintf("%v", this.ServerID) + `,`,
		`Realm:` + fmt.Sprintf("%v", this.Realm) + `,`,
		`VRFKeyID:` + fmt.Sprintf("%v", this.VRFKeyID) + `,`,
		`MinEpochInterval:` + strings.Replace(strings.Replace(this.MinEpochInterval.String(), "Duration", "Duration", 1), `&`, ``, 1) + `,`,
		`MaxEpochInterval:` + strings.Replace(strings.Replace(this.MaxEpochInterval.String(), "Duration", "Duration", 1), `&`, ``, 1) + `,`,
		`ProposalRetryInterval:` + strings.Replace(strings.Replace(this.ProposalRetryInterval.String(), "Duration", "Duration", 1), `&`, ``, 1) + `,`,
		`InitialReplicas:` + strings.Replace(fmt.Sprintf("%v", this.InitialReplicas), "Replica", "Replica", 1) + `,`,
		`EmailProofToAddr:` + fmt.Sprintf("%v", this.EmailProofToAddr) + `,`,
		`EmailProofSubjectPrefix:` + fmt.Sprintf("%v", this.EmailProofSubjectPrefix) + `,`,
		`EmailProofAllowedDomains:` + fmt.Sprintf("%v", this.EmailProofAllowedDomains) + `,`,
		`RegistrationPolicy:` + fmt.Sprintf("%v", this.RegistrationPolicy) + `,`,
		`}`,
	}, "")
	return s
}
func (this *KeyserverConfig_InsecureSkipEmailProof) String() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&KeyserverConfig_InsecureSkipEmailProof{`,
		`InsecureSkipEmailProof:` + fmt.Sprintf("%v", this.InsecureSkipEmailProof) + `,`,
		`}`,
	}, "")
	return s
}
func (this *KeyserverConfig_EmailProofByDkim) String() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&KeyserverConfig_EmailProofByDkim{`,
		`EmailProofByDkim:` + strings.Replace(fmt.Sprintf("%v", this.EmailProofByDkim), "EmailProofByDKIM", "EmailProofByDKIM", 1) + `,`,
		`}`,
	}, "")
	return s
}
func (this *KeyserverConfig_EmailProofByClientCert) String() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&KeyserverConfig_EmailProofByClientCert{`,
		`EmailProofByClientCert:` + strings.Replace(fmt.Sprintf("%v", this.EmailProofByClientCert), "EmailProofByClientCert", "EmailProofByClientCert", 1) + `,`,
		`}`,
	}, "")
	return s
}
func (this *EmailProofByDKIM) String() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&EmailProofByDKIM{`,
		`AllowedDomains:` + fmt.Sprintf("%v", this.AllowedDomains) + `,`,
		`ToAddr:` + fmt.Sprintf("%v", this.ToAddr) + `,`,
		`SubjectPrefix:` + fmt.Sprintf("%v", this.SubjectPrefix) + `,`,
		`}`,
	}, "")
	return s
}
func (this *EmailProofByClientCert) String() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&EmailProofByClientCert{`,
		`AllowedDomains:` + fmt.Sprintf("%v", this.AllowedDomains) + `,`,
		`CaCert:` + fmt.Sprintf("%v", this.CaCert) + `,`,
		`}`,
	}, "")
	return s
}
func (this *Replica) String() string {
	if this == nil {
		return "nil"
	}
	s := strings.Join([]string{`&Replica{`,
		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
		`PublicKeys:` + strings.Replace(fmt.Sprintf("%v", this.PublicKeys), "PublicKey", "PublicKey", 1) + `,`,
		`RaftAddr:` + fmt.Sprintf("%v", this.RaftAddr) + `,`,
		`}`,
	}, "")
	return s
}
func valueToStringKeyserverconfig(v interface{}) string {
	rv := reflect.ValueOf(v)
	if rv.IsNil() {
		return "nil"
	}
	pv := reflect.Indirect(rv).Interface()
	return fmt.Sprintf("*%v", pv)
}
func (m *ReplicaConfig) Unmarshal(data []byte) error {
	l := len(data)
	iNdEx := 0
	for iNdEx < l {
		preIndex := iNdEx
		var wire uint64
		for shift := uint(0); ; shift += 7 {
			if shift >= 64 {
				return ErrIntOverflowKeyserverconfig
			}
			if iNdEx >= l {
				return io.ErrUnexpectedEOF
			}
			b := data[iNdEx]
			iNdEx++
			wire |= (uint64(b) & 0x7F) << shift
			if b < 0x80 {
				break
			}
		}
		fieldNum := int32(wire >> 3)
		wireType := int(wire & 0x7)
		if wireType == 4 {
			return fmt.Errorf("proto: ReplicaConfig: wiretype end group for non-group")
		}
		if fieldNum <= 0 {
			return fmt.Errorf("proto: ReplicaConfig: illegal tag %d (wire type %d)", fieldNum, wire)
		}
		switch fieldNum {
		case 1:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field KeyserverConfig", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.KeyserverConfig.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 2:
			if wireType != 0 {
				return fmt.Errorf("proto: wrong wireType = %d for field ReplicaID", wireType)
			}
			m.ReplicaID = 0
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				m.ReplicaID |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
		case 3:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field SigningKeyID", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.SigningKeyID = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 4:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field PublicAddr", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.PublicAddr = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 5:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field PublicTLS", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.PublicTLS.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 6:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field VerifierAddr", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.VerifierAddr = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 7:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field VerifierTLS", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.VerifierTLS.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 8:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field HKPAddr", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.HKPAddr = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 9:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field HKPTLS", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.HKPTLS.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 10:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field RaftAddr", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.RaftAddr = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 11:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field RaftTLS", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.RaftTLS.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 14:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field LevelDBPath", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.LevelDBPath = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 15:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field RaftHeartbeat", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.RaftHeartbeat.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 16:
			if wireType != 0 {
				return fmt.Errorf("proto: wrong wireType = %d for field LaggingVerifierScan", wireType)
			}
			m.LaggingVerifierScan = 0
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				m.LaggingVerifierScan |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
		case 17:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field ClientTimeout", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.ClientTimeout.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		default:
			iNdEx = preIndex
			skippy, err := skipKeyserverconfig(data[iNdEx:])
			if err != nil {
				return err
			}
			if skippy < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			if (iNdEx + skippy) > l {
				return io.ErrUnexpectedEOF
			}
			iNdEx += skippy
		}
	}

	if iNdEx > l {
		return io.ErrUnexpectedEOF
	}
	return nil
}
func (m *KeyserverConfig) Unmarshal(data []byte) error {
	l := len(data)
	iNdEx := 0
	for iNdEx < l {
		preIndex := iNdEx
		var wire uint64
		for shift := uint(0); ; shift += 7 {
			if shift >= 64 {
				return ErrIntOverflowKeyserverconfig
			}
			if iNdEx >= l {
				return io.ErrUnexpectedEOF
			}
			b := data[iNdEx]
			iNdEx++
			wire |= (uint64(b) & 0x7F) << shift
			if b < 0x80 {
				break
			}
		}
		fieldNum := int32(wire >> 3)
		wireType := int(wire & 0x7)
		if wireType == 4 {
			return fmt.Errorf("proto: KeyserverConfig: wiretype end group for non-group")
		}
		if fieldNum <= 0 {
			return fmt.Errorf("proto: KeyserverConfig: illegal tag %d (wire type %d)", fieldNum, wire)
		}
		switch fieldNum {
		case 1:
			if wireType != 0 {
				return fmt.Errorf("proto: wrong wireType = %d for field ServerID", wireType)
			}
			m.ServerID = 0
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				m.ServerID |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
		case 2:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field Realm", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.Realm = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 3:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field VRFKeyID", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.VRFKeyID = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 4:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field MinEpochInterval", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.MinEpochInterval.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 5:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field MaxEpochInterval", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.MaxEpochInterval.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 6:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field ProposalRetryInterval", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			if err := m.ProposalRetryInterval.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 7:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field InitialReplicas", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.InitialReplicas = append(m.InitialReplicas, &Replica{})
			if err := m.InitialReplicas[len(m.InitialReplicas)-1].Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 8:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field EmailProofToAddr", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.EmailProofToAddr = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 9:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field EmailProofSubjectPrefix", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.EmailProofSubjectPrefix = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 10:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field EmailProofAllowedDomains", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.EmailProofAllowedDomains = append(m.EmailProofAllowedDomains, string(data[iNdEx:postIndex]))
			iNdEx = postIndex
		case 11:
			if wireType != 0 {
				return fmt.Errorf("proto: wrong wireType = %d for field InsecureSkipEmailProof", wireType)
			}
			var v int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				v |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			b := bool(v != 0)
			m.RegistrationPolicy = &KeyserverConfig_InsecureSkipEmailProof{b}
		case 12:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field EmailProofByDkim", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			v := &EmailProofByDKIM{}
			if err := v.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			m.RegistrationPolicy = &KeyserverConfig_EmailProofByDkim{v}
			iNdEx = postIndex
		case 13:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field EmailProofByClientCert", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			v := &EmailProofByClientCert{}
			if err := v.Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			m.RegistrationPolicy = &KeyserverConfig_EmailProofByClientCert{v}
			iNdEx = postIndex
		default:
			iNdEx = preIndex
			skippy, err := skipKeyserverconfig(data[iNdEx:])
			if err != nil {
				return err
			}
			if skippy < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			if (iNdEx + skippy) > l {
				return io.ErrUnexpectedEOF
			}
			iNdEx += skippy
		}
	}

	if iNdEx > l {
		return io.ErrUnexpectedEOF
	}
	return nil
}
func (m *EmailProofByDKIM) Unmarshal(data []byte) error {
	l := len(data)
	iNdEx := 0
	for iNdEx < l {
		preIndex := iNdEx
		var wire uint64
		for shift := uint(0); ; shift += 7 {
			if shift >= 64 {
				return ErrIntOverflowKeyserverconfig
			}
			if iNdEx >= l {
				return io.ErrUnexpectedEOF
			}
			b := data[iNdEx]
			iNdEx++
			wire |= (uint64(b) & 0x7F) << shift
			if b < 0x80 {
				break
			}
		}
		fieldNum := int32(wire >> 3)
		wireType := int(wire & 0x7)
		if wireType == 4 {
			return fmt.Errorf("proto: EmailProofByDKIM: wiretype end group for non-group")
		}
		if fieldNum <= 0 {
			return fmt.Errorf("proto: EmailProofByDKIM: illegal tag %d (wire type %d)", fieldNum, wire)
		}
		switch fieldNum {
		case 1:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field AllowedDomains", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.AllowedDomains = append(m.AllowedDomains, string(data[iNdEx:postIndex]))
			iNdEx = postIndex
		case 2:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field ToAddr", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.ToAddr = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		case 3:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field SubjectPrefix", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.SubjectPrefix = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		default:
			iNdEx = preIndex
			skippy, err := skipKeyserverconfig(data[iNdEx:])
			if err != nil {
				return err
			}
			if skippy < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			if (iNdEx + skippy) > l {
				return io.ErrUnexpectedEOF
			}
			iNdEx += skippy
		}
	}

	if iNdEx > l {
		return io.ErrUnexpectedEOF
	}
	return nil
}
func (m *EmailProofByClientCert) Unmarshal(data []byte) error {
	l := len(data)
	iNdEx := 0
	for iNdEx < l {
		preIndex := iNdEx
		var wire uint64
		for shift := uint(0); ; shift += 7 {
			if shift >= 64 {
				return ErrIntOverflowKeyserverconfig
			}
			if iNdEx >= l {
				return io.ErrUnexpectedEOF
			}
			b := data[iNdEx]
			iNdEx++
			wire |= (uint64(b) & 0x7F) << shift
			if b < 0x80 {
				break
			}
		}
		fieldNum := int32(wire >> 3)
		wireType := int(wire & 0x7)
		if wireType == 4 {
			return fmt.Errorf("proto: EmailProofByClientCert: wiretype end group for non-group")
		}
		if fieldNum <= 0 {
			return fmt.Errorf("proto: EmailProofByClientCert: illegal tag %d (wire type %d)", fieldNum, wire)
		}
		switch fieldNum {
		case 1:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field AllowedDomains", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.AllowedDomains = append(m.AllowedDomains, string(data[iNdEx:postIndex]))
			iNdEx = postIndex
		case 2:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field CaCert", wireType)
			}
			var byteLen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				byteLen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if byteLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + byteLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.CaCert = append([]byte{}, data[iNdEx:postIndex]...)
			iNdEx = postIndex
		default:
			iNdEx = preIndex
			skippy, err := skipKeyserverconfig(data[iNdEx:])
			if err != nil {
				return err
			}
			if skippy < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			if (iNdEx + skippy) > l {
				return io.ErrUnexpectedEOF
			}
			iNdEx += skippy
		}
	}

	if iNdEx > l {
		return io.ErrUnexpectedEOF
	}
	return nil
}
func (m *Replica) Unmarshal(data []byte) error {
	l := len(data)
	iNdEx := 0
	for iNdEx < l {
		preIndex := iNdEx
		var wire uint64
		for shift := uint(0); ; shift += 7 {
			if shift >= 64 {
				return ErrIntOverflowKeyserverconfig
			}
			if iNdEx >= l {
				return io.ErrUnexpectedEOF
			}
			b := data[iNdEx]
			iNdEx++
			wire |= (uint64(b) & 0x7F) << shift
			if b < 0x80 {
				break
			}
		}
		fieldNum := int32(wire >> 3)
		wireType := int(wire & 0x7)
		if wireType == 4 {
			return fmt.Errorf("proto: Replica: wiretype end group for non-group")
		}
		if fieldNum <= 0 {
			return fmt.Errorf("proto: Replica: illegal tag %d (wire type %d)", fieldNum, wire)
		}
		switch fieldNum {
		case 1:
			if wireType != 0 {
				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
			}
			m.ID = 0
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				m.ID |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
		case 2:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field PublicKeys", wireType)
			}
			var msglen int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				msglen |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			if msglen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + msglen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.PublicKeys = append(m.PublicKeys, &PublicKey{})
			if err := m.PublicKeys[len(m.PublicKeys)-1].Unmarshal(data[iNdEx:postIndex]); err != nil {
				return err
			}
			iNdEx = postIndex
		case 3:
			if wireType != 2 {
				return fmt.Errorf("proto: wrong wireType = %d for field RaftAddr", wireType)
			}
			var stringLen uint64
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				stringLen |= (uint64(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			intStringLen := int(stringLen)
			if intStringLen < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			postIndex := iNdEx + intStringLen
			if postIndex > l {
				return io.ErrUnexpectedEOF
			}
			m.RaftAddr = string(data[iNdEx:postIndex])
			iNdEx = postIndex
		default:
			iNdEx = preIndex
			skippy, err := skipKeyserverconfig(data[iNdEx:])
			if err != nil {
				return err
			}
			if skippy < 0 {
				return ErrInvalidLengthKeyserverconfig
			}
			if (iNdEx + skippy) > l {
				return io.ErrUnexpectedEOF
			}
			iNdEx += skippy
		}
	}

	if iNdEx > l {
		return io.ErrUnexpectedEOF
	}
	return nil
}
func skipKeyserverconfig(data []byte) (n int, err error) {
	l := len(data)
	iNdEx := 0
	for iNdEx < l {
		var wire uint64
		for shift := uint(0); ; shift += 7 {
			if shift >= 64 {
				return 0, ErrIntOverflowKeyserverconfig
			}
			if iNdEx >= l {
				return 0, io.ErrUnexpectedEOF
			}
			b := data[iNdEx]
			iNdEx++
			wire |= (uint64(b) & 0x7F) << shift
			if b < 0x80 {
				break
			}
		}
		wireType := int(wire & 0x7)
		switch wireType {
		case 0:
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return 0, ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return 0, io.ErrUnexpectedEOF
				}
				iNdEx++
				if data[iNdEx-1] < 0x80 {
					break
				}
			}
			return iNdEx, nil
		case 1:
			iNdEx += 8
			return iNdEx, nil
		case 2:
			var length int
			for shift := uint(0); ; shift += 7 {
				if shift >= 64 {
					return 0, ErrIntOverflowKeyserverconfig
				}
				if iNdEx >= l {
					return 0, io.ErrUnexpectedEOF
				}
				b := data[iNdEx]
				iNdEx++
				length |= (int(b) & 0x7F) << shift
				if b < 0x80 {
					break
				}
			}
			iNdEx += length
			if length < 0 {
				return 0, ErrInvalidLengthKeyserverconfig
			}
			return iNdEx, nil
		case 3:
			for {
				var innerWire uint64
				var start int = iNdEx
				for shift := uint(0); ; shift += 7 {
					if shift >= 64 {
						return 0, ErrIntOverflowKeyserverconfig
					}
					if iNdEx >= l {
						return 0, io.ErrUnexpectedEOF
					}
					b := data[iNdEx]
					iNdEx++
					innerWire |= (uint64(b) & 0x7F) << shift
					if b < 0x80 {
						break
					}
				}
				innerWireType := int(innerWire & 0x7)
				if innerWireType == 4 {
					break
				}
				next, err := skipKeyserverconfig(data[start:])
				if err != nil {
					return 0, err
				}
				iNdEx = start + next
			}
			return iNdEx, nil
		case 4:
			return iNdEx, nil
		case 5:
			iNdEx += 4
			return iNdEx, nil
		default:
			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
		}
	}
	panic("unreachable")
}

var (
	ErrInvalidLengthKeyserverconfig = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowKeyserverconfig   = fmt.Errorf("proto: integer overflow")
)