canic_core/dto/
capability.rs1use crate::dto::{
2 auth::SignedRoleAttestation,
3 prelude::*,
4 rpc::{Request, Response},
5};
6
7pub const CAPABILITY_VERSION_V1: u16 = 1;
12
13pub const PROOF_VERSION_V1: u16 = 1;
18
19#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq)]
24pub enum CapabilityService {
25 Root,
26 ProjectRegistry,
27 ProjectInstance,
28 Cycles,
29 CanisterLifecycle,
30}
31
32#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq)]
37pub struct CapabilityRequestMetadata {
38 pub request_id: [u8; 16],
39 pub nonce: [u8; 16],
40 pub issued_at: u64,
41 pub ttl_seconds: u32,
42}
43
44#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
49pub struct RoleAttestationProof {
50 pub proof_version: u16,
51 pub capability_hash: [u8; 32],
52 pub attestation: SignedRoleAttestation,
53}
54
55#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
60pub struct DelegatedGrantScope {
61 pub service: CapabilityService,
62 pub capability_family: String,
63}
64
65#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
70pub struct DelegatedGrant {
71 pub issuer: Principal,
72 pub subject: Principal,
73 pub audience: Vec<Principal>,
74 pub scope: DelegatedGrantScope,
75 pub capability_hash: [u8; 32],
76 pub quota: u64,
77 pub issued_at: u64,
78 pub expires_at: u64,
79 pub epoch: u64,
80}
81
82#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
87pub struct DelegatedGrantProof {
88 pub proof_version: u16,
89 pub capability_hash: [u8; 32],
90 pub grant: DelegatedGrant,
91 pub grant_sig: Vec<u8>,
92 pub key_id: u32,
93}
94
95#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
100pub enum CapabilityProof {
101 Structural,
102 RoleAttestation(RoleAttestationProof),
103 DelegatedGrant(DelegatedGrantProof),
104}
105
106#[derive(CandidType, Clone, Debug, Deserialize)]
111pub struct RootCapabilityEnvelopeV1 {
112 pub service: CapabilityService,
113 pub capability_version: u16,
114 pub capability: Request,
115 pub proof: CapabilityProof,
116 pub metadata: CapabilityRequestMetadata,
117}
118
119#[derive(CandidType, Clone, Debug, Deserialize)]
124pub struct RootCapabilityResponseV1 {
125 pub response: Response,
126}