canic_core/dto/
auth.rs

1use crate::dto::{error::Error, prelude::*, rpc::RootRequestMetadata};
2
3//
4// DelegationAudience
5//
6
7#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
8pub enum DelegationAudience {
9    Any,
10    Roles(Vec<CanisterRole>),
11}
12
13//
14// DelegationCert
15//
16
17#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
18pub struct DelegationCert {
19    pub root_pid: Principal,
20    pub shard_pid: Principal,
21    pub issued_at: u64,
22    pub expires_at: u64,
23    pub scopes: Vec<String>,
24    pub aud: DelegationAudience,
25}
26
27//
28// DelegationProof
29//
30
31#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
32pub struct DelegationProof {
33    pub cert: DelegationCert,
34    pub cert_sig: Vec<u8>,
35}
36
37//
38// DelegationProofInstallIntent
39//
40
41#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq)]
42pub enum DelegationProofInstallIntent {
43    Provisioning,
44    Prewarm,
45    Repair,
46}
47
48//
49// DelegationProofInstallRequest
50//
51
52#[derive(CandidType, Clone, Debug, Deserialize)]
53pub struct DelegationProofInstallRequest {
54    pub proof: DelegationProof,
55    pub intent: DelegationProofInstallIntent,
56    #[serde(default)]
57    pub root_public_key_sec1: Option<Vec<u8>>,
58    pub shard_public_key_sec1: Vec<u8>,
59}
60
61//
62// DelegatedTokenClaims
63//
64
65#[derive(CandidType, Clone, Debug, Deserialize)]
66pub struct DelegatedTokenClaims {
67    pub sub: Principal,
68    pub shard_pid: Principal,
69    pub scopes: Vec<String>,
70    pub aud: DelegationAudience,
71    pub iat: u64,
72    pub exp: u64,
73    // Optional signed application payload. CANIC preserves this field but does
74    // not interpret it; applications own its schema and authorization meaning.
75    #[serde(default)]
76    pub ext: Option<Vec<u8>>,
77}
78
79//
80// DelegatedToken
81//
82
83#[derive(CandidType, Clone, Debug, Deserialize)]
84pub struct DelegatedToken {
85    pub claims: DelegatedTokenClaims,
86    pub proof: DelegationProof,
87    pub token_sig: Vec<u8>,
88}
89
90//
91// DelegationRequest
92//
93
94#[derive(CandidType, Clone, Debug, Deserialize)]
95pub struct DelegationRequest {
96    pub shard_pid: Principal,
97    pub scopes: Vec<String>,
98    pub aud: DelegationAudience,
99    pub ttl_secs: u64,
100    pub verifier_targets: Vec<Principal>,
101    pub include_root_verifier: bool,
102    pub shard_public_key_sec1: Vec<u8>,
103    #[serde(default)]
104    pub metadata: Option<RootRequestMetadata>,
105}
106
107//
108// RoleAttestationRequest
109//
110
111#[derive(CandidType, Clone, Debug, Deserialize)]
112pub struct RoleAttestationRequest {
113    pub subject: Principal,
114    pub role: CanisterRole,
115    #[serde(default)]
116    pub subnet_id: Option<Principal>,
117    #[serde(default)]
118    pub audience: Option<Principal>,
119    pub ttl_secs: u64,
120    pub epoch: u64,
121    #[serde(default)]
122    pub metadata: Option<RootRequestMetadata>,
123}
124
125//
126// RoleAttestation
127//
128
129#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
130pub struct RoleAttestation {
131    pub subject: Principal,
132    pub role: CanisterRole,
133    #[serde(default)]
134    pub subnet_id: Option<Principal>,
135    #[serde(default)]
136    pub audience: Option<Principal>,
137    pub issued_at: u64,
138    pub expires_at: u64,
139    pub epoch: u64,
140}
141
142//
143// SignedRoleAttestation
144//
145
146#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
147pub struct SignedRoleAttestation {
148    pub payload: RoleAttestation,
149    pub signature: Vec<u8>,
150    pub key_id: u32,
151}
152
153//
154// AttestationKeyStatus
155//
156
157#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq)]
158pub enum AttestationKeyStatus {
159    Current,
160    Previous,
161}
162
163//
164// AttestationKey
165//
166
167#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
168pub struct AttestationKey {
169    pub key_id: u32,
170    pub public_key: Vec<u8>,
171    pub status: AttestationKeyStatus,
172    #[serde(default)]
173    pub valid_from: Option<u64>,
174    #[serde(default)]
175    pub valid_until: Option<u64>,
176}
177
178//
179// AttestationKeySet
180//
181
182#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
183pub struct AttestationKeySet {
184    pub root_pid: Principal,
185    pub generated_at: u64,
186    pub keys: Vec<AttestationKey>,
187}
188
189// admin-only: not part of canonical delegation flow.
190// used for controlled provisioning and tooling flows.
191//
192// DelegationProvisionRequest
193//
194
195#[derive(CandidType, Clone, Debug, Deserialize)]
196pub struct DelegationProvisionRequest {
197    pub cert: DelegationCert,
198    pub signer_targets: Vec<Principal>,
199    pub verifier_targets: Vec<Principal>,
200    pub shard_public_key_sec1: Vec<u8>,
201}
202
203// admin-only: not part of canonical delegation flow.
204// used for controlled provisioning and tooling flows.
205//
206// DelegationProvisionResponse
207//
208
209#[derive(CandidType, Clone, Debug, Deserialize, Serialize)]
210pub struct DelegationProvisionResponse {
211    pub proof: DelegationProof,
212    pub results: Vec<DelegationProvisionTargetResponse>,
213}
214
215//
216// DelegationVerifierProofPushRequest
217//
218
219#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
220pub struct DelegationVerifierProofPushRequest {
221    pub proof: DelegationProof,
222    pub verifier_targets: Vec<Principal>,
223}
224
225//
226// DelegationVerifierProofPushResponse
227//
228
229#[derive(CandidType, Clone, Debug, Deserialize)]
230pub struct DelegationVerifierProofPushResponse {
231    pub results: Vec<DelegationProvisionTargetResponse>,
232}
233
234//
235// DelegationProofStatus
236//
237
238#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
239pub struct DelegationProofStatus {
240    pub shard_pid: Principal,
241    pub issued_at: u64,
242    pub expires_at: u64,
243}
244
245#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
246pub enum DelegationProvisionTargetKind {
247    Signer,
248    Verifier,
249}
250
251#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
252pub enum DelegationProvisionStatus {
253    Ok,
254    Failed,
255}
256
257//
258// DelegationAdminCommand
259//
260
261#[derive(CandidType, Clone, Debug, Deserialize)]
262pub enum DelegationAdminCommand {
263    PrewarmVerifiers(DelegationVerifierProofPushRequest),
264    RepairVerifiers(DelegationVerifierProofPushRequest),
265}
266
267//
268// DelegationAdminResponse
269//
270
271#[derive(CandidType, Clone, Debug, Deserialize)]
272pub enum DelegationAdminResponse {
273    PrewarmedVerifiers {
274        result: DelegationVerifierProofPushResponse,
275    },
276    RepairedVerifiers {
277        result: DelegationVerifierProofPushResponse,
278    },
279}
280
281//
282// DelegationProvisionTargetResponse
283//
284
285#[derive(CandidType, Clone, Debug, Deserialize, Serialize)]
286pub struct DelegationProvisionTargetResponse {
287    pub target: Principal,
288    pub kind: DelegationProvisionTargetKind,
289    pub status: DelegationProvisionStatus,
290    pub error: Option<Error>,
291}
canic_core/dto/auth.rs

canic_core/dto/
auth.rs
