1use crate::dto::{prelude::*, rpc::RootRequestMetadata};
2
3#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
8pub enum SignatureAlgorithmV2 {
9 EcdsaP256Sha256,
10}
11
12#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
17pub enum DelegationAudienceV2 {
18 Roles(Vec<CanisterRole>),
19 Principals(Vec<Principal>),
20 RolesOrPrincipals {
21 roles: Vec<CanisterRole>,
22 principals: Vec<Principal>,
23 },
24}
25
26#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
31pub struct RootKeyAuthorityV2 {
32 pub authority_key_id: String,
33 pub authority_alg: SignatureAlgorithmV2,
34 pub authority_public_key_sec1: Vec<u8>,
35 pub authority_key_hash: [u8; 32],
36}
37
38#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
43pub struct RootKeyCertificateV2 {
44 pub root_pid: Principal,
45 pub key_id: String,
46 pub alg: SignatureAlgorithmV2,
47 pub public_key_sec1: Vec<u8>,
48 pub key_hash: [u8; 32],
49 pub not_before: u64,
50 pub not_after: Option<u64>,
51 pub authority_sig: Vec<u8>,
52}
53
54#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
59pub struct RootPublicKeyV2 {
60 pub root_pid: Principal,
61 pub key_id: String,
62 pub alg: SignatureAlgorithmV2,
63 pub public_key_sec1: Vec<u8>,
64 pub key_hash: [u8; 32],
65 pub not_before: u64,
66 pub not_after: Option<u64>,
67}
68
69#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
74pub struct RootKeySetV2 {
75 pub keys: Vec<RootPublicKeyV2>,
76}
77
78#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
83pub struct RootTrustAnchorV2 {
84 pub root_pid: Principal,
85 pub trusted_root_keys: RootKeySetV2,
86 pub key_authority: Option<RootKeyAuthorityV2>,
87}
88
89#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
94pub enum ShardKeyBindingV2 {
95 IcThresholdEcdsa {
96 key_name_hash: [u8; 32],
97 derivation_path_hash: [u8; 32],
98 },
99}
100
101#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
106pub struct DelegationCertV2 {
107 pub version: u16,
108 pub root_pid: Principal,
109 pub root_key_id: String,
110 pub root_key_hash: [u8; 32],
111 pub alg: SignatureAlgorithmV2,
112 pub shard_pid: Principal,
113 pub shard_key_id: String,
114 pub shard_public_key_sec1: Vec<u8>,
115 pub shard_key_hash: [u8; 32],
116 pub shard_key_binding: ShardKeyBindingV2,
117 pub issued_at: u64,
118 pub expires_at: u64,
119 pub max_token_ttl_secs: u64,
120 pub scopes: Vec<String>,
121 pub aud: DelegationAudienceV2,
122 pub verifier_role_hash: Option<[u8; 32]>,
123}
124
125#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
130pub struct DelegationProofV2 {
131 pub cert: DelegationCertV2,
132 pub root_sig: Vec<u8>,
133 pub root_public_key_sec1: Option<Vec<u8>>,
134 pub root_key_cert: Option<RootKeyCertificateV2>,
135}
136
137#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
142pub struct DelegatedTokenClaimsV2 {
143 pub version: u16,
144 pub subject: Principal,
145 pub issuer_shard_pid: Principal,
146 pub cert_hash: [u8; 32],
147 pub issued_at: u64,
148 pub expires_at: u64,
149 pub aud: DelegationAudienceV2,
150 pub scopes: Vec<String>,
151 pub nonce: [u8; 16],
152}
153
154#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
159pub struct DelegatedTokenV2 {
160 pub claims: DelegatedTokenClaimsV2,
161 pub proof: DelegationProofV2,
162 pub shard_sig: Vec<u8>,
163}
164
165#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
170pub struct DelegationProofIssueRequestV2 {
171 pub shard_pid: Principal,
172 pub scopes: Vec<String>,
173 pub aud: DelegationAudienceV2,
174 pub cert_ttl_secs: u64,
175 #[serde(default)]
176 pub root_key_cert: Option<RootKeyCertificateV2>,
177}
178
179#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
184pub struct DelegatedTokenIssueRequestV2 {
185 pub proof: DelegationProofV2,
186 pub subject: Principal,
187 pub aud: DelegationAudienceV2,
188 pub scopes: Vec<String>,
189 pub ttl_secs: u64,
190 pub nonce: [u8; 16],
191}
192
193#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
198pub struct DelegatedTokenMintRequestV2 {
199 pub subject: Principal,
200 pub aud: DelegationAudienceV2,
201 pub scopes: Vec<String>,
202 pub token_ttl_secs: u64,
203 pub cert_ttl_secs: u64,
204 pub nonce: [u8; 16],
205 #[serde(default)]
206 pub root_key_cert: Option<RootKeyCertificateV2>,
207}
208
209#[derive(CandidType, Clone, Debug, Deserialize)]
214pub struct RoleAttestationRequest {
215 pub subject: Principal,
216 pub role: CanisterRole,
217 #[serde(default)]
218 pub subnet_id: Option<Principal>,
219 #[serde(default)]
220 pub audience: Option<Principal>,
221 pub ttl_secs: u64,
222 pub epoch: u64,
223 #[serde(default)]
224 pub metadata: Option<RootRequestMetadata>,
225}
226
227#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
232pub struct RoleAttestation {
233 pub subject: Principal,
234 pub role: CanisterRole,
235 #[serde(default)]
236 pub subnet_id: Option<Principal>,
237 #[serde(default)]
238 pub audience: Option<Principal>,
239 pub issued_at: u64,
240 pub expires_at: u64,
241 pub epoch: u64,
242}
243
244#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
249pub struct SignedRoleAttestation {
250 pub payload: RoleAttestation,
251 pub signature: Vec<u8>,
252 pub key_id: u32,
253}
254
255#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq)]
260pub enum AttestationKeyStatus {
261 Current,
262 Previous,
263}
264
265#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
270pub struct AttestationKey {
271 pub key_id: u32,
272 pub public_key: Vec<u8>,
273 pub status: AttestationKeyStatus,
274 #[serde(default)]
275 pub valid_from: Option<u64>,
276 #[serde(default)]
277 pub valid_until: Option<u64>,
278}
279
280#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq)]
285pub struct AttestationKeySet {
286 pub root_pid: Principal,
287 pub generated_at: u64,
288 pub keys: Vec<AttestationKey>,
289}