1use super::{DelegatedRoleGrant, DelegationAudience, DelegationProof};
8use crate::dto::prelude::*;
9
10#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
15pub struct RootDelegationProofBatchProofRef {
16 pub issuer_pid: Principal,
17 pub cert_hash: [u8; 32],
18}
19
20#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
25pub struct RootDelegationProofBatchProof {
26 pub issuer_pid: Principal,
27 pub cert_hash: [u8; 32],
28 pub proof: DelegationProof,
29}
30
31#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
36pub struct RootDelegationProofBatchInstallRequest {
37 pub batch_id: [u8; 32],
38 pub proofs: Vec<RootDelegationProofBatchProof>,
39}
40
41#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
46pub enum RootDelegationProofInstallOutcome {
47 Installed,
48 AlreadyInstalled,
49 RejectedBySigner,
50 CallFailed,
51 ProofMismatch,
52 ExpiredOrSuperseded,
53}
54
55#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
60pub struct RootIssuerPolicyUpsertRequest {
61 pub issuer_pid: Principal,
62 pub enabled: bool,
63 pub allowed_audiences: Vec<DelegationAudience>,
64 pub allowed_grants: Vec<DelegatedRoleGrant>,
65 pub max_cert_ttl_ns: u64,
66 pub refresh_after_ratio_bps: u16,
67}
68
69#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
74pub struct RootIssuerPolicyView {
75 pub issuer_pid: Principal,
76 pub enabled: bool,
77 pub allowed_audiences: Vec<DelegationAudience>,
78 pub allowed_grants: Vec<DelegatedRoleGrant>,
79 pub max_cert_ttl_ns: u64,
80 pub refresh_after_ratio_bps: u16,
81}
82
83#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
88pub struct RootIssuerPolicyResponse {
89 pub issuer: RootIssuerPolicyView,
90}
91
92#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
97pub struct RootIssuerRenewalTemplateUpsertRequest {
98 pub issuer_pid: Principal,
99 pub enabled: bool,
100 pub aud: DelegationAudience,
101 pub grants: Vec<DelegatedRoleGrant>,
102 pub cert_ttl_ns: u64,
103}
104
105#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
110pub struct RootIssuerRenewalTemplateView {
111 pub issuer_pid: Principal,
112 pub enabled: bool,
113 pub aud: DelegationAudience,
114 pub grants: Vec<DelegatedRoleGrant>,
115 pub cert_ttl_ns: u64,
116}
117
118#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
123pub struct RootIssuerRenewalTemplateResponse {
124 pub template: RootIssuerRenewalTemplateView,
125}
126
127#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
132pub struct RootIssuerRenewalStatusRequest {
133 pub issuer_pid: Principal,
134}
135
136#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
141pub enum RootIssuerRenewalOutcome {
142 AlreadyInstalled,
143 DriftDetected,
144 InstallDeadlineExpired,
145 Installed,
146 IssuerCallFailed,
147 NeverRun,
148 PolicyRejected,
149 ProofMismatch,
150 QuotaExceeded,
151 RejectedByIssuer,
152 RetrievalExpired,
153 TemplateChanged,
154 TemplateDisabled,
155}
156
157#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
162pub enum RootIssuerRenewalAttemptStatus {
163 Prepared,
164 Installing,
165 Installed,
166 FailedRetryable,
167 FailedTerminal,
168 Disabled,
169 Expired,
170}
171
172#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
177pub struct RootIssuerRenewalAttemptView {
178 pub attempt_id: [u8; 32],
179 pub issuer_pid: Principal,
180 pub template_fingerprint: [u8; 32],
181 pub batch_id: [u8; 32],
182 pub proof_ref: RootDelegationProofBatchProofRef,
183 pub status: RootIssuerRenewalAttemptStatus,
184 pub prepared_at_ns: u64,
185 pub retrieval_expires_at_ns: u64,
186 pub install_deadline_ns: u64,
187 pub prepared_cert_hash: [u8; 32],
188 pub prepared_expires_at_ns: u64,
189 pub prepared_refresh_after_ns: u64,
190 pub failure: Option<RootIssuerRenewalOutcome>,
191}
192
193#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
198pub struct RootIssuerRenewalStateView {
199 pub issuer_pid: Principal,
200 pub template_fingerprint: [u8; 32],
201 pub last_installed_cert_hash: Option<[u8; 32]>,
202 pub last_installed_expires_at_ns: Option<u64>,
203 pub last_installed_refresh_after_ns: Option<u64>,
204 pub active_attempt_id: Option<[u8; 32]>,
205 pub last_outcome: RootIssuerRenewalOutcome,
206 pub consecutive_failures: u32,
207 pub next_attempt_after_ns: u64,
208 pub updated_at_ns: u64,
209}
210
211#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
216pub struct RootIssuerRenewalStatusResponse {
217 pub template: Option<RootIssuerRenewalTemplateView>,
218 pub state: Option<RootIssuerRenewalStateView>,
219 pub active_attempt: Option<RootIssuerRenewalAttemptView>,
220}