Skip to main content

canic_core/dto/auth/
attestation.rs

1//! Module: dto::auth::attestation
2//!
3//! Responsibility: root-signed role-attestation DTOs.
4//! Does not own: attestation signing, cache state, or verification.
5//! Boundary: passive role-attestation request and proof contracts.
6
7use super::IcCanisterSignatureProofV1;
8use crate::dto::{prelude::*, rpc::RootRequestMetadata};
9
10//
11// RoleAttestationRequest
12//
13
14#[derive(CandidType, Clone, Debug, Deserialize)]
15pub struct RoleAttestationRequest {
16    pub subject: Principal,
17    pub role: CanisterRole,
18    #[serde(default)]
19    pub subnet_id: Option<Principal>,
20    pub audience: Principal,
21    pub ttl_ns: u64,
22    pub epoch: u64,
23    #[serde(default)]
24    pub metadata: Option<RootRequestMetadata>,
25}
26
27//
28// RoleAttestation
29//
30
31#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
32pub struct RoleAttestation {
33    pub subject: Principal,
34    pub role: CanisterRole,
35    #[serde(default)]
36    pub subnet_id: Option<Principal>,
37    pub audience: Principal,
38    pub issued_at_ns: u64,
39    pub expires_at_ns: u64,
40    pub epoch: u64,
41}
42
43//
44// RoleAttestationRootProof
45//
46
47#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
48pub enum RoleAttestationRootProof {
49    IcCanisterSignatureV1(IcCanisterSignatureProofV1),
50}
51
52//
53// RoleAttestationPrepareResponse
54//
55
56#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
57pub struct RoleAttestationPrepareResponse {
58    pub payload: RoleAttestation,
59    pub payload_hash: [u8; 32],
60    pub retrieval_expires_at_ns: u64,
61}
62
63//
64// RoleAttestationGetRequest
65//
66
67#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
68pub struct RoleAttestationGetRequest {
69    pub payload_hash: [u8; 32],
70}
71
72//
73// SignedRoleAttestation
74//
75
76#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
77pub struct SignedRoleAttestation {
78    pub payload: RoleAttestation,
79    pub root_proof: RoleAttestationRootProof,
80}