use super::{DelegatedRoleGrant, DelegationAudience, DelegationProof};
use crate::dto::prelude::*;
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootDelegationProofBatchProofRef {
pub issuer_pid: Principal,
pub cert_hash: [u8; 32],
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootDelegationProofBatchProof {
pub issuer_pid: Principal,
pub cert_hash: [u8; 32],
pub proof: DelegationProof,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootDelegationProofBatchInstallRequest {
pub batch_id: [u8; 32],
pub proofs: Vec<RootDelegationProofBatchProof>,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub enum RootDelegationProofInstallOutcome {
Installed,
AlreadyInstalled,
RejectedBySigner,
CallFailed,
ProofMismatch,
ExpiredOrSuperseded,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerPolicyUpsertRequest {
pub issuer_pid: Principal,
pub enabled: bool,
pub allowed_audiences: Vec<DelegationAudience>,
pub allowed_grants: Vec<DelegatedRoleGrant>,
pub max_cert_ttl_ns: u64,
pub refresh_after_ratio_bps: u16,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerPolicyView {
pub issuer_pid: Principal,
pub enabled: bool,
pub allowed_audiences: Vec<DelegationAudience>,
pub allowed_grants: Vec<DelegatedRoleGrant>,
pub max_cert_ttl_ns: u64,
pub refresh_after_ratio_bps: u16,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerPolicyResponse {
pub issuer: RootIssuerPolicyView,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerRenewalTemplateUpsertRequest {
pub issuer_pid: Principal,
pub enabled: bool,
pub aud: DelegationAudience,
pub grants: Vec<DelegatedRoleGrant>,
pub cert_ttl_ns: u64,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerRenewalTemplateView {
pub issuer_pid: Principal,
pub enabled: bool,
pub aud: DelegationAudience,
pub grants: Vec<DelegatedRoleGrant>,
pub cert_ttl_ns: u64,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerRenewalTemplateResponse {
pub template: RootIssuerRenewalTemplateView,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerRenewalStatusRequest {
pub issuer_pid: Principal,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub enum RootIssuerRenewalOutcome {
AlreadyInstalled,
DriftDetected,
InstallDeadlineExpired,
Installed,
IssuerCallFailed,
NeverRun,
PolicyRejected,
ProofMismatch,
QuotaExceeded,
RejectedByIssuer,
RetrievalExpired,
TemplateChanged,
TemplateDisabled,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub enum RootIssuerRenewalAttemptStatus {
Prepared,
Installing,
Installed,
FailedRetryable,
FailedTerminal,
Disabled,
Expired,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerRenewalAttemptView {
pub attempt_id: [u8; 32],
pub issuer_pid: Principal,
pub template_fingerprint: [u8; 32],
pub batch_id: [u8; 32],
pub proof_ref: RootDelegationProofBatchProofRef,
pub status: RootIssuerRenewalAttemptStatus,
pub prepared_at_ns: u64,
pub retrieval_expires_at_ns: u64,
pub install_deadline_ns: u64,
pub prepared_cert_hash: [u8; 32],
pub prepared_expires_at_ns: u64,
pub prepared_refresh_after_ns: u64,
pub failure: Option<RootIssuerRenewalOutcome>,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerRenewalStateView {
pub issuer_pid: Principal,
pub template_fingerprint: [u8; 32],
pub last_installed_cert_hash: Option<[u8; 32]>,
pub last_installed_expires_at_ns: Option<u64>,
pub last_installed_refresh_after_ns: Option<u64>,
pub active_attempt_id: Option<[u8; 32]>,
pub last_outcome: RootIssuerRenewalOutcome,
pub consecutive_failures: u32,
pub next_attempt_after_ns: u64,
pub updated_at_ns: u64,
}
#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct RootIssuerRenewalStatusResponse {
pub template: Option<RootIssuerRenewalTemplateView>,
pub state: Option<RootIssuerRenewalStateView>,
pub active_attempt: Option<RootIssuerRenewalAttemptView>,
}