diff --git a/acl/types.proto b/acl/types.proto index 9a38775..ae29abc 100644 --- a/acl/types.proto +++ b/acl/types.proto @@ -133,3 +133,34 @@ message EACLTable { // Records carries list of extended ACL rule records. repeated EACLRecord records = 2 [json_name="Records"]; } + +// BearerToken has information about request ACL rules with limited lifetime +message BearerToken { + // Bearer Token body + message Body { + // EACLTable carries table of extended ACL rules + EACLTable eacl_table = 1; + + // OwnerID carries identifier of the token owner + neo.fs.v2.refs.OwnerID owner_id = 2; + + // Lifetime parameters of the token. Filed names taken from rfc7519. + message TokenLifetime { + // Expiration Epoch + uint64 exp = 1; + + // Not valid before Epoch + uint64 nbf = 2; + + // Issued at Epoch + uint64 iat = 3; + } + // Token expiration and valid time period parameters + TokenLifetime lifetime = 3; + } + // Bearer Token body + Body body = 1; + + // Signature of BearerToken body + neo.fs.v2.refs.Signature signature = 2; +} diff --git a/container/service.proto b/container/service.proto index 95c1668..5c08c40 100644 --- a/container/service.proto +++ b/container/service.proto @@ -50,7 +50,7 @@ message PutRequest { container.Container container = 1; //Signature of stable-marshalled container according to RFC-6979. - neo.fs.v2.service.Signature signature =2; + neo.fs.v2.refs.Signature signature =2; } // Body of container put request message. Body body = 1; @@ -94,7 +94,7 @@ message DeleteRequest { neo.fs.v2.refs.ContainerID container_id = 1; // Signature of container id according to RFC-6979. - neo.fs.v2.service.Signature signature = 2; + neo.fs.v2.refs.Signature signature = 2; } // Body of container delete request message. Body body = 1; @@ -216,7 +216,7 @@ message SetExtendedACLRequest { neo.fs.v2.acl.EACLTable eacl = 1; // Signature of stable-marshalled Extended ACL according to RFC-6979. - neo.fs.v2.service.Signature signature = 2; + neo.fs.v2.refs.Signature signature = 2; } // Body of set extended acl request message. Body body = 1; @@ -278,7 +278,7 @@ message GetExtendedACLResponse { neo.fs.v2.acl.EACLTable eacl = 1; // Signature of stable-marshalled Extended ACL according to RFC-6979. - neo.fs.v2.service.Signature signature = 2; + neo.fs.v2.refs.Signature signature = 2; } // Body of get extended acl response message. Body body = 1; diff --git a/object/service.proto b/object/service.proto index 1fd03a0..67d41ed 100644 --- a/object/service.proto +++ b/object/service.proto @@ -85,7 +85,7 @@ message GetResponse { neo.fs.v2.refs.ObjectID object_id = 1; // Object signature - neo.fs.v2.service.Signature signature =2; + neo.fs.v2.refs.Signature signature =2; // Object header. Header header = 3; @@ -122,7 +122,7 @@ message PutRequest { neo.fs.v2.refs.ObjectID object_id = 1; // Object signature, were available - neo.fs.v2.service.Signature signature =2; + neo.fs.v2.refs.Signature signature =2; // Header of the object to save in the system. Header header = 3; diff --git a/object/types.proto b/object/types.proto index 7324d6c..356ad8b 100644 --- a/object/types.proto +++ b/object/types.proto @@ -100,7 +100,7 @@ message Header { neo.fs.v2.refs.ObjectID previous = 2; // `signature` field of the parent object. Used to reconstruct parent. - neo.fs.v2.service.Signature parent_signature = 3; + neo.fs.v2.refs.Signature parent_signature = 3; // `header` field of the parent object. Used to reconstruct parent. Header parent_header = 4; @@ -121,7 +121,7 @@ message Object { neo.fs.v2.refs.ObjectID object_id = 1; // Signed object_id - neo.fs.v2.service.Signature signature = 2; + neo.fs.v2.refs.Signature signature = 2; // Object metadata headers Header header = 3; diff --git a/refs/types.proto b/refs/types.proto index 1f190a9..a17571d 100644 --- a/refs/types.proto +++ b/refs/types.proto @@ -39,3 +39,11 @@ message Version { // Minor API version. uint32 minor = 2; } + +// Signature of something in NeoFS +message Signature { + // Public key used for signing. + bytes key = 1; + // Signature + bytes sign = 2; +} diff --git a/service/types.proto b/service/types.proto index 85cf208..f657d5f 100644 --- a/service/types.proto +++ b/service/types.proto @@ -17,18 +17,6 @@ message XHeader { string value = 2; } -// Lifetime parameters of the token. Filed names taken from rfc7519. -message TokenLifetime { - // Expiration Epoch - uint64 exp = 1; - - // Not valid before Epoch - uint64 nbf = 2; - - // Issued at Epoch - uint64 iat = 3; -} - // Context information for Session Tokens related to ObjectService requests message ObjectSessionContext { // Object request verbs @@ -74,6 +62,17 @@ message SessionToken { // OwnerID carries identifier of the session initiator. neo.fs.v2.refs.OwnerID owner_id = 2; + // Lifetime parameters of the token. Filed names taken from rfc7519. + message TokenLifetime { + // Expiration Epoch + uint64 exp = 1; + + // Not valid before Epoch + uint64 nbf = 2; + + // Issued at Epoch + uint64 iat = 3; + } // Lifetime is a lifetime of the session TokenLifetime lifetime = 3; @@ -90,27 +89,7 @@ message SessionToken { Body body = 1; // Signature is a signature of session token information - Signature signature = 2; -} - -// BearerToken has information about request ACL rules with limited lifetime -message BearerToken { - // Bearer Token body - message Body { - // EACLTable carries table of extended ACL rules - neo.fs.v2.acl.EACLTable eacl_table = 1; - - // OwnerID carries identifier of the token owner - neo.fs.v2.refs.OwnerID owner_id = 2; - - // Token expiration and valid time period parameters - TokenLifetime lifetime = 3; - } - // Bearer Token body - Body body = 1; - - // Signature of BearerToken body - Signature signature = 2; + neo.fs.v2.refs.Signature signature = 2; } // Information about the request @@ -131,7 +110,7 @@ message RequestMetaHeader { SessionToken session_token = 5; // Bearer is a Bearer token of the request - BearerToken bearer_token = 6; + neo.fs.v2.acl.BearerToken bearer_token = 6; // RequestMetaHeader of the origin request. RequestMetaHeader origin = 7; @@ -155,22 +134,15 @@ message ResponseMetaHeader { ResponseMetaHeader origin = 5; } -// Signature of something in NeoFS -message Signature { - // Public key used for signing. - bytes key = 1; - // Signature - bytes sign = 2; -} // Verification info for request signed by all intermediate nodes message RequestVerificationHeader { // Request Body signature. Should be generated once by request initiator. - Signature body_signature = 1; + neo.fs.v2.refs.Signature body_signature = 1; // Request Meta signature is added and signed by any intermediate node - Signature meta_signature = 2; + neo.fs.v2.refs.Signature meta_signature = 2; // Sign previous hops - Signature origin_signature = 3; + neo.fs.v2.refs.Signature origin_signature = 3; // Chain of previous hops signatures RequestVerificationHeader origin = 4; @@ -179,11 +151,11 @@ message RequestVerificationHeader { // Verification info for response signed by all intermediate nodes message ResponseVerificationHeader { // Response Body signature. Should be generated once by answering node. - Signature body_signature = 1; + neo.fs.v2.refs.Signature body_signature = 1; // Response Meta signature is added and signed by any intermediate node - Signature meta_signature = 2; + neo.fs.v2.refs.Signature meta_signature = 2; // Sign previous hops - Signature origin_signature = 3; + neo.fs.v2.refs.Signature origin_signature = 3; // Chain of previous hops signatures ResponseVerificationHeader origin = 4; diff --git a/session/service.proto b/session/service.proto index b8bd37e..f04ebb7 100644 --- a/session/service.proto +++ b/session/service.proto @@ -20,9 +20,8 @@ message CreateRequest { message Body { // Carries an identifier of a session initiator. neo.fs.v2.refs.OwnerID owner_id = 1; - - // Carries a lifetime of the session. - neo.fs.v2.service.TokenLifetime lifetime = 2; + // Expiration Epoch + uint64 expiration = 2; } // Body of create session token request message. Body body = 1;