Move BearerToken type to acl package

Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
This commit is contained in:
Stanislav Bogatyrev 2020-08-18 16:41:47 +03:00 committed by Stanislav Bogatyrev
parent 54778a86ed
commit 7d72061fb3
7 changed files with 68 additions and 58 deletions

View file

@ -133,3 +133,34 @@ message EACLTable {
// Records carries list of extended ACL rule records. // Records carries list of extended ACL rule records.
repeated EACLRecord records = 2 [json_name="Records"]; repeated EACLRecord records = 2 [json_name="Records"];
} }
// BearerToken has information about request ACL rules with limited lifetime
message BearerToken {
// Bearer Token body
message Body {
// EACLTable carries table of extended ACL rules
EACLTable eacl_table = 1;
// OwnerID carries identifier of the token owner
neo.fs.v2.refs.OwnerID owner_id = 2;
// Lifetime parameters of the token. Filed names taken from rfc7519.
message TokenLifetime {
// Expiration Epoch
uint64 exp = 1;
// Not valid before Epoch
uint64 nbf = 2;
// Issued at Epoch
uint64 iat = 3;
}
// Token expiration and valid time period parameters
TokenLifetime lifetime = 3;
}
// Bearer Token body
Body body = 1;
// Signature of BearerToken body
neo.fs.v2.refs.Signature signature = 2;
}

View file

@ -50,7 +50,7 @@ message PutRequest {
container.Container container = 1; container.Container container = 1;
//Signature of stable-marshalled container according to RFC-6979. //Signature of stable-marshalled container according to RFC-6979.
neo.fs.v2.service.Signature signature =2; neo.fs.v2.refs.Signature signature =2;
} }
// Body of container put request message. // Body of container put request message.
Body body = 1; Body body = 1;
@ -94,7 +94,7 @@ message DeleteRequest {
neo.fs.v2.refs.ContainerID container_id = 1; neo.fs.v2.refs.ContainerID container_id = 1;
// Signature of container id according to RFC-6979. // Signature of container id according to RFC-6979.
neo.fs.v2.service.Signature signature = 2; neo.fs.v2.refs.Signature signature = 2;
} }
// Body of container delete request message. // Body of container delete request message.
Body body = 1; Body body = 1;
@ -216,7 +216,7 @@ message SetExtendedACLRequest {
neo.fs.v2.acl.EACLTable eacl = 1; neo.fs.v2.acl.EACLTable eacl = 1;
// Signature of stable-marshalled Extended ACL according to RFC-6979. // Signature of stable-marshalled Extended ACL according to RFC-6979.
neo.fs.v2.service.Signature signature = 2; neo.fs.v2.refs.Signature signature = 2;
} }
// Body of set extended acl request message. // Body of set extended acl request message.
Body body = 1; Body body = 1;
@ -278,7 +278,7 @@ message GetExtendedACLResponse {
neo.fs.v2.acl.EACLTable eacl = 1; neo.fs.v2.acl.EACLTable eacl = 1;
// Signature of stable-marshalled Extended ACL according to RFC-6979. // Signature of stable-marshalled Extended ACL according to RFC-6979.
neo.fs.v2.service.Signature signature = 2; neo.fs.v2.refs.Signature signature = 2;
} }
// Body of get extended acl response message. // Body of get extended acl response message.
Body body = 1; Body body = 1;

View file

@ -85,7 +85,7 @@ message GetResponse {
neo.fs.v2.refs.ObjectID object_id = 1; neo.fs.v2.refs.ObjectID object_id = 1;
// Object signature // Object signature
neo.fs.v2.service.Signature signature =2; neo.fs.v2.refs.Signature signature =2;
// Object header. // Object header.
Header header = 3; Header header = 3;
@ -122,7 +122,7 @@ message PutRequest {
neo.fs.v2.refs.ObjectID object_id = 1; neo.fs.v2.refs.ObjectID object_id = 1;
// Object signature, were available // Object signature, were available
neo.fs.v2.service.Signature signature =2; neo.fs.v2.refs.Signature signature =2;
// Header of the object to save in the system. // Header of the object to save in the system.
Header header = 3; Header header = 3;

View file

@ -100,7 +100,7 @@ message Header {
neo.fs.v2.refs.ObjectID previous = 2; neo.fs.v2.refs.ObjectID previous = 2;
// `signature` field of the parent object. Used to reconstruct parent. // `signature` field of the parent object. Used to reconstruct parent.
neo.fs.v2.service.Signature parent_signature = 3; neo.fs.v2.refs.Signature parent_signature = 3;
// `header` field of the parent object. Used to reconstruct parent. // `header` field of the parent object. Used to reconstruct parent.
Header parent_header = 4; Header parent_header = 4;
@ -121,7 +121,7 @@ message Object {
neo.fs.v2.refs.ObjectID object_id = 1; neo.fs.v2.refs.ObjectID object_id = 1;
// Signed object_id // Signed object_id
neo.fs.v2.service.Signature signature = 2; neo.fs.v2.refs.Signature signature = 2;
// Object metadata headers // Object metadata headers
Header header = 3; Header header = 3;

View file

@ -39,3 +39,11 @@ message Version {
// Minor API version. // Minor API version.
uint32 minor = 2; uint32 minor = 2;
} }
// Signature of something in NeoFS
message Signature {
// Public key used for signing.
bytes key = 1;
// Signature
bytes sign = 2;
}

View file

@ -17,18 +17,6 @@ message XHeader {
string value = 2; string value = 2;
} }
// Lifetime parameters of the token. Filed names taken from rfc7519.
message TokenLifetime {
// Expiration Epoch
uint64 exp = 1;
// Not valid before Epoch
uint64 nbf = 2;
// Issued at Epoch
uint64 iat = 3;
}
// Context information for Session Tokens related to ObjectService requests // Context information for Session Tokens related to ObjectService requests
message ObjectSessionContext { message ObjectSessionContext {
// Object request verbs // Object request verbs
@ -74,6 +62,17 @@ message SessionToken {
// OwnerID carries identifier of the session initiator. // OwnerID carries identifier of the session initiator.
neo.fs.v2.refs.OwnerID owner_id = 2; neo.fs.v2.refs.OwnerID owner_id = 2;
// Lifetime parameters of the token. Filed names taken from rfc7519.
message TokenLifetime {
// Expiration Epoch
uint64 exp = 1;
// Not valid before Epoch
uint64 nbf = 2;
// Issued at Epoch
uint64 iat = 3;
}
// Lifetime is a lifetime of the session // Lifetime is a lifetime of the session
TokenLifetime lifetime = 3; TokenLifetime lifetime = 3;
@ -90,27 +89,7 @@ message SessionToken {
Body body = 1; Body body = 1;
// Signature is a signature of session token information // Signature is a signature of session token information
Signature signature = 2; neo.fs.v2.refs.Signature signature = 2;
}
// BearerToken has information about request ACL rules with limited lifetime
message BearerToken {
// Bearer Token body
message Body {
// EACLTable carries table of extended ACL rules
neo.fs.v2.acl.EACLTable eacl_table = 1;
// OwnerID carries identifier of the token owner
neo.fs.v2.refs.OwnerID owner_id = 2;
// Token expiration and valid time period parameters
TokenLifetime lifetime = 3;
}
// Bearer Token body
Body body = 1;
// Signature of BearerToken body
Signature signature = 2;
} }
// Information about the request // Information about the request
@ -131,7 +110,7 @@ message RequestMetaHeader {
SessionToken session_token = 5; SessionToken session_token = 5;
// Bearer is a Bearer token of the request // Bearer is a Bearer token of the request
BearerToken bearer_token = 6; neo.fs.v2.acl.BearerToken bearer_token = 6;
// RequestMetaHeader of the origin request. // RequestMetaHeader of the origin request.
RequestMetaHeader origin = 7; RequestMetaHeader origin = 7;
@ -155,22 +134,15 @@ message ResponseMetaHeader {
ResponseMetaHeader origin = 5; ResponseMetaHeader origin = 5;
} }
// Signature of something in NeoFS
message Signature {
// Public key used for signing.
bytes key = 1;
// Signature
bytes sign = 2;
}
// Verification info for request signed by all intermediate nodes // Verification info for request signed by all intermediate nodes
message RequestVerificationHeader { message RequestVerificationHeader {
// Request Body signature. Should be generated once by request initiator. // Request Body signature. Should be generated once by request initiator.
Signature body_signature = 1; neo.fs.v2.refs.Signature body_signature = 1;
// Request Meta signature is added and signed by any intermediate node // Request Meta signature is added and signed by any intermediate node
Signature meta_signature = 2; neo.fs.v2.refs.Signature meta_signature = 2;
// Sign previous hops // Sign previous hops
Signature origin_signature = 3; neo.fs.v2.refs.Signature origin_signature = 3;
// Chain of previous hops signatures // Chain of previous hops signatures
RequestVerificationHeader origin = 4; RequestVerificationHeader origin = 4;
@ -179,11 +151,11 @@ message RequestVerificationHeader {
// Verification info for response signed by all intermediate nodes // Verification info for response signed by all intermediate nodes
message ResponseVerificationHeader { message ResponseVerificationHeader {
// Response Body signature. Should be generated once by answering node. // Response Body signature. Should be generated once by answering node.
Signature body_signature = 1; neo.fs.v2.refs.Signature body_signature = 1;
// Response Meta signature is added and signed by any intermediate node // Response Meta signature is added and signed by any intermediate node
Signature meta_signature = 2; neo.fs.v2.refs.Signature meta_signature = 2;
// Sign previous hops // Sign previous hops
Signature origin_signature = 3; neo.fs.v2.refs.Signature origin_signature = 3;
// Chain of previous hops signatures // Chain of previous hops signatures
ResponseVerificationHeader origin = 4; ResponseVerificationHeader origin = 4;

View file

@ -20,9 +20,8 @@ message CreateRequest {
message Body { message Body {
// Carries an identifier of a session initiator. // Carries an identifier of a session initiator.
neo.fs.v2.refs.OwnerID owner_id = 1; neo.fs.v2.refs.OwnerID owner_id = 1;
// Expiration Epoch
// Carries a lifetime of the session. uint64 expiration = 2;
neo.fs.v2.service.TokenLifetime lifetime = 2;
} }
// Body of create session token request message. // Body of create session token request message.
Body body = 1; Body body = 1;