aboutsummaryrefslogtreecommitdiffstats
path: root/library/cpp/tvmauth/src/service_impl.h
diff options
context:
space:
mode:
authorqrort <qrort@yandex-team.com>2022-11-30 23:47:12 +0300
committerqrort <qrort@yandex-team.com>2022-11-30 23:47:12 +0300
commit22f8ae0e3f5d68b92aecccdf96c1d841a0334311 (patch)
treebffa27765faf54126ad44bcafa89fadecb7a73d7 /library/cpp/tvmauth/src/service_impl.h
parent332b99e2173f0425444abb759eebcb2fafaa9209 (diff)
downloadydb-22f8ae0e3f5d68b92aecccdf96c1d841a0334311.tar.gz
validate canons without yatest_common
Diffstat (limited to 'library/cpp/tvmauth/src/service_impl.h')
-rw-r--r--library/cpp/tvmauth/src/service_impl.h77
1 files changed, 77 insertions, 0 deletions
diff --git a/library/cpp/tvmauth/src/service_impl.h b/library/cpp/tvmauth/src/service_impl.h
new file mode 100644
index 0000000000..26202f283e
--- /dev/null
+++ b/library/cpp/tvmauth/src/service_impl.h
@@ -0,0 +1,77 @@
+#pragma once
+
+#include <library/cpp/tvmauth/src/protos/ticket2.pb.h>
+#include <library/cpp/tvmauth/src/protos/tvm_keys.pb.h>
+#include <library/cpp/tvmauth/src/rw/keys.h>
+
+#include <library/cpp/tvmauth/type.h>
+#include <library/cpp/tvmauth/deprecated/service_context.h>
+
+#include <library/cpp/charset/ci_string.h>
+#include <library/cpp/string_utils/secret_string/secret_string.h>
+
+#include <util/generic/maybe.h>
+
+#include <string>
+
+namespace NTvmAuth {
+ using TServiceTicketImplPtr = THolder<TCheckedServiceTicket::TImpl>;
+ class TCheckedServiceTicket::TImpl {
+ public:
+ explicit operator bool() const;
+
+ TTvmId GetDst() const;
+ TTvmId GetSrc() const;
+ const TScopes& GetScopes() const;
+ bool HasScope(TStringBuf scopeName) const;
+ ETicketStatus GetStatus() const;
+ time_t GetExpirationTime() const;
+
+ TString DebugInfo() const;
+ TMaybe<TUid> GetIssuerUid() const;
+
+ void SetStatus(ETicketStatus status);
+
+ /*!
+ * Constructor for creation invalid ticket storing error status in TServiceContext
+ * @param status
+ * @param protobufTicket
+ */
+ TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket);
+
+ static TServiceTicketImplPtr CreateTicketForTests(ETicketStatus status,
+ TTvmId src,
+ TMaybe<TUid> issuerUid);
+
+ private:
+ ETicketStatus Status_;
+ ticket2::Ticket ProtobufTicket_;
+ mutable TScopes CachedScopes_;
+ mutable TString CachedDebugInfo_;
+ };
+
+ class TServiceContext::TImpl {
+ public:
+ TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse);
+ TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse);
+ TImpl(TStringBuf secretBase64);
+
+ void ResetKeys(TStringBuf tvmKeysResponse);
+
+ TServiceTicketImplPtr Check(TStringBuf ticketBody, const TServiceContext::TCheckFlags& flags = {}) const;
+ TString SignCgiParamsForTvm(TStringBuf ts, TStringBuf dst, TStringBuf scopes = TStringBuf()) const;
+
+ const NRw::TPublicKeys& GetKeys() const { // for tests
+ return Keys_;
+ }
+
+ private:
+ static TString ParseSecret(TStringBuf secretBase64);
+
+ NRw::TPublicKeys Keys_;
+ const NSecretString::TSecretString Secret_;
+ const TTvmId SelfTvmId_ = 0;
+
+ ::google::protobuf::LogSilencer LogSilencer_;
+ };
+}