diff options
author | qrort <qrort@yandex-team.com> | 2022-11-30 23:47:12 +0300 |
---|---|---|
committer | qrort <qrort@yandex-team.com> | 2022-11-30 23:47:12 +0300 |
commit | 22f8ae0e3f5d68b92aecccdf96c1d841a0334311 (patch) | |
tree | bffa27765faf54126ad44bcafa89fadecb7a73d7 /library/cpp/tvmauth/src/service_impl.h | |
parent | 332b99e2173f0425444abb759eebcb2fafaa9209 (diff) | |
download | ydb-22f8ae0e3f5d68b92aecccdf96c1d841a0334311.tar.gz |
validate canons without yatest_common
Diffstat (limited to 'library/cpp/tvmauth/src/service_impl.h')
-rw-r--r-- | library/cpp/tvmauth/src/service_impl.h | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/library/cpp/tvmauth/src/service_impl.h b/library/cpp/tvmauth/src/service_impl.h new file mode 100644 index 0000000000..26202f283e --- /dev/null +++ b/library/cpp/tvmauth/src/service_impl.h @@ -0,0 +1,77 @@ +#pragma once + +#include <library/cpp/tvmauth/src/protos/ticket2.pb.h> +#include <library/cpp/tvmauth/src/protos/tvm_keys.pb.h> +#include <library/cpp/tvmauth/src/rw/keys.h> + +#include <library/cpp/tvmauth/type.h> +#include <library/cpp/tvmauth/deprecated/service_context.h> + +#include <library/cpp/charset/ci_string.h> +#include <library/cpp/string_utils/secret_string/secret_string.h> + +#include <util/generic/maybe.h> + +#include <string> + +namespace NTvmAuth { + using TServiceTicketImplPtr = THolder<TCheckedServiceTicket::TImpl>; + class TCheckedServiceTicket::TImpl { + public: + explicit operator bool() const; + + TTvmId GetDst() const; + TTvmId GetSrc() const; + const TScopes& GetScopes() const; + bool HasScope(TStringBuf scopeName) const; + ETicketStatus GetStatus() const; + time_t GetExpirationTime() const; + + TString DebugInfo() const; + TMaybe<TUid> GetIssuerUid() const; + + void SetStatus(ETicketStatus status); + + /*! + * Constructor for creation invalid ticket storing error status in TServiceContext + * @param status + * @param protobufTicket + */ + TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket); + + static TServiceTicketImplPtr CreateTicketForTests(ETicketStatus status, + TTvmId src, + TMaybe<TUid> issuerUid); + + private: + ETicketStatus Status_; + ticket2::Ticket ProtobufTicket_; + mutable TScopes CachedScopes_; + mutable TString CachedDebugInfo_; + }; + + class TServiceContext::TImpl { + public: + TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse); + TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse); + TImpl(TStringBuf secretBase64); + + void ResetKeys(TStringBuf tvmKeysResponse); + + TServiceTicketImplPtr Check(TStringBuf ticketBody, const TServiceContext::TCheckFlags& flags = {}) const; + TString SignCgiParamsForTvm(TStringBuf ts, TStringBuf dst, TStringBuf scopes = TStringBuf()) const; + + const NRw::TPublicKeys& GetKeys() const { // for tests + return Keys_; + } + + private: + static TString ParseSecret(TStringBuf secretBase64); + + NRw::TPublicKeys Keys_; + const NSecretString::TSecretString Secret_; + const TTvmId SelfTvmId_ = 0; + + ::google::protobuf::LogSilencer LogSilencer_; + }; +} |