Interface
security.proto¶
This plugin interface provides services to secure geth RPC servers, which includes:
- TLS configuration to enable HTTPS/WSS servers
- Authentication
Services¶
AuthenticationManager
Required
RPC service authenticate the preauthenticated token. Response is the token containing expiry date and granted authorities
| Method Name | Request Type | Response Type | Description |
|---|---|---|---|
| Authenticate | AuthenticationToken | PreAuthenticatedAuthenticationToken | Perform authentication of the token. Return a token that contains expiry date and granted authorities |
TLSConfigurationSource
Optional
RPC service to provide TLS configuration to enable HTTPS/WSS in geth RPC Servers
| Method Name | Request Type | Response Type | Description |
|---|---|---|---|
| Get | TLSConfiguration.Request | TLSConfiguration.Response |
Messsages¶
AuthenticationToken
Representing the access token for an authentication request
| Field | Type | Label | Description |
|---|---|---|---|
| rawToken | bytes |
GrantedAuthority
Representing a permission being extracted from access token by the plugin implementation. This permission is then stored in security context of a request and used internally to decide if the access is granted/denied
| Field | Type | Label | Description |
|---|---|---|---|
| service | string | geth RPC API namespace. E.g.: rpc, eth, admin, debug, … |
|
| method | string | geth RPC API function. E.g.: nodeInfo, blockNumber, … |
|
| raw | string | raw string of the the granted authority value. This gives plugin implementation freedom to interpret the value |
PreAuthenticatedAuthenticationToken
Representing an authenticated principal after AuthenticationToken has been processed
| Field | Type | Label | Description |
|---|---|---|---|
| rawToken | bytes | ||
| expiredAt | google.protobuf.Timestamp | ||
| authorities | GrantedAuthority | repeated |
TLSConfiguration
A wrapper message to logically group other messages
TLSConfiguration.Data
TLS configuration data for geth
| Field | Type | Label | Description |
|---|---|---|---|
| keyPem | bytes | Private key in PEM format | |
| certPem | bytes | Certificate in PEM format | |
| cipherSuites | uint32 | repeated | List of cipher suites constants being supported by the server |
TLSConfiguration.Request
It’s an empty Request received by RPC service
TLSConfiguration.Response
Response from RPC service
| Field | Type | Label | Description |
|---|---|---|---|
| data | TLSConfiguration.Data |