Interface
security.proto¶
This plugin interface provides services to secure geth
RPC servers, which includes:
- TLS configuration to enable HTTPS/WSS servers
- Authentication
Services¶
AuthenticationManager
Required
RPC service authenticate the preauthenticated token. Response is the token containing expiry date and granted authorities
Method Name | Request Type | Response Type | Description |
---|---|---|---|
Authenticate | AuthenticationToken | PreAuthenticatedAuthenticationToken | Perform authentication of the token. Return a token that contains expiry date and granted authorities |
TLSConfigurationSource
Optional
RPC service to provide TLS configuration to enable HTTPS/WSS in geth
RPC Servers
Method Name | Request Type | Response Type | Description |
---|---|---|---|
Get | TLSConfiguration.Request | TLSConfiguration.Response |
Messsages¶
AuthenticationToken
Representing the access token for an authentication request
Field | Type | Label | Description |
---|---|---|---|
rawToken | bytes |
GrantedAuthority
Representing a permission being extracted from access token by the plugin implementation. This permission is then stored in security context of a request and used internally to decide if the access is granted/denied
Field | Type | Label | Description |
---|---|---|---|
service | string | geth RPC API namespace. E.g.: rpc, eth, admin, debug, … |
|
method | string | geth RPC API function. E.g.: nodeInfo, blockNumber, … |
|
raw | string | raw string of the the granted authority value. This gives plugin implementation freedom to interpret the value |
PreAuthenticatedAuthenticationToken
Representing an authenticated principal after AuthenticationToken
has been processed
Field | Type | Label | Description |
---|---|---|---|
rawToken | bytes | ||
expiredAt | google.protobuf.Timestamp | ||
authorities | GrantedAuthority | repeated |
TLSConfiguration
A wrapper message to logically group other messages
TLSConfiguration.Data
TLS configuration data for geth
Field | Type | Label | Description |
---|---|---|---|
keyPem | bytes | Private key in PEM format | |
certPem | bytes | Certificate in PEM format | |
cipherSuites | uint32 | repeated | List of cipher suites constants being supported by the server |
TLSConfiguration.Request
It’s an empty Request received by RPC service
TLSConfiguration.Response
Response from RPC service
Field | Type | Label | Description |
---|---|---|---|
data | TLSConfiguration.Data |