c.biscuit.4.0.0.source-code.schema.proto Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of biscuit Show documentation
Show all versions of biscuit Show documentation
Java support for the biscuit auth token and policy language
syntax = "proto2";
package biscuit.format.schema;
message Biscuit {
optional uint32 rootKeyId = 1;
required SignedBlock authority = 2;
repeated SignedBlock blocks = 3;
required Proof proof = 4;
}
message SignedBlock {
required bytes block = 1;
required PublicKey nextKey = 2;
required bytes signature = 3;
optional ExternalSignature externalSignature = 4;
}
message ExternalSignature {
required bytes signature = 1;
required PublicKey publicKey = 2;
}
message PublicKey {
required Algorithm algorithm = 1;
enum Algorithm {
Ed25519 = 0;
}
required bytes key = 2;
}
message Proof {
oneof Content {
bytes nextSecret = 1;
bytes finalSignature = 2;
}
}
message Block {
repeated string symbols = 1;
optional string context = 2;
optional uint32 version = 3;
repeated FactV2 facts_v2 = 4;
repeated RuleV2 rules_v2 = 5;
repeated CheckV2 checks_v2 = 6;
repeated Scope scope = 7;
repeated PublicKey publicKeys = 8;
}
message Scope {
enum ScopeType {
Authority = 0;
Previous = 1;
}
oneof Content {
ScopeType scopeType = 1;
int64 publicKey = 2;
}
}
message FactV2 {
required PredicateV2 predicate = 1;
}
message RuleV2 {
required PredicateV2 head = 1;
repeated PredicateV2 body = 2;
repeated ExpressionV2 expressions = 3;
repeated Scope scope = 4;
}
message CheckV2 {
repeated RuleV2 queries = 1;
optional Kind kind = 2;
enum Kind {
One = 0;
All = 1;
}
}
message PredicateV2 {
required uint64 name = 1;
repeated TermV2 terms = 2;
}
message TermV2 {
oneof Content {
uint32 variable = 1;
int64 integer = 2;
uint64 string = 3;
uint64 date = 4;
bytes bytes = 5;
bool bool = 6;
TermSet set = 7;
}
}
message TermSet {
repeated TermV2 set = 1;
}
message ExpressionV2 {
repeated Op ops = 1;
}
message Op {
oneof Content {
TermV2 value = 1;
OpUnary unary = 2;
OpBinary Binary = 3;
}
}
message OpUnary {
enum Kind {
Negate = 0;
Parens = 1;
Length = 2;
}
required Kind kind = 1;
}
message OpBinary {
enum Kind {
LessThan = 0;
GreaterThan = 1;
LessOrEqual = 2;
GreaterOrEqual = 3;
Equal = 4;
Contains = 5;
Prefix = 6;
Suffix = 7;
Regex = 8;
Add = 9;
Sub = 10;
Mul = 11;
Div = 12;
And = 13;
Or = 14;
Intersection = 15;
Union = 16;
BitwiseAnd = 17;
BitwiseOr = 18;
BitwiseXor = 19;
NotEqual = 20;
}
required Kind kind = 1;
}
message Policy {
enum Kind {
Allow = 0;
Deny = 1;
}
repeated RuleV2 queries = 1;
required Kind kind = 2;
}
message AuthorizerPolicies {
repeated string symbols = 1;
optional uint32 version = 2;
repeated FactV2 facts = 3;
repeated RuleV2 rules = 4;
repeated CheckV2 checks = 5;
repeated Policy policies = 6;
}
message ThirdPartyBlockRequest {
required PublicKey previousKey = 1;
repeated PublicKey publicKeys = 2;
}
message ThirdPartyBlockContents {
required bytes payload = 1;
required ExternalSignature externalSignature = 2;
}
message AuthorizerSnapshot {
required RunLimits limits = 1;
required uint64 executionTime = 2;
required AuthorizerWorld world = 3;
}
message RunLimits {
required uint64 maxFacts = 1;
required uint64 maxIterations = 2;
required uint64 maxTime = 3;
}
message AuthorizerWorld {
optional uint32 version = 1;
repeated string symbols = 2;
repeated PublicKey publicKeys = 3;
repeated SnapshotBlock blocks = 4;
required SnapshotBlock authorizerBlock = 5;
repeated Policy authorizerPolicies = 6;
repeated GeneratedFacts generatedFacts = 7;
required uint64 iterations = 8;
}
message Origin {
oneof Content {
Empty authorizer = 1;
uint32 origin = 2;
}
}
message Empty {}
message GeneratedFacts {
repeated Origin origins = 1;
repeated FactV2 facts = 2;
}
message SnapshotBlock {
optional string context = 1;
optional uint32 version = 2;
repeated FactV2 facts_v2 = 3;
repeated RuleV2 rules_v2 = 4;
repeated CheckV2 checks_v2 = 5;
repeated Scope scope = 6;
optional PublicKey externalKey = 7;
}© 2015 - 2025 Weber Informatics LLC | Privacy Policy