common.eidas

io.token.proto.common.eidas /common/src/main/proto/eidas.proto


syntax = "proto3";
package io.token.proto.common.eidas;
option java_outer_classname = "EidasProtos";
option csharp_namespace = "Tokenio.Proto.Common.EidasProtos";

import "alias.proto";
import "security.proto";

message VerifyEidasPayload {
  string member_id = 1; // member ID of the TPP
  io.token.proto.common.alias.Alias alias = 2; // eIDAS alias to be verified
  string certificate = 3; // serialized eIDAS certificate
  io.token.proto.common.security.Key.Algorithm algorithm = 4; // signing algorithm of the eIDAS certificate
}

message RegisterWithEidasPayload {
  string bank_id = 1; // ID of the bank under whose realm a member should be created (e.g. "wood")
  string certificate = 2; // serialized eIDAS certificate
}

message EidasRecoveryPayload {
  string member_id = 1; // ID of the member to be recovered
  string certificate = 2; // serialized eIDAS certificate that was used to verify the member
  io.token.proto.common.security.Key.Algorithm algorithm = 3; // signing algorithm of the eIDAS certificate
  io.token.proto.common.security.Key key = 4; // new privileged key to add to the member
}

// When a TPP verifies an eIDAS alias by providing a certificate (and all preconditions are met on
// our side) the verification may succeed or fail on the verification service side in two different
// ways: certificate is invalid or an error response from the service
enum KonsentusVerificationStatus {
  option deprecated = true; // EidasVerificationStatus is used instead
  INVALID = 0;
  SUCCESS = 1;
  FAILURE_EIDAS_INVALID = 2; // The request has succeeded (code 200), but at least one eIDAS.validity field in the response body is false
  FAILURE_ERROR_RESPONSE = 3; // Konsentus returned an error response (codes 4xx and 5xx)
  FAILURE_ERROR = 4; // an error happened during the verification process
  IN_PROGRESS = 5; // certificate validation has not finished yet, use getEidasVerificationStatus() to get the result later
}

enum EidasVerificationStatus {
  INVALID_EIDAS_STATUS = 0;
  EIDAS_STATUS_SUCCESS = 1;     // The certificate has been verified
  EIDAS_STATUS_FAILURE = 2;     // The certificate has failed verification
  // 3 is skipped for backward compatibility: 3 and 4 from KonsentusVerificationStatus are now mapped to 4)
  EIDAS_STATUS_ERROR = 4;       // Unable to validate the certificate due to an error
  EIDAS_STATUS_PENDING = 5;     // The certificate is pending verification
  // next id should be 6
}

enum EidasCertificateStatus {
  INVALID_CERTIFICATE_STATUS = 0;
  CERTIFICATE_VALID = 1;
  CERTIFICATE_INVALID = 2;
  CERTIFICATE_NOT_FOUND = 3;
}