syntax = "proto3";

package arbiter.user_agent;

import "client.proto";
import "evm.proto";
import "google/protobuf/empty.proto";

enum KeyType {
  KEY_TYPE_UNSPECIFIED = 0;
  KEY_TYPE_ED25519 = 1;
  KEY_TYPE_ECDSA_SECP256K1 = 2;
  KEY_TYPE_RSA = 3;
}

message AuthChallengeRequest {
  bytes pubkey = 1;
  optional string bootstrap_token = 2;
  KeyType key_type = 3;
}

message AuthChallenge {
  int32 nonce = 2;
  reserved 1;
}

message AuthChallengeSolution {
  bytes signature = 1;
}

enum AuthResult {
  AUTH_RESULT_UNSPECIFIED = 0;
  AUTH_RESULT_SUCCESS = 1;
  AUTH_RESULT_INVALID_KEY = 2;
  AUTH_RESULT_INVALID_SIGNATURE = 3;
  AUTH_RESULT_BOOTSTRAP_REQUIRED = 4;
  AUTH_RESULT_TOKEN_INVALID = 5;
  AUTH_RESULT_INTERNAL = 6;
}

message UnsealStart {
  bytes client_pubkey = 1;
}

message UnsealStartResponse {
  bytes server_pubkey = 1;
}
message UnsealEncryptedKey {
  bytes nonce = 1;
  bytes ciphertext = 2;
  bytes associated_data = 3;
}

message BootstrapEncryptedKey {
  bytes nonce = 1;
  bytes ciphertext = 2;
  bytes associated_data = 3;
}

enum UnsealResult {
  UNSEAL_RESULT_UNSPECIFIED = 0;
  UNSEAL_RESULT_SUCCESS = 1;
  UNSEAL_RESULT_INVALID_KEY = 2;
  UNSEAL_RESULT_UNBOOTSTRAPPED = 3;
}

enum BootstrapResult {
  BOOTSTRAP_RESULT_UNSPECIFIED = 0;
  BOOTSTRAP_RESULT_SUCCESS = 1;
  BOOTSTRAP_RESULT_ALREADY_BOOTSTRAPPED = 2;
  BOOTSTRAP_RESULT_INVALID_KEY = 3;
}

enum VaultState {
  VAULT_STATE_UNSPECIFIED = 0;
  VAULT_STATE_UNBOOTSTRAPPED = 1;
  VAULT_STATE_SEALED = 2;
  VAULT_STATE_UNSEALED = 3;
  VAULT_STATE_ERROR = 4;
}

message ClientConnectionRequest {
  bytes pubkey = 1;
  arbiter.client.ClientInfo info = 2;
}

message ClientConnectionResponse {
  bool approved = 1;
  bytes pubkey = 2;
}

message ClientConnectionCancel {
  bytes pubkey = 1;
}

message UserAgentRequest {
  int32 id = 14;
  oneof payload {
    AuthChallengeRequest auth_challenge_request = 1;
    AuthChallengeSolution auth_challenge_solution = 2;
    UnsealStart unseal_start = 3;
    UnsealEncryptedKey unseal_encrypted_key = 4;
    google.protobuf.Empty query_vault_state = 5;
    google.protobuf.Empty evm_wallet_create = 6;
    google.protobuf.Empty evm_wallet_list = 7;
    arbiter.evm.EvmGrantCreateRequest evm_grant_create = 8;
    arbiter.evm.EvmGrantDeleteRequest evm_grant_delete = 9;
    arbiter.evm.EvmGrantListRequest evm_grant_list = 10;
    ClientConnectionResponse client_connection_response = 11;
    BootstrapEncryptedKey bootstrap_encrypted_key = 12;
  }
}
message UserAgentResponse {
  optional int32 id = 14;
  oneof payload {
    AuthChallenge auth_challenge = 1;
    AuthResult auth_result = 2;
    UnsealStartResponse unseal_start_response = 3;
    UnsealResult unseal_result = 4;
    VaultState vault_state = 5;
    arbiter.evm.WalletCreateResponse evm_wallet_create = 6;
    arbiter.evm.WalletListResponse evm_wallet_list = 7;
    arbiter.evm.EvmGrantCreateResponse evm_grant_create = 8;
    arbiter.evm.EvmGrantDeleteResponse evm_grant_delete = 9;
    arbiter.evm.EvmGrantListResponse evm_grant_list = 10;
    ClientConnectionRequest client_connection_request = 11;
    ClientConnectionCancel client_connection_cancel = 12;
    BootstrapResult bootstrap_result = 13;
  }
}