Documentation ¶
Overview ¶
The macaroon package implements macaroons as described in the paper "Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud" (http://theory.stanford.edu/~ataly/Papers/macaroons.pdf)
See the macaroon bakery packages at http://godoc.org/gopkg.in/macaroon-bakery.v2 for higher level services and operations that use macaroons.
Index ¶
- func Base64Decode(data []byte) ([]byte, error)
- func HmacSha256SignatureVerify(key []byte, m *Macaroon) error
- func HmacSha256Signer(key []byte, m *Macaroon) ([]byte, error)
- func KeyedHash(key []byte, text []byte) []byte
- func MakeKey(variableKey []byte) []byte
- type Caveat
- type Macaroon
- func (m *Macaroon) AddCaveat(caveatId, verificationId []byte, loc string) error
- func (m *Macaroon) AddFirstPartyCaveat(condition []byte) error
- func (m *Macaroon) Bind(sig []byte)
- func (m *Macaroon) Caveats() []Caveat
- func (m *Macaroon) Clone() *Macaroon
- func (m *Macaroon) Equal(m1 *Macaroon) bool
- func (m *Macaroon) Id() []byte
- func (m *Macaroon) Location() string
- func (m *Macaroon) SetLocation(loc string)
- func (m *Macaroon) Sign(key []byte, signer func(key []byte, macaroon *Macaroon) ([]byte, error)) error
- func (m *Macaroon) Signature() []byte
- func (m *Macaroon) Version() Version
- type Marshaller
- type SliceMarshaller
- type Version
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Base64Decode ¶
Base64Decode base64-decodes the given data. It accepts both standard and URL encodings, both padded and unpadded.
Types ¶
type Caveat ¶
type Caveat struct { // Id holds the id of the caveat. For first // party caveats this holds the condition; // for third party caveats this holds the encrypted // third party caveat. Id []byte // VerificationId holds the verification id. If this is // non-empty, it's a third party caveat. VerificationId []byte // For third-party caveats, Location holds the // ocation hint. Note that this is not signature checked // as part of the caveat, so should only // be used as a hint. Location string }
Caveat holds a first party or third party caveat.
func (*Caveat) IsThirdParty ¶
isThirdParty reports whether the caveat must be satisfied by some third party (if not, it's a first person caveat).
type Macaroon ¶
type Macaroon struct {
// contains filtered or unexported fields
}
Macaroon holds a macaroon. See Fig. 7 of http://theory.stanford.edu/~ataly/Papers/macaroons.pdf for a description of the data contained within. Macaroons are mutable objects - use Clone as appropriate to avoid unwanted mutation.
func (*Macaroon) AddFirstPartyCaveat ¶
AddFirstPartyCaveat adds a caveat that will be verified by the target service.
func (*Macaroon) Bind ¶
Bind prepares the macaroon for being used to discharge the macaroon with the given signature sig. This must be used before it is used in the discharges argument to Verify.
func (*Macaroon) Caveats ¶
Caveats returns the macaroon's caveats. This method will probably change, and it's important not to change the returned caveat.
func (*Macaroon) Location ¶
Location returns the macaroon's location hint. This is not verified as part of the macaroon.
func (*Macaroon) SetLocation ¶
SetLocation sets the location associated with the macaroon. Note that the location is not included in the macaroon's hash chain, so this does not change the signature.
type Marshaller ¶
type Marshaller struct {
Macaroon
}
Marshaller defines a wrapper over macaroon to marshal or unmarshal
func (*Marshaller) Equal ¶
func (m *Marshaller) Equal(m1 *Marshaller) bool
func (*Marshaller) MarshalBinary ¶
func (m *Marshaller) MarshalBinary() ([]byte, error)
MarshalBinary implements encoding.BinaryMarshaler by formatting the macaroon according to the version specified by MarshalAs.
func (*Marshaller) MarshalJSON ¶
func (m *Marshaller) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler by marshaling the macaroon in JSON format. The serialisation format is determined by the macaroon's version.
func (*Marshaller) UnmarshalBinary ¶
func (m *Marshaller) UnmarshalBinary(data []byte) error
UnmarshalBinary implements encoding.BinaryUnmarshaler. It accepts both V1 and V2 binary encodings.
func (*Marshaller) UnmarshalJSON ¶
func (m *Marshaller) UnmarshalJSON(data []byte) error
UnmarshalJSON implements json.Unmarshaller by unmarshaling the given macaroon in JSON format. It accepts both V1 and V2 forms encoded forms, and also a base64-encoded JSON string containing the binary-marshaled macaroon.
After unmarshaling, the macaroon's version will reflect the version that it was unmarshaled as.
type SliceMarshaller ¶
type SliceMarshaller []*Marshaller
SliceMarshaller defines a collection of macaroons to marshal or unmarshal By convention, the first macaroon in the slice is a primary macaroon and the rest are discharges for its third party caveats.
func (SliceMarshaller) MarshalBinary ¶
func (s SliceMarshaller) MarshalBinary() ([]byte, error)
MarshalBinary implements encoding.BinaryMarshaler.
func (*SliceMarshaller) UnmarshalBinary ¶
func (s *SliceMarshaller) UnmarshalBinary(data []byte) error
UnmarshalBinary implements encoding.BinaryUnmarshaler. It accepts all known binary encodings for the data - all the embedded macaroons need not be encoded in the same format.