Documentation
¶
Overview ¶
Package validator provides validator.Validator, which can validate a ucan.Invocation.
Index ¶
- func FailNonStandardSignatureVerification(ctx context.Context, token ucan.Token, meta ucan.Container) error
- func ProofUnavailable(ctx context.Context, p cid.Cid) (ucan.Delegation, error)
- func ResolveDIDKeyVerifier(ctx context.Context, d did.DID) (ucan.Verifier, error)
- func ValidateInvocation(ctx context.Context, inv ucan.Invocation, options ...Option) error
- func ValidateNotExpired(token ucan.Token, now ucan.UnixTimestamp) error
- func ValidateNotTooEarly(dlg ucan.Delegation, now ucan.UnixTimestamp) error
- func ValidateToken(ctx context.Context, tok ucan.Token, cfg validationConfig) error
- type Capability
- func (c Capability) Allows(sub did.DID, cmd ucan.Command, args ipld.Map) error
- func (c Capability) Attenuate(cmd ucan.Command, pol ucan.Policy) (Capability, error)
- func (c Capability) Command() ucan.Command
- func (c Capability) Policy() ucan.Policy
- func (c Capability) String() string
- func (c Capability) Subject() did.DID
- type DIDVerifierResolverFunc
- type NonStandardSignatureVerifierFunc
- type Option
- func WithDIDVerifierResolver(resolveDIDVerifier DIDVerifierResolverFunc) Option
- func WithDIDVerifierResolvers(resolvers VerifierResolverMap) Option
- func WithMetadata(meta ucan.Container) Option
- func WithNonStandardSignatureVerifier(verifyNonStandardSignature NonStandardSignatureVerifierFunc) Option
- func WithProofResolver(resolveProof ProofResolverFunc) Option
- func WithValidationTime(now ucan.UnixTimestamp) Option
- type ProofResolverFunc
- type VerifierResolverMap
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FailNonStandardSignatureVerification ¶
func FailNonStandardSignatureVerification(ctx context.Context, token ucan.Token, meta ucan.Container) error
FailNonStandardSignatureVerification is a NonStandardSignatureVerifierFunc that always fails.
func ProofUnavailable ¶
ProofUnavailable is a ProofResolverFunc that always fails.
func ResolveDIDKeyVerifier ¶
ResolveDIDKeyVerifier is a DIDVerifierResolverFunc that only supports `did:key` DIDs and returns an error for any other DID method.
To support multiple DID methods, use NewDIDVerifierResolverByMethod and include ResolveDIDKeyVerifier in the resolvers map for the "key" method.
func ValidateInvocation ¶
ValidateInvocation determines whether an ucan.Invocation is a valid request to execute a task. If an invocation is valid, its audience is expected to execute its task. If an invocation is invalid, its audience is expected to reject the request.
func ValidateNotExpired ¶
func ValidateNotExpired(token ucan.Token, now ucan.UnixTimestamp) error
func ValidateNotTooEarly ¶
func ValidateNotTooEarly(dlg ucan.Delegation, now ucan.UnixTimestamp) error
func ValidateToken ¶
ValidateToken determines whether a ucan.Token is a valid UCAN token. To be valid, a token must have a valid signature from its issuer and be within its time bounds. An ucan.Invocation is a token, but has additional requirements. An invocation may be a valid token but still an invalid invocation, if its proof chain is insufficient.
Types ¶
type Capability ¶
type Capability struct {
// contains filtered or unexported fields
}
https://github.com/ucan-wg/spec#capability
func NewCapability ¶
func NewCapability(sub did.DID) Capability
func (Capability) Attenuate ¶
func (c Capability) Attenuate(cmd ucan.Command, pol ucan.Policy) (Capability, error)
Attenuate the capability by constraining its command and adding additional policy statements.
func (Capability) Command ¶
func (c Capability) Command() ucan.Command
func (Capability) Policy ¶
func (c Capability) Policy() ucan.Policy
func (Capability) String ¶
func (c Capability) String() string
func (Capability) Subject ¶
func (c Capability) Subject() did.DID
type DIDVerifierResolverFunc ¶
DIDVerifierResolverFunc is used to resolve the verification methods of a DID. It returns a ucan.Verifier that can verify signatures from the given DID.
func NewDIDVerifierResolverByMethod ¶
func NewDIDVerifierResolverByMethod(resolvers VerifierResolverMap) DIDVerifierResolverFunc
NewDIDVerifierResolverByMethod returns a DIDVerifierResolverFunc that dispatches to different resolver functions based on the method of the DID. If a DID is given in with a method that is not present in the resolvers map, the resolver will return an error.
type NonStandardSignatureVerifierFunc ¶
type NonStandardSignatureVerifierFunc func(ctx context.Context, token ucan.Token, meta ucan.Container) error
NonStandardSignatureVerifierFunc is used to verify signatures from non-standard signature algorithms. It can be passed into a UCAN validator in order to support delegations signed with non-standard signature algorithms.
type Option ¶
type Option func(*validationConfig)
Option is an option configuring the validator.
func WithDIDVerifierResolver ¶
func WithDIDVerifierResolver(resolveDIDVerifier DIDVerifierResolverFunc) Option
WithDIDVerifierResolver sets the function to be used for resolving a DID to a verifier.
func WithDIDVerifierResolvers ¶
func WithDIDVerifierResolvers(resolvers VerifierResolverMap) Option
WithDIDVerifierResolvers is a convenience option for composing a verifier resolver from multiple DID method-specific resolvers using NewDIDVerifierResolverByMethod.
func WithMetadata ¶
WithMetadata sets additional metadata that may be used during validation.
func WithNonStandardSignatureVerifier ¶
func WithNonStandardSignatureVerifier(verifyNonStandardSignature NonStandardSignatureVerifierFunc) Option
WithNonStandardSignatureVerifier sets the function to be used for verifying non-standard signature algorithms.
func WithProofResolver ¶
func WithProofResolver(resolveProof ProofResolverFunc) Option
func WithValidationTime ¶
func WithValidationTime(now ucan.UnixTimestamp) Option
WithValidationTime sets the time to be used as "now" when validation is performed.
type ProofResolverFunc ¶
ProofResolverFunc finds a delegation corresponding to an external proof link.
func ProofsFromContainer ¶
func ProofsFromContainer(c ucan.Container) ProofResolverFunc
type VerifierResolverMap ¶
type VerifierResolverMap map[string]DIDVerifierResolverFunc
Source Files
Directories