v0.3.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 21, 2015 License: Apache-2.0, Apache-2.0 Imports: 8 Imported by: 0




This section is empty.


This section is empty.


This section is empty.


type Grant

type Grant struct {
	// Subject is the namespace being granted
	Subject string

	// Permissions is a bit map of permissions
	Permission uint16

	// Grantee represents the node being granted
	// a permission scope.  The grantee can be
	// either a namespace item or a key id where namespace
	// items will always start with a '/'.
	Grantee string
	// contains filtered or unexported fields

Grant represents a transfer of permission from one part of the trust graph to another. This is the only way to delegate permission between two different sub trees in the graph.

func CollapseStatements

func CollapseStatements(statements []*Statement, useExpired bool) ([]*Grant, time.Time, error)

CollapseStatements returns a single list of the valid statements as well as the time when the next grant will expire.

type Statement

type Statement struct {
	// contains filtered or unexported fields

Statement represents a set of grants made from a verifiable authority. A statement has an expiration associated with it set by the authority.

func CreateStatement

func CreateStatement(grants, revocations io.Reader, expiration time.Duration, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error)

CreateStatements creates and signs a statement from a stream of grants and revocations in a JSON array.

func FilterStatements

func FilterStatements(grants []*Grant) ([]*Statement, error)

FilterStatements filters the statements to statements including the given grants.

func LoadStatement

func LoadStatement(r io.Reader, authority *x509.CertPool) (*Statement, error)

LoadStatement loads and verifies a statement from an input stream.

func (*Statement) Bytes

func (s *Statement) Bytes() ([]byte, error)

Bytes returns an indented json representation of the statement in a byte array. This value can be written to a file or stream without alteration.

func (*Statement) IsExpired

func (s *Statement) IsExpired() bool

IsExpired returns whether the statement has expired

type TrustGraph

type TrustGraph interface {
	// Verifies that the given public key is allowed to perform
	// the given action on the given node according to the trust
	// graph.
	Verify(libtrust.PublicKey, string, uint16) (bool, error)

	// GetGrants returns an array of all grant chains which are used to
	// allow the requested permission.
	GetGrants(libtrust.PublicKey, string, uint16) ([][]*Grant, error)

TrustGraph represents a graph of authorization mapping public keys to nodes and grants between nodes.

func NewMemoryGraph

func NewMemoryGraph(grants []*Grant) TrustGraph

NewMemoryGraph returns a new in memory trust graph created from a static list of grants. This graph is immutable after creation and any alterations should create a new instance.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL