Package dbkeystore provides the underlying basis for a bakery.RootKeyStore that uses a database as a persistent store and provides flexible policies for root key storage lifetime.



This section is empty.


This section is empty.


This section is empty.


type Backing

type Backing interface {
	// GetKey gets the key with the given id from the
	// backing store. If the key is not found, it should
	// return an error with a bakery.ErrNotFound cause.
	GetKey(id []byte) (RootKey, error)

	// FindLatestKey returns the most recently created root key k
	// such that all of the following conditions hold:
	// 	k.Created >= createdAfter
	//	k.Expires >= expiresAfter
	//	k.Expires <= expiresBefore
	// If no such key was found, the zero root key should be returned
	// with a nil error.
	FindLatestKey(createdAfter, expiresAfter, expiresBefore time.Time) (RootKey, error)

	// InsertKey inserts the given root key into the backing store.
	// It may return an error if the id or key already exist.
	InsertKey(key RootKey) error

Backing holds the interface used to store keys in the underlying database used as a backing store by RootKeyStore.

type Clock

type Clock interface {
	Now() time.Time

Clock can be used to provide a mockable time of day for testing.

type Policy

type Policy struct {
	// GenerateInterval holds the maximum length of time
	// for which a root key will be returned from RootKey.
	// If this is zero, it defaults to ExpiryDuration.
	GenerateInterval time.Duration

	// ExpiryDuration holds the minimum length of time that
	// root keys will be valid for after they are returned from
	// RootKey. The maximum length of time that they
	// will be valid for is ExpiryDuration + GenerateInterval.
	ExpiryDuration time.Duration

Policy holds a store policy for root keys.

type RootKey

type RootKey struct {
	// Id holds the id of the root key.
	Id []byte `bson:"_id"`
	// Created holds the time that the root key was created.
	Created time.Time
	// Expires holds the time that the root key expires.
	Expires time.Time
	// RootKey holds the root key secret itself.
	RootKey []byte

RootKey is the type stored in the underlying database.

func (RootKey) IsValid

func (rk RootKey) IsValid() bool

IsValid reports whether the root key contains a key. Note that we always generate non-empty root keys, so we use this to find whether the root key is empty or not.

func (RootKey) IsValidWithPolicy

func (rk RootKey) IsValidWithPolicy(p Policy, now time.Time) bool

IsValidWithPolicy reports whether the given root key is valid to use at the given time with the given store policy.

type RootKeys

type RootKeys struct {

	// contains filtered or unexported fields


RootKeys represents a cache of macaroon root keys.

func NewRootKeys

func NewRootKeys(maxCacheSize int, clock Clock) *RootKeys

NewRootKeys returns a root-keys cache that is limited in size to approximately the given size.

The NewStore method returns a store implementation that uses specific store policy and backing database implementation.

If clock is non-nil, it will be used to find the current time, otherwise time.Now will be used.

func (*RootKeys) NewStore

func (s *RootKeys) NewStore(b Backing, policy Policy) bakery.RootKeyStore

NewStore returns a new RootKeyStore implementation that stores and obtains root keys from the given collection.

Root keys will be generated and stored following the given store policy.

It is expected that all Backing instances passed to a given Store's NewStore method should refer to the same underlying database.

Source Files